In this episode, Cristina Roa, VP of International at Securonix and Omer Singer Head of Cybersecurity Strategy at Snowflake, explore all things cybersecurity. From how to outmaneuver the bad guys to helping customers be more secure to so much more.
In this episode, Cristina Roa, VP of International at Securonix and Omer Singer Head of Cybersecurity Strategy at Snowflake, explore all things cybersecurity. From how to outmaneuver the bad guys to helping customers be more secure to so much more.
----------
How you approach data will define what’s possible for your organization. Data engineers, data scientists, application developers, and a host of other data professionals who depend on the Snowflake Data Cloud continue to thrive thanks to a decade of technology breakthroughs. But that journey is only the beginning.
Attend Snowflake Summit 2023 in Las Vegas June 26-29 to learn how to access, build, and monetize data, tools, models, and applications in ways that were previously unimaginable. Enable seamless alignment and collaboration across these crucial functions in the Data Cloud to transform nearly every aspect of your organization.
Learn more and register at www.snowflake.com/summit
Producer: [00:00:00] Hello and welcome to the data cloud podcast. Today's episode features an interview with Christina Rowa vice president of international of Securonix and Omar singer. Head of cybersecurity strategy at snowflake, both are industry leaders and share their expertise with us today. And the.
They'll dig into all things, cybersecurity from how to outmaneuver the bad guys, to helping customers be more secure, to so much more. So please enjoy this interview between Christina Rowa, Omar singer and your host, Steve ham.
Steve Hamm: So I want to welcome Christina and Omer today. It's great to have you on the podcast.
Cristina Roa: Hi Steve. Thanks for having us. I'm thrilled to be here by
Omer Singer: Steve.
Steve Hamm: Great now cyber security is often described as an arms race with the good guys, often racing to catch up with the latest techniques introduced by the bad guys, the malicious players. What's the state of the competition today.
Omer Singer: Yeah, [00:01:00] Steve, I think that's, that's a fair description and the bad guys are definitely.
Ahead in the race, they are adapting, right? So whenever you see changes like the big move to the cloud and work from home, all these changes, they're, they're providing new opportunities for that adversaries and they're adapting, they're taking advantage of it and yeah, all that is definitely making, making life interesting for the defenders that are out there protecting the, each business and
Cristina Roa: its data.
Yes. Follow on to what Omar had to say. The bad guys definitely are. Step ahead. And it's our jobs to think about where they're going. What's really going on now is that. The bad guys are attacking vectors that we never thought about before they went after the data in the centralized data centers and the users with phishing attacks and things like that.
Now they're going after the it supply chain, if you will, or the it pieces that make up an [00:02:00] organization that the software, if you think about things like log for Jay and solar winds. They're the bad guys we're going after software applications that make up the infrastructure of an organization. And this was something that we had really never seen before.
Steve Hamm: Yeah. Yeah. So let me understand this. So you're talking about some of the new stuff. What are the very newest threats that we're seeing data obviously, but also you mentioned the software infrastructure over, what are your top security threats that you're seeing?
Omer Singer: Yeah, definitely. The supply chain attacks are, are really hard to deal with.
If you look at kind of every company relying on software, to such an extent, and then everybody's applications are made up of all these components, right? It's enough for the attackers to get at one of those components and they can find themselves with a tremendous amount of access. So that's hard.
There's also just the. Uh, mistakes that naturally happen when everybody is moving as fast as they are today in order to be [00:03:00] competitive as a business we're, we're seeing different security teams dealing with things like API keys being accidentally kind of just published out in public code repositories.
And it's incredible how fast. Those keys are then picked up by bad guys. I mean, we're literally talking seconds before a key that you maybe accidentally just for a second, publish out to some public code repo and you'll see just the attacker bots using those keys in order to gain access to, to, to infrastructure quickly setting up things like crypto mining operations, and just really, really fast pace.
And I think. That's just going to accelerate. Yeah.
Steve Hamm: Yeah. Okay. So what do they do? Do they have some kind of bot scanners that are just out there constantly looking for code that might be useful and maybe some kind of AI, some kind of machine learning, being able to identify what might be in grabbing it is that [00:04:00] it's not the way that.
Omer Singer: Yeah. I mean, these cyber crime operations, it's a big business. And just like we see in the enterprise side, everybody's trying to leverage automation as much as possible. And the cyber criminals are doing just, just the same. So yeah, it's all automated. I think there's some smarts today, but the truth is there's still so much low hanging.
For these cyber crime outfits to take advantage of that, they are able to keep it pretty simple and, and get a ton of access. It was just basic approaches today.
