Panther Labs Integrates Cloud-Native and Traditional Threat Detection

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

The News: At Black Hat Europe 2023, Panther Labs launched its new Security Data Lake Search capability as well as integration with Splunk. Additional detail is available in Panther’s press release.

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

Analyst Take: Threat detection, analysis, and response at scale has never been more important or more difficult. AI, cloud-hosted, and other modern workloads that generate high-volume, streaming log data are emerging. These workloads present a challenge in the form of cost and complexity when it comes to feeding these logs into traditional and familiar security information and event management (SIEM) tools.

Panther Labs developed a cloud-native SIEM tool that is scalable and easy to use, thus making security operations more efficient. The company has raised a total of $140 million in funding over four rounds, helping it to gain traction in several Fortune 500 companies.

Panther Labs Solution’s Key Differentiator

The solution’s key differentiator is its ability to facilitate what is known as detection-as-code. Traditional SIEM tools require security teams to manually create and configure detection rules within the SIEM platform. This process is time consuming, error prone, and inefficient, and it is difficult to scale, maintain, and audit. This process becomes especially a problem as organizations grow and as the security threat landscape continuously evolves.

The solution from Panther Labs allows security teams to write detection rules in code via Python. This approach streamlines the creation, management, and deployment of detection rules. As a result, security operations teams have more agility when it comes to adapting to changing threat landscapes and responding to incidents. It also makes it easier for security teams to create consistent and repeatable threat detection logic while reducing the risk of errors and misconfigurations in threat detection rules. In addition to offering detection-as-code, Panther also offers more than 500 pre-built detections out of the box.

Panther’s scalability and performance lends itself to supporting cloud-native and DevOps-oriented log sources. It supports more than 100 prominent logs such as Amazon Web Services (AWS) CloudTrail natively, and webhooks for custom support. The Futurum Group notes that traditional SIEM tools tend to be cumbersome and costly as well as difficult to scale when it comes to supporting these types of high-volume, streaming log sources. In addition, rather than being underpinned by an SQL database, Panther stores normalized log data in Snowflake, a scalable, cost-effective cloud database. This approach provides the foundation to be able to query across large and distributed databases efficiently and quickly, a capability that is being added with the Security Data Lake Search capability.

The Security Data Lake Search capability combines with the new ability to configure Splunk as an alert destination for Panther detection workflows. This approach better positions security operations teams to integrate increasingly critical cloud-native logs alongside more traditional sources such as firewalls and endpoint detection and response (EDR) products for rapid and comprehensive detection, investigation, and response workflows.

Another key value point for the new search capability is the ability to store, and as a result query, a full year of log data for deep dive threat hunting. In contrast, traditional SIEM platforms are typically limited to a 30-, 60-, or 90-day retroactive view, and the security analyst typically must know a proprietary query language to be able to query back this far.

Panther Labs Addresses Key SIEM Tool Challenges

The takeaway is that Panther Labs is addressing key challenges that security teams are facing with legacy SIEM tools. These challenges include the cost and complexity of integrating all logs from an organization’s cloud-native workloads into the traditional SIEM environment. It also includes the ability to quickly execute high-performance queries at scale across modern cloud-native logs. At the same time, it is doing so in a way that allows the customer to continue to utilize the existing SIEM tools in which they have long-standing investment.

The approach is a smart one to ease customer adoption of Panther’s platform. Continued education to the market on its platform, including the ease of coding detection rules and the search performance for streaming cloud logs, will further nurture uptick.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Splunk Goes All in on AI: New Innovations to Enhance Security, Customer Experience, and Visibility

NetApp Gets Insightful on Generative AI, Cyber Recovery

Decentralized Storage in the Battle Against Ransomware

Author Information

Krista Case

Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Related Insights
The Hard(er) Challenge in Agent Governance Is Authorization
June 25, 2026

The Hard(er) Challenge in Agent Governance Is Authorization

Fernando Montenegro, VP at Futurum Group, argues that the launch of the Agent Control Standard does not close the agent governance gap, and that "shrinkage," not universal coverage, is the...
Can Cisco Widen Splunk’s Agentic SOC Capabilities With WideField
June 25, 2026

Can Cisco Widen Splunk’s Agentic SOC Capabilities With WideField?

Fernando Montenegro, VP at Futurum, examines Cisco's planned acquisition of WideField Security and how deeper identity and session intelligence could strengthen Agentic SOC capabilities as enterprises deploy more AI agents...
HPE Discover 2026: A Coherent AI Story That Now Has to Convert
June 24, 2026

HPE Discover 2026: A Coherent AI Story That Now Has to Convert

Fernando Montenegro and Tom Hollingsworth analyze HPE Discover 2026, where HPE built a networking-centered, full-stack AI story and now must convert that breadth into spending momentum and a security story...
Can Databricks’ Security Upgrades Finally Unify AI Innovation and Compliance at Scale?
June 19, 2026

Can Databricks’ Security Upgrades Finally Unify AI Innovation and Compliance at Scale?

Databricks announces Automatic Identity Management for Entra ID and Okta, removing compliance bottlenecks for regulated industries. New security enhancements enable zero-trust access across all major clouds....
Zscaler Bets on Agentic AI Security at Zenith Live 2026
June 12, 2026

Zscaler Bets on Agentic AI Security at Zenith Live 2026

Fernando Montenegro, VP at Futurum, analyzes Zscaler's Zenith Live 2026 platform announcements spanning agentic AI security and Zero Trust SASE, in a market where every major vendor is converging on...
CrowdStrike Falcon Aims to See Inside the AI Factory
June 9, 2026

CrowdStrike Falcon Aims to See Inside the AI Factory

Fernando Montenegro, VP at Futurum, analyzes CrowdStrike's integration of NVIDIA DOCA Argus telemetry into Falcon Next-Gen SIEM and what it means for AI factory security....

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.