Panther Labs Integrates Cloud-Native and Traditional Threat Detection

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

The News: At Black Hat Europe 2023, Panther Labs launched its new Security Data Lake Search capability as well as integration with Splunk. Additional detail is available in Panther’s press release.

Panther Labs Integrates Cloud-Native and Traditional Threat Detection

Analyst Take: Threat detection, analysis, and response at scale has never been more important or more difficult. AI, cloud-hosted, and other modern workloads that generate high-volume, streaming log data are emerging. These workloads present a challenge in the form of cost and complexity when it comes to feeding these logs into traditional and familiar security information and event management (SIEM) tools.

Panther Labs developed a cloud-native SIEM tool that is scalable and easy to use, thus making security operations more efficient. The company has raised a total of $140 million in funding over four rounds, helping it to gain traction in several Fortune 500 companies.

Panther Labs Solution’s Key Differentiator

The solution’s key differentiator is its ability to facilitate what is known as detection-as-code. Traditional SIEM tools require security teams to manually create and configure detection rules within the SIEM platform. This process is time consuming, error prone, and inefficient, and it is difficult to scale, maintain, and audit. This process becomes especially a problem as organizations grow and as the security threat landscape continuously evolves.

The solution from Panther Labs allows security teams to write detection rules in code via Python. This approach streamlines the creation, management, and deployment of detection rules. As a result, security operations teams have more agility when it comes to adapting to changing threat landscapes and responding to incidents. It also makes it easier for security teams to create consistent and repeatable threat detection logic while reducing the risk of errors and misconfigurations in threat detection rules. In addition to offering detection-as-code, Panther also offers more than 500 pre-built detections out of the box.

Panther’s scalability and performance lends itself to supporting cloud-native and DevOps-oriented log sources. It supports more than 100 prominent logs such as Amazon Web Services (AWS) CloudTrail natively, and webhooks for custom support. The Futurum Group notes that traditional SIEM tools tend to be cumbersome and costly as well as difficult to scale when it comes to supporting these types of high-volume, streaming log sources. In addition, rather than being underpinned by an SQL database, Panther stores normalized log data in Snowflake, a scalable, cost-effective cloud database. This approach provides the foundation to be able to query across large and distributed databases efficiently and quickly, a capability that is being added with the Security Data Lake Search capability.

The Security Data Lake Search capability combines with the new ability to configure Splunk as an alert destination for Panther detection workflows. This approach better positions security operations teams to integrate increasingly critical cloud-native logs alongside more traditional sources such as firewalls and endpoint detection and response (EDR) products for rapid and comprehensive detection, investigation, and response workflows.

Another key value point for the new search capability is the ability to store, and as a result query, a full year of log data for deep dive threat hunting. In contrast, traditional SIEM platforms are typically limited to a 30-, 60-, or 90-day retroactive view, and the security analyst typically must know a proprietary query language to be able to query back this far.

Panther Labs Addresses Key SIEM Tool Challenges

The takeaway is that Panther Labs is addressing key challenges that security teams are facing with legacy SIEM tools. These challenges include the cost and complexity of integrating all logs from an organization’s cloud-native workloads into the traditional SIEM environment. It also includes the ability to quickly execute high-performance queries at scale across modern cloud-native logs. At the same time, it is doing so in a way that allows the customer to continue to utilize the existing SIEM tools in which they have long-standing investment.

The approach is a smart one to ease customer adoption of Panther’s platform. Continued education to the market on its platform, including the ease of coding detection rules and the search performance for streaming cloud logs, will further nurture uptick.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Splunk Goes All in on AI: New Innovations to Enhance Security, Customer Experience, and Visibility

NetApp Gets Insightful on Generative AI, Cyber Recovery

Decentralized Storage in the Battle Against Ransomware

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.


Latest Insights:

Azure for Operators Unveils the General Availability of Azure Operator Nexus Aimed Primarily at Running Mobile Workloads on Azure to Deliver Breakthrough CX
The Futurum Group’s Ron Westfall examines why the general availability of Azure Operator Nexus exemplifies Azure for Operator’s strategic commitment to empowering telecom operators with security, performance, and efficiency innovation.
On this episode of The Six Five In the Booth, hosts Daniel Newman and Patrick Moorhead welcome Dan Kusel, GM and Managing Partner at IBM and Usman Zafar, Assistant Vice President, Product Management & Development at AT&T at MWC 2024 for a conversation on the influence generative AI has on transforming the telecom industry.
On this episode of The Six Five – Insider, hosts Daniel Newman and Patrick Moorhead welcome Walter Sun, Global Head of AI at SAP for a conversation on SAP’s AI strategy.
The Futurum Group’s Steven Dickens and Sam Holschuh share their insights on the transformation of the data management and analytics industry along with Snowflake’s announcement of a new CEO.