Steve Hamm: Now you talked about the bad guys, always seem to be one step ahead. Well, of course, in the, in the security software business, the cybersecurity business, we've got lots of legacy players out there.
And the question is, have they been able to keep up with, are they able to respond quickly enough to what the malicious players are doing? Are they really adequate for the job? And what's driving customers to seek new approaches? [00:05:00]
Cristina Roa: Yeah, the legacy players haven't been as focused on detection as they should be.
And that is really put organizations at risk. And if you think about what these solutions were designed to protect, they were designed to protect traditional infrastructure and applications, which were hosted in data centers and everything was, was fairly centralized. And you focused on. Keeping the bad guys outside of the firewall, as we've moved to operating in the cloud, we've moved workloads to the cloud.
We've moved processes to the cloud. The data is everywhere. The processing is everywhere and there's so much more data. So you really have to focus on protecting the processes, the applications, and the end point where. All this computing is done. And the biggest thing is the scale that we're experiencing.
There's so much more data. There's so much more processing that's going on. And most of the legacy [00:06:00] solutions can't support that scale that the cloud has brought to.
Omer Singer: I think that's right. I hear that from customers all the time. It's this frustration with dealing with all these limitations, trying to manage around the limitations.
When like we talked about how hard this stuff is and how fast everything is moving. And then at the same time, the security team needs to work around how much data they can collect and what kind of automation they can put in place. So they're really flying blind and fighting with one arm tied behind the back and.
It is a really scary position to be, to be in when, when you are the CSO at a large company and you know, that you're being targeted, but you also know that you're only able to have eyes on some of the activity and be able to respond to some of the things that are having. It's a, it's a very scary position.
And, and so we're hearing from customers that they are trying to push us to help them in this area and to, to remove some of these limitations that are being imposed by the [00:07:00] legacy traditional players in the cybersecurity space.
Steve Hamm: Yeah. So what are the hot areas of, of technology and of, of finance these days is cyber currency and your Uber drivers like them to be trading Bitcoin these days as anything else it's gotten pretty crazy.
So is cyber currency throwing a new factor into the security battle?
Cristina Roa: It's allowed the bad guys to rapidly monetize the data breaches and dead exposures that they've done. And if you think about it, the way you always caught the bad guys was following the money and you worked with the banking network to, to see where the money was going.
There isn't a money trail. Now these transactions aren't centralized and the ledgers are stored across people's personal computers in different countries across the globe. So it really has, like I said, it enabled the monetization of the. [00:08:00] Considerably. That's
Steve Hamm: incredible thought you can't follow the money anymore.
Ooh, that's scary. And a lot of realms, not just cybersecurity, but yeah. Now in the early days of public health, A lot of organizations were first reluctant to move their applications, data to the cloud because they had security concerns. A lot of the financial companies have these big outfits. How has that played out over these last few years?
Is it still an issue?
Cristina Roa: Yeah, what I'm seeing in the market is a rapid change. It used to be that the financial institutions in particular, weren't moving to the cloud. A lot of governments were moving to the cloud, but that has changed tremendously in the last couple of years, the world's largest, most conservative financial institutions have now moved to the cloud to be able to be competitive.
And the only folks that I really see stay. On prem or, [00:09:00] or avoiding the cloud, our governments that have a dark site, they have no access to the internet or countries that have data sovereignty laws that don't allow them to take data outside their country borders, but there isn't a cloud platform in country to work on.
So there isn't an AWS or an Azure or GCP for them to host their applications and workloads. So they, they have to stay on prem.
Omer Singer: Yeah. And I've seen this evolve firsthand and my for, for some years, it's no flake. Just seeing. Prevalent and mainstream, this has become, and if in the early days, we still needed to convince enterprises that they can trust the public cloud as a place to, to, to do their data analytics, which can be scary.
Right. We, we invested a lot as snowflake to make sure that the data would be secure and governed and, [00:10:00] and facilitate that move up to the cloud. And, and the conversation has become just like, how do we do this as secure. Not whether we can do it at, at, at all, but definitely it's something that can be scary from a security architecture perspective.
When the enterprise is in this race to move up to the cloud, how does the security organization keep up and can the security organization achieve the same posture in the cloud as they had in the data center? And that's something that we, we, we help customers with as, as part of just this move to doing data analytics in the cloud.
Now there's also like how do we support cybersecurity to be successful with their mission in a cloud centric environment?
Steve Hamm: So let's actually follow that lead right there. I want to talk about strategy and that lens we'll do each company for a snowflake. So Uber. Please explain Snowflake's top level cybersecurity strategy for the whole, for the platform.
