The News: At Black Hat Europe 2023, Panther Labs launched its new Security Data Lake Search capability as well as integration with Splunk. Additional detail is available in Panther’s press release.
Panther Labs Integrates Cloud-Native and Traditional Threat Detection
Analyst Take: Threat detection, analysis, and response at scale has never been more important or more difficult. AI, cloud-hosted, and other modern workloads that generate high-volume, streaming log data are emerging. These workloads present a challenge in the form of cost and complexity when it comes to feeding these logs into traditional and familiar security information and event management (SIEM) tools.
Panther Labs developed a cloud-native SIEM tool that is scalable and easy to use, thus making security operations more efficient. The company has raised a total of $140 million in funding over four rounds, helping it to gain traction in several Fortune 500 companies.
Panther Labs Solution’s Key Differentiator
The solution’s key differentiator is its ability to facilitate what is known as detection-as-code. Traditional SIEM tools require security teams to manually create and configure detection rules within the SIEM platform. This process is time consuming, error prone, and inefficient, and it is difficult to scale, maintain, and audit. This process becomes especially a problem as organizations grow and as the security threat landscape continuously evolves.
The solution from Panther Labs allows security teams to write detection rules in code via Python. This approach streamlines the creation, management, and deployment of detection rules. As a result, security operations teams have more agility when it comes to adapting to changing threat landscapes and responding to incidents. It also makes it easier for security teams to create consistent and repeatable threat detection logic while reducing the risk of errors and misconfigurations in threat detection rules. In addition to offering detection-as-code, Panther also offers more than 500 pre-built detections out of the box.
Panther’s scalability and performance lends itself to supporting cloud-native and DevOps-oriented log sources. It supports more than 100 prominent logs such as Amazon Web Services (AWS) CloudTrail natively, and webhooks for custom support. The Futurum Group notes that traditional SIEM tools tend to be cumbersome and costly as well as difficult to scale when it comes to supporting these types of high-volume, streaming log sources. In addition, rather than being underpinned by an SQL database, Panther stores normalized log data in Snowflake, a scalable, cost-effective cloud database. This approach provides the foundation to be able to query across large and distributed databases efficiently and quickly, a capability that is being added with the Security Data Lake Search capability.
The Security Data Lake Search capability combines with the new ability to configure Splunk as an alert destination for Panther detection workflows. This approach better positions security operations teams to integrate increasingly critical cloud-native logs alongside more traditional sources such as firewalls and endpoint detection and response (EDR) products for rapid and comprehensive detection, investigation, and response workflows.
Another key value point for the new search capability is the ability to store, and as a result query, a full year of log data for deep dive threat hunting. In contrast, traditional SIEM platforms are typically limited to a 30-, 60-, or 90-day retroactive view, and the security analyst typically must know a proprietary query language to be able to query back this far.
Panther Labs Addresses Key SIEM Tool Challenges
The takeaway is that Panther Labs is addressing key challenges that security teams are facing with legacy SIEM tools. These challenges include the cost and complexity of integrating all logs from an organization’s cloud-native workloads into the traditional SIEM environment. It also includes the ability to quickly execute high-performance queries at scale across modern cloud-native logs. At the same time, it is doing so in a way that allows the customer to continue to utilize the existing SIEM tools in which they have long-standing investment.
The approach is a smart one to ease customer adoption of Panther’s platform. Continued education to the market on its platform, including the ease of coding detection rules and the search performance for streaming cloud logs, will further nurture uptick.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
Splunk Goes All in on AI: New Innovations to Enhance Security, Customer Experience, and Visibility
NetApp Gets Insightful on Generative AI, Cyber Recovery
Decentralized Storage in the Battle Against Ransomware
Author Information
Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
