Snowflake’s Anvilogic Investment Signals Changes in SIEM Market
Data service provider Snowflake deepened its strategic partnership with cybersecurity-analytics provider Anvilogic this week with a joint offering that could further shake up the security information and event management (SIEM) market.
The two cloud service providers are targeting business customers that already use Snowflake’s software-as-a-service offering for data storage and analytics and who want to use the stored data and log information for security operations and threat detection. Anvilogic claims to work alongside other SIEM systems, capturing data typically missed by such systems, such as logs produced by cloud services and alerts produced by cloud-security products.
The joint Snowflake and Anvilogic solution would lead to reduced costs — on the order of 50% to 80%, the companies claim — and will eventually replace legacy SIEM platforms, argues Karthik Kannan, CEO of Anvilogic.
“It’s a bit of a changing of the guard, something that both Snowflake and Anvilogic have been expecting for a long time,” he says. “We’ve been building towards this day, for when our type of approach, which I’ll explain in a minute, which will take center stage and kind of start to take some of those old legacies out and replace them for the next decade.”
The security information and event management (SIEM) market has undergone tremendous changes in the last two years. In August 2022, OpenText agreed to purchase Micro Focus — the owner of the well-known ArcSight SIEM platform — for $6 billion. In September, Cisco announced it would move into the SIEM sector by purchasing Splunk for $28 billion, a deal that completed in March. Earlier this month, IBM exited the market and sold its QRadar division of SaaS cybersecurity products — which include SIEM capabilities — to Palo Alto Networks, with the two companies agreeing to work together as partners. Neither company divulged how much Snowflake is investing in Anvilogic. (Anvilogic closed a $45 million third investment (Series C) round in April, bringing its total funding to $85 million.)
“Cybersecurity is a Data Problem”
The data-focused partnership of Snowflake and Anvilogic makes sense as businesses find themselves awash in data. The average company currently uses only about half of the information available through logs, but hopes to track up to 80% in the next few years, according to a survey conducted by consultancy McKinsey.
The quest to use all that data effectively makes the pairing of a data-focused service provider with a cybersecurity-service provider make a lot of sense, says John Bland, head of cybersecurity strategy at Snowflake.
“We believe firmly that cybersecurity is a data problem,” he says. “We’ve had data volumes explode, and it’s hard to get visibility into all the data you need — all your security data and sources you need visibility into — and then it’s also hard to retain it and keep it around in a searchable fashion for as long as you need to.”
The Anvilogic and Snowflake pairing will likely make sense for companies that are already committed to the data platform, as pairing with a cybersecurity analytics providers will provide additional benefits, which a standalone SIEM provider might not, says Allie Mellen, principal analyst for security and risk at business-intelligence firm Forrester Research.
“This is appealing for organizations that are already leveraging the data platform for IT operations, product, or other use cases, as it can help support data consolidation efforts and enable better data governance practices,” she says. “However, it is challenging for practitioners to leverage, as it means managing multiple different vendors for different elements of what would traditionally be a single security analytics platform.”
Are Monolithic SIEMs Over?
Both Anvilogic and Snowflake argue that the era of monolithic SIEM products is coming to a close. Instead, businesses need to effectively manage their data and provide it to specific use cases, whether that is business intelligence or threat intelligence. With the partnership with Anvilogic and its ability to work alongside legacy SIEM systems, Snowflake aims to allow companies to gradually move to a data-centric architecture, Snowflake’s Bland says.
“Every customer I’ve talked to is ready to break up with their legacy SIEM, but they just don’t know how,” he says. “They’ve built dashboards and detections over the last five years, or it could be that they feel like they have other competing initiatives, and they not sure they want to take the risk of a full ‘rip and replace’ right now.”
The companies also have the benefit of working native in the cloud, while many traditional SIEM systems have added cloud-based operations after starting as appliances or as applications run inside data centers.
With so much of business operations happening in the cloud, non-native cybersecurity platforms are at a disadvantage, says Saryu Nayyar, CEO of rival cybersecurity-analytics firm Gurucul.
“Legacy SIEMs are legacy for a