Where did it stand? I know you've been there about [00:11:00] four years. So things have changed rapidly, I think. So where did it stand for years ago when you joined and where does it stand up?
Omer Singer: Yeah. So snowflake as a data platform has been focused on security from day one. And when I joined the company, we just continued to ramp that up and make sure that we are securing the platform from end to end so that customers can trust us with their most valuable asset right there, their data.
And that continues to be the case. What's interesting is increasingly we heard from customers that, Hey, can you help us to analyze all this security? That we're generating because this data was just super fragmented all over the place. Some of it was going to certain SIM solutions. Some of it was going just to these cloud buckets and some was never being collected at all and breaking down silos and mobilizing data is what's no flakes been about always.
And so what we're hearing and what we are [00:12:00] helping customers with is a cybersecurity strategy. That is data-driven that has the. Centralized and put to use for the different security use cases so that the whole enterprise can be more secure. Yeah.
Steve Hamm: So the idea is they're collecting a huge amount of data and they've got a collect.
Manage it and look for anomalies and patterns that might indicate something's a mess, right? Is that, is that how it works?
Omer Singer: That's that's right. The CSO and the CSOs organization wants to join the rest of the company in a data platform that that's going to work for them. In terms of the specific use cases, though, you mentioned anomaly detection or behavior analytics.
Like these are areas where there's also a lot of expertise in these. And a lot of research, ongoing research into attacker techniques required. And that's where our strategy is very partner driven. And we're looking to work with those cybersecurity companies that, that [00:13:00] can deliver these capabilities. On the customer's snowflake on the customer security data lake.
That's really where Securonix comes in.
Steve Hamm: Okay. So Christina, let's, let's explore some stuff with you for a minute here. Tell us a bit about Securonix its approach to providing security measures in the cloud and the products.
Cristina Roa: So Securonix has always been focused on providing the best threat detection in the market.
Historically, our industry hasn't been the best at finding the unknown, bad, new things that are coming up every single day that the bad guys are throwing at us. And so the way we've done this as by applying. Machine learning and behavior analytics to all this data that we have and not just applying it to the it infrastructure and things like that, but also applying it at, for instance, the application.
The [00:14:00] organizations you use. So Securonix has always applied machine learning and behavior analytics to not only the traditional security data sets, but the applications are the crown jewels of Evan organization. It's not just been about the infrastructure, the it infrastructure, but getting to the business applications and protecting those.
And what's going on there. And as we. Move to the cloud and data is everywhere and assessable. Why almost everyone it's been about protecting all of the, the compute and the work streams that are going on in the cloud and even expanding it to other types of data. Because again, we've always looked at Securonix at not just protecting the infrastructure, but.
Any type of data that we can within the organization. So now it's, [00:15:00] it's spreading to protecting OT and IOT data because those devices and the processes that they run are critical to an organization. Right.
Steve Hamm: All right. Well, I get that. Now. I understand that stuff like recently made an investment in Securonix.
What's the reason for the partnership and how do you guys work together on behalf of customers? Right.
Omer Singer: And this, this is where I think snowflake is bringing in its experience from making the traditional data teams more successful, and then bringing that to this security organization. So if you look at our, our, our traditional data warehouse use cases where we would have an ETL partner for loading in data.
In a normalized way, so that it's useful for the analysts and business intelligence tools for reporting on that data. Right. Making it easy to consume insights. I mean, that's been a very successful stack for the data side of the house. Now, as we're thinking about the security side of the house, [00:16:00] how do we make them successful with a data-driven strategy?
Well, so like you're on. With a very open approach to threat detection and response brings that security specific ETL capability saying, Hey, we can collect data from on-prem and from cloud infrastructure and from SAS applications, we can bring that all in, in. Normalize it right loaded into snowflake in a way that's going to be useful for incident responders for compliance analysts, right?
Whoever in the security organization wants to get at the data and then also covering the BI side with dashboards that are built for security use cases, like for example, incident response, and making those available to the security team as well. Taking advantage of behind the scenes of the customer's snowflake, but in an experience that is tailored and familiar to the security operation center.
So for us, this was a, a, just a natural [00:17:00] partnership that we wanted to invest in. And I'm just really excited that we have been able to make that investment and to use it just to turbocharge our, our relationship. Yeah.
Cristina Roa: The Securonix plus snowflake solution for a customer is just a huge win-win. As cyber threats become more sophisticated.
We need to look at more data over longer periods of time because the bad guys are very, very patient and. Snowflake customers can leverage huge datasets over a long period of time combined with the best of breed analytics that Securonix provides, they really are getting ahead of the game on the threat detection.
