In a move that a Snowflake Inc. executive described as the company’s entry into the cybersecurity market, the data cloud company today announced an alliance with Securonix Inc., maker of a cloud-native security information and event management system.

The deal is a nonexclusive partnership at this point and Snowflake has no plans to compete against other security companies but will partner instead, said Omer Singer, the company’s head of cybersecurity strategy. However, he said the alliance is part of a thrust by Snowflake to court organizations that are moving their SIEM processing to the cloud. “You’re going to see Snowflake as a major player in cloud security,” he said.

SIEM is an approach to cybersecurity analysis that combines information and event management into a single system that analyzes data and identifies deviations from the norm. For example, SIEM can detect repeated login attempts from a single IP address or unusually large data downloads.

Deriving insights from SIEM involves processing very large amounts of data and the size has grown as companies ingest information from multiple on-premises and cloud sources. Snowflake says security teams are increasingly loading that data into the cloud to take advantage of scalable storage.

“Cloud infrastructure is so heavily instrumented that it generates 10 times the amount of data [compared to an on-premises data center],” Singer said. “You can’t physically bring it back down into the data center. You need secure cloud infrastructure.”

Securonix’s “bring your own Snowflake” program provides customers with the ability to enrich data in real-time and query it at scale in Snowflake from within the Securonix user interface using packaged behavior analytics to identify potential security incidents without the need to transfer or duplicate data storage.

Securonix hosts the core security analytics operations, which encompass user and entity behavior analytics, extended detection and response, SIEM and security orchestration, automation and response directly on data in an existing Snowflake account.

“They believe in an open architecture. They aren’t going to hold on to the customer’s data and force them to access it through an application programming interface,” Singer said. “They’re giving customers choice.”

Snowflake was prompted to create the alliance in part at the urging of Capital One Ventures LLC, which has invested in both companies. “This will make every Snowflake customer re-evaluate their SIEM strategy, asking if it makes sense for them to use a SIEM that separates them from their data,” Singer said.

Photo: Robert Hof/SiliconANGLE