- 00 The Snowflake Challenge
- 01 Vulcan Cyber Benefits
- 02 About Snowflake
- 03 The situation
- 04 The process
- 05 The results
The Snowflake Challenge
- Teams didn’t collaborate
- Scan data wasn’t enough
- Vulnerability management needed SLA alignment
Vulcan Cyber Benefits
Remedies as a service
Custom risk modeling
Snowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing across multiple clouds. Snowflake combines the power of data warehousing with the flexibility of a big data platform and the elasticity of the cloud at a fraction of the cost of traditional storage solutions.
Founded in 2012 Snowflake now has more than 2,000 customers including JetBlue Airways, Accor and Conagra Brands. Rapid customer growth required notable scale out of the cloud infrastructure underpinning the Snowflake cloud platform. This growth also created an increased need to efficiently maintain and secure the platform.
|Time intensive||Hard to measure||Manual process|
|Automated risk-based prioritization||Aligning metrics and KPIs to the business||Auto-generated patching scripts|
|Increased productivity||Self-service reports and tracking||Minimal manual effort|
THE SNOWFLAKE ENVIRONMENT
Vulnerability management and remediation was very time-intensive at Snowflake, with significant manual effort required. For example, new vulnerability scan reports were manually reviewed by the compliance, IT and DevOps teams, with the security engineering team assisting with prioritization. Then the remediation team was required to build patch scripts, run quality assurance on them, and then roll them out.
As Snowflake grew quickly and expanded into additional cloud environments, a manual approach to prioritization and remediation could not scale. Moreover, measuring the effectiveness of the vulnerability management program was a challenge. The team needed reliable and insightful vulnerability metrics capable of covering the entirety of the program and showing progress made or ensuring SLAs were met.
|Time-intensive||Hard to measure||Manual process|
The Vulcan platform works on top of Snowflake to leverage its proprietary risk model and provide risk-based prioritization to all vulnerabilities and misconfigurations discovered within the network. It applies context and business logic to vulnerability scan reports along with asset inventory and configuration data extracted from the Snowflake data platform (e.g. security groups, ELB configurations). With this level of visibility, the Snowflake team uses Vulcan to ensure they are remediating high-risk, public-facing vulnerabilities first, in accordance with Snowflake business requirements. Moreover, the Vulcan remediation intelligence library seamlessly provides the best remedy for the vulnerability, delivering Ansible patch and configuration automation scripts needed by the DevOps team to remediate vulnerabilities at scale. Armed with the necessary fixes, the DevOps team now only needs to review and apply the supplied solutions remotely.
To enable clear reporting and assessment of the vulnerability management program, key metrics and measurements were set, along with service level agreements, customized in accordance with Snowflake requirements.
Automated risk-based prioritization
Aligning metrics and KPIs to the business
|Auto-generating patching scripts|
Using Vulcan has led to a much more efficient end-to-end vulnerability management program at Snowflake. By automatically prioritizing all vulnerabilities discovered, remediation teams can now target the most critical issues. Moreover, using auto-generated Ansible remediation automation scripts saves the DevOps team several days of work every month. This process lightens the workload and allows the team to address more critical issues sooner to more effectively enforce the infrastructure security posture required by Snowflake customers.
Self-service dashboards give the compliance team the insights and data they need to demonstrate governance results to auditors. The dashboards also enable management to track the vulnerability management program using metrics that reflect the business requirements and SLAs. Self-service and collaboration features of Vulcan allow teams across Snowflake to reduce the need for recurring meetings and gives valuable time back to every stakeholder.
Self-service reports and tracking
Minimal manual efforts