So for our customers to be able to have a better solution to find threats is terrific for us in the, and the partnership with, with snowflake has, has been great.
Omer Singer: Yeah, totally. [00:18:00] And it really has led to collaboration, very deep collaboration at the product level. We're just thinking about how do we make customers more successful through this joint solution, doing things like, can we eliminate a cold storage tier so that all the data is always hot, always accessible to instant responders.
Like, Hey, that sounds like a great place to be. And it's something that, that we can enable together. How do we have flexible pricing? That customers choose, Hey, what do we want to analyze to different extent so that they can cost-effectively get visibility across all their infrastructure. Like these are very exciting developments that you haven't seen so much in the past.
And because we have this kind of best of breed approach with Securonix as a security layer and snowflake as that data layer together, we are able to make these product improvements available to.
Steve Hamm: Yeah. Yeah, no, I understand you have this, this kind of model called connected application and. I guess the best way to envision it, or [00:19:00] one way to envision it is like you have the iPhone or any kind of smartphone and you have all these apps that, that, that fit on top of it.
And people can choose one or they can choose another, whatever, whatever is best for their uses. So how does it work between the snowflake platform, which becomes the enterprise cloud data platform? How does that work with the, with the enterprise still like, and. And secure Onyx being free pillars. Help me understand that.
Oh yeah.
Omer Singer: The connected application model is one to watch for anyone in the doing B2B, anything and specifically in cybersecurity, because what we're seeing is with the data cloud and the idea that you can have this very scalable, very reliable data platform, the enterprise. Customers for the first time are on the same footing as the application vendors that serve them.
And so what we're able to [00:20:00] do is to say, it's like, you're on it. You just focused on what you do best, which is building that cyber security application. Let us worry about building the best data platform and customers can just deploy that Securonix SIM or XDR solution on top of the snowflake data. And so this model I think, is what we're going to see.
Increasingly it puts the customers in control of their data and it lets the vendors focus on what they do best. And so increasingly I think what we're going to see as a B2B SAS applications. Making this connected application model as an option to their
Cristina Roa: customers. Yeah. This is huge for customers to be able to not only own their own security data and have it in an open format, but to be able to use it in areas other than just security, because they own it and they can make it available to whomever they want.
Steve Hamm: Yeah. Um, so Securonix and [00:21:00] snowflake have this relationship, but still. Is is doing this with a lot of different SAS security vendors. So give us a sense of how does that work? What's the relationship? Are they all at the same level of formality and, and collaboration or others, more of a arms length kind of relationship?
Omer Singer: Yeah. I mean, going back to that race, you know, that we started off talking about that arms race between the bad guys, the cyber criminals and the security teams, trying to defend the business. Imagine how exciting it's going to be for the cybersecurity. When they have this single source of truth, that powers all their different use cases.
Now they're not fighting the bad guys separately each time in each area, but rather they have this unified approach where they do threat detection and response. Yep. Like we've been talking about, but also for example, [00:22:00] governance risk and. Vulnerability management application security, right? They use cases go on and on today, each one of those is dealt with separately.
And so the strength of the security team is divided. Right. It makes them less, less effective and makes their jobs much harder. What we are enabling. For cybersecurity teams, that snowflake is to start off with that unified single source of truth in their security data lake, and then pick their best of breed, solution of choice for the different use cases.
And so, yeah, we, we definitely are partnering with additional cybersecurity companies. We make sure that they have good support for snowflake, so that it's easy for customers to deploy. And we're seeing the scenarios like compliance automation, very successful for customers. So
Steve Hamm: over when I think about the snowflake platform and all the incredible data sharing that it enables not just within a company and breaking down the silos within a company, but between business partners [00:23:00] in supply chains and distribution change.
And I would think that this really opens up whole new avenues for dealing with security, maybe collaborating around it. So tell me how that's being used these days by, by enterprises in these ones.
Omer Singer: Oh, yeah. And that's, that's a great question because it is one of those exciting ways in which security teams are discovering that they can be more successful through the power of the data cloud.
And we're seeing that at enterprises that have rolled out a security data lake, they created a snowflake account for the security team. The security team can use data sharing to get secure government access. To business data from the existing core snowflake account to the security accountant and use that business data for context in the course of investigations and, and, and that's been great to see.
And what I'm excited to see in the coming years is as more security teams are up and running with their security data, like, [00:24:00] and not just doing incident response with that data, but also using that data to analyze. Their posture and how their security program is fairing in different areas, according to different security, controls, and frameworks.
