Search
Close this search box.

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

The News: At Black Hat Europe 2023, Panther Labs launched its new Security Data Lake Search capability as well as integration with Splunk. Additional detail is available in Panther’s press release.

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

Analyst Take: Threat detection, analysis, and response at scale has never been more important or more difficult. AI, cloud-hosted, and other modern workloads that generate high-volume, streaming log data are emerging. These workloads present a challenge in the form of cost and complexity when it comes to feeding these logs into traditional and familiar security information and event management (SIEM) tools.

Panther Labs developed a cloud-native SIEM tool that is scalable and easy to use, thus making security operations more efficient. The company has raised a total of $140 million in funding over four rounds, helping it to gain traction in several Fortune 500 companies.

Panther Labs Solution’s Key Differentiator

The solution’s key differentiator is its ability to facilitate what is known as detection-as-code. Traditional SIEM tools require security teams to manually create and configure detection rules within the SIEM platform. This process is time consuming, error prone, and inefficient, and it is difficult to scale, maintain, and audit. This process becomes especially a problem as organizations grow and as the security threat landscape continuously evolves.

The solution from Panther Labs allows security teams to write detection rules in code via Python. This approach streamlines the creation, management, and deployment of detection rules. As a result, security operations teams have more agility when it comes to adapting to changing threat landscapes and responding to incidents. It also makes it easier for security teams to create consistent and repeatable threat detection logic while reducing the risk of errors and misconfigurations in threat detection rules. In addition to offering detection-as-code, Panther also offers more than 500 pre-built detections out of the box.

Panther’s scalability and performance lends itself to supporting cloud-native and DevOps-oriented log sources. It supports more than 100 prominent logs such as Amazon Web Services (AWS) CloudTrail natively, and webhooks for custom support. The Futurum Group notes that traditional SIEM tools tend to be cumbersome and costly as well as difficult to scale when it comes to supporting these types of high-volume, streaming log sources. In addition, rather than being underpinned by an SQL database, Panther stores normalized log data in Snowflake, a scalable, cost-effective cloud database. This approach provides the foundation to be able to query across large and distributed databases efficiently and quickly, a capability that is being added with the Security Data Lake Search capability.

The Security Data Lake Search capability combines with the new ability to configure Splunk as an alert destination for Panther detection workflows. This approach better positions security operations teams to integrate increasingly critical cloud-native logs alongside more traditional sources such as firewalls and endpoint detection and response (EDR) products for rapid and comprehensive detection, investigation, and response workflows.

Another key value point for the new search capability is the ability to store, and as a result query, a full year of log data for deep dive threat hunting. In contrast, traditional SIEM platforms are typically limited to a 30-, 60-, or 90-day retroactive view, and the security analyst typically must know a proprietary query language to be able to query back this far.

Panther Labs Addresses Key SIEM Tool Challenges

The takeaway is that Panther Labs is addressing key challenges that security teams are facing with legacy SIEM tools. These challenges include the cost and complexity of integrating all logs from an organization’s cloud-native workloads into the traditional SIEM environment. It also includes the ability to quickly execute high-performance queries at scale across modern cloud-native logs. At the same time, it is doing so in a way that allows the customer to continue to utilize the existing SIEM tools in which they have long-standing investment.

The approach is a smart one to ease customer adoption of Panther’s platform. Continued education to the market on its platform, including the ease of coding detection rules and the search performance for streaming cloud logs, will further nurture uptick.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Splunk Goes All in on AI: New Innovations to Enhance Security, Customer Experience, and Visibility

NetApp Gets Insightful on Generative AI, Cyber Recovery

Decentralized Storage in the Battle Against Ransomware

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

SHARE:

Latest Insights:

Managing Cloud Costs Amid AI and Cloud-Native Adoption
Paul Nashawaty and Steven Dickens of The Futurum Group cover IBM's acquisition of Kubecost, a cost monitoring and management tool for Kubernetes, marking a step toward providing a comprehensive cost management platform for cloud-native applications.
Veeam Makes a Strategic Move to Enhance Positioning in Next-Generation, AI-Driven Cyber Resilience
Krista Case, Research Director at The Futurum Group, covers Veeam’s acquisition of Alcion and its appointment of Niraj Tolia as CTO. The move will strengthen its AI cyber resilience capabilities.
Google’s New Vault Offering Enhances Its Cloud Backup Services, Addressing Compliance, Scalability, and Disaster Recovery
Krista Case, Research Director at The Futurum Group, offers insights on Google Cloud’s new vault offering and how this strategic move enhances data protection, compliance, and cyber recovery, positioning Google against competitors such as AWS and Azure.
Capabilities Focus on Helping Customers Execute Tasks and Surface Timely Insights
Keith Kirkpatrick, Research Director with The Futurum Group, shares his insights on Oracle’s Fusion Applications innovations announced at CloudWorld, and discusses the company’s key challenges.