Panther Labs Integrates Cloud-Native and Traditional Threat Detection

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

The News: At Black Hat Europe 2023, Panther Labs launched its new Security Data Lake Search capability as well as integration with Splunk. Additional detail is available in Panther’s press release.

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

Analyst Take: Threat detection, analysis, and response at scale has never been more important or more difficult. AI, cloud-hosted, and other modern workloads that generate high-volume, streaming log data are emerging. These workloads present a challenge in the form of cost and complexity when it comes to feeding these logs into traditional and familiar security information and event management (SIEM) tools.

Panther Labs developed a cloud-native SIEM tool that is scalable and easy to use, thus making security operations more efficient. The company has raised a total of $140 million in funding over four rounds, helping it to gain traction in several Fortune 500 companies.

Panther Labs Solution’s Key Differentiator

The solution’s key differentiator is its ability to facilitate what is known as detection-as-code. Traditional SIEM tools require security teams to manually create and configure detection rules within the SIEM platform. This process is time consuming, error prone, and inefficient, and it is difficult to scale, maintain, and audit. This process becomes especially a problem as organizations grow and as the security threat landscape continuously evolves.

The solution from Panther Labs allows security teams to write detection rules in code via Python. This approach streamlines the creation, management, and deployment of detection rules. As a result, security operations teams have more agility when it comes to adapting to changing threat landscapes and responding to incidents. It also makes it easier for security teams to create consistent and repeatable threat detection logic while reducing the risk of errors and misconfigurations in threat detection rules. In addition to offering detection-as-code, Panther also offers more than 500 pre-built detections out of the box.

Panther’s scalability and performance lends itself to supporting cloud-native and DevOps-oriented log sources. It supports more than 100 prominent logs such as Amazon Web Services (AWS) CloudTrail natively, and webhooks for custom support. The Futurum Group notes that traditional SIEM tools tend to be cumbersome and costly as well as difficult to scale when it comes to supporting these types of high-volume, streaming log sources. In addition, rather than being underpinned by an SQL database, Panther stores normalized log data in Snowflake, a scalable, cost-effective cloud database. This approach provides the foundation to be able to query across large and distributed databases efficiently and quickly, a capability that is being added with the Security Data Lake Search capability.

The Security Data Lake Search capability combines with the new ability to configure Splunk as an alert destination for Panther detection workflows. This approach better positions security operations teams to integrate increasingly critical cloud-native logs alongside more traditional sources such as firewalls and endpoint detection and response (EDR) products for rapid and comprehensive detection, investigation, and response workflows.

Another key value point for the new search capability is the ability to store, and as a result query, a full year of log data for deep dive threat hunting. In contrast, traditional SIEM platforms are typically limited to a 30-, 60-, or 90-day retroactive view, and the security analyst typically must know a proprietary query language to be able to query back this far.

Panther Labs Addresses Key SIEM Tool Challenges

The takeaway is that Panther Labs is addressing key challenges that security teams are facing with legacy SIEM tools. These challenges include the cost and complexity of integrating all logs from an organization’s cloud-native workloads into the traditional SIEM environment. It also includes the ability to quickly execute high-performance queries at scale across modern cloud-native logs. At the same time, it is doing so in a way that allows the customer to continue to utilize the existing SIEM tools in which they have long-standing investment.

The approach is a smart one to ease customer adoption of Panther’s platform. Continued education to the market on its platform, including the ease of coding detection rules and the search performance for streaming cloud logs, will further nurture uptick.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Splunk Goes All in on AI: New Innovations to Enhance Security, Customer Experience, and Visibility

NetApp Gets Insightful on Generative AI, Cyber Recovery

Decentralized Storage in the Battle Against Ransomware

Author Information

Krista Case

Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Related Insights
Can Anthropic's GRAM 'Off Switch' Make Dual-Use AI Safer Without Killing Utility?
July 10, 2026

Can Anthropic’s GRAM ‘Off Switch’ Make Dual-Use AI Safer Without Killing Utility?

Anthropic and AE Studio introduced GRAM, enabling selective removal of sensitive AI capabilities without retraining, potentially addressing privacy and security concerns for organizations adopting generative AI....
Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?
July 10, 2026

Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?

Exprivia announced partnership with ABI's WeSec summit as Main Partner, aligning with surging demand for cybersecurity and AI solutions across Italian banking. The move positions the company to capitalize on...
Kore.ai and Atos Bet on Sovereign Agentic AI, Will UK Enterprises Demand Proof, Not Promises?
July 8, 2026

Kore.ai and Atos Bet on Sovereign Agentic AI, Will UK Enterprises Demand Proof, Not Promises?

Kore.ai and Atos announce a strategic partnership to deliver Sovereign AI solutions to UK organizations, addressing data residency and compliance requirements in the rapidly expanding $181B AI platforms market....
ServiceNow and Accenture Bet on Migration to Win Enterprise Risk
July 7, 2026

ServiceNow and Accenture Bet on Migration to Win Enterprise Risk

Fernando Montenegro, VP at The Futurum Group, examines the ServiceNow and Accenture cybersecurity offering, and why its AI-powered migration and the Armis acquisition point to a bid to become the...
Compliance as Code Is No Longer Optional: Why Manual Reviews Can’t Keep Up
July 4, 2026

Compliance as Code Is No Longer Optional: Why Manual Reviews Can’t Keep Up

Qodo's 'Compliance as Code' framework automates enterprise AI compliance through PR checks, solving the data privacy and security gaps that plague manual reviews at scale....
Brave's Browser Containers Raise the Bar for Privacy and Workflow Flexibility
July 3, 2026

Brave’s Browser Containers Raise the Bar for Privacy and Workflow Flexibility

As AI platform adoption accelerates to $181.3B projected market size, Brave's v1.92 release introduces native browser containers addressing data privacy concerns for 52.6% of enterprise decision makers managing multi-cloud AI...

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.