What we expect to see is that data sharing is going to let these security teams share. Information about their posture with their peers, again, in a secured governed way, doesn't mean that everything is available to everyone, but helping the defenders to learn from each other. Right. Where is it? Are they as a cohort, as an industry doing well?
What are areas where they should be improving when it comes to things like. Vulnerability management. How long does it take your truck? Your typical, let's say a financial services company to patch critical Linux security updates. Right? That kind of thing. If we can start seeing stats on things like that shared between peers, it's going to make everybody more successful and they're all on the same side, right.
Protecting against the bad guys.
Steve Hamm: So I think that's a great new [00:25:00] opportunity. Christina, does this bear on, on your company's strategy as well? Or is it more like just the stuff like platform?
Cristina Roa: I think what we're able to do now is as Omer was projecting is as we have this data and can analyze it and analyze the processes that that security goes through in the metrics that they're delivering on, it's not just about sharing the processes, but what the results are.
And we've never been able to do that. Before and with the analytics that we're able to provide, now we can't,
Omer Singer: this is what the future holds.
Steve Hamm: So I'm going to ask you guys to put on your visionary caps for a minute. And look out several years, maybe even five years, what do you think are going to be the major security threats to organizations and what strategies and technologies will emerge to help deal with these threats?
And is there any glimmer of [00:26:00] hope for the security industry and enterprises to actually get ahead of the bad guys at some point, the leapfrog, the bad guys for a change? It's a tough question. Who was to go first?
Cristina Roa: No, I think we're seeing several things. One, as companies are really moving workloads to multiple cloud platforms, they don't want to be tied in and they want the flexibility to move data and processes around.
They've moved to containerization so that multicloud really can become a reality. And. Therefore, we need to not only protect the data in a spot, but protect the entire process of how the data and the containers are deployed and used and move from one environment to the other. And in conjunction with that, we have to be able to [00:27:00] protect.
Everything that makes up that, that, that process protect the plugins, protect the open source data, protect the entire development life cycle chain. And so we really have to look at this holistically and as more and more data sets come in to the environment, we have to be able to secure those. So as OT devices and IOT device, and.
Provide sensor data. We've got to be able to protect those devices also because they are part of the ecosystem of an organization.
Steve Hamm: Right. And so any hope, any glimmers of hope of, of the forces of good overcoming the forces of evil?
Cristina Roa: I think it's good to be a battle that goes on until the end of time.
Steve Hamm: Fortunately. Yes. And Omer. So what's your vision of the future?
Omer Singer: Yeah, I, I think in, in the future, we're going to see the breach timelines [00:28:00] just continue to compress in terms of the automation that attackers are bringing to bear, everything's going to continue to speed up happen faster and faster, and the impact is going to continue to grow.
As everything becomes more obstruct on the it side, a successful attack. It means more impact to the business and, and across businesses, right? That's what we're, we're seeing this, the start of that, but it's, it's only going to become more and more, and these threats are not going away. Right. If you think about who's behind them, these are very organized businesses.
This is how they put food on the table. They're not going away and they're going to continue to innovate in order to be successful. But I think there is hope. I think there's hope in that the cybersecurity team. Yeah. Joining the rest of the enterprise in a data-driven approach. And we've seen what analytics can do and transforming, for example, marketing and finance.
And we haven't yet seen that really happen on the [00:29:00] cybersecurity side, but we are starting to see it now. So if I had to kind of bet in terms of the cybersecurity skills of the future, I think you're going to see data analytics and CQL and BI and data science increasingly be skills that are.
Successfully leveraged by security teams and over time with enough visibility and automation, I think that the good guys can get ahead in this.
Steve Hamm: Well, that's an encouraging thought, a good place to add. So yeah, this has been a fascinating discussion. I mean, it really is. I mean, this is amazingly complicated, but I thought some of these ideas, like the idea of the connected application model, it just seems ingenious.
And also. This idea of getting really a contextual view, not just security data, but the data around it from the operational business data and really understanding, well, what's the context for, for these events or these [00:30:00] anomalies that we're seeing. Those are both concepts that I had not heard of before.
And I think they're both really interesting and I'm, I'm sure a lot of our listeners will want to. Follow up and do some of their own research on that. So anyway, thank you both very much for this conversation. I think it's really great to have somebody from the application side and somebody from the platform side, I think it really gives a holistic view that will be really useful to a lot of our.
So, thanks a lot. Thank you, Steve.
Cristina Roa: Thanks Steve. For the time we really appreciate it.
Producer: Join the world of data collaboration at snowflake summit. This June in Las Vegas at snowflake summit, you can learn from hundreds of technical data and business experts about what's possible in the data cloud. Learn more and register for snowflake summit at www.snowflake.com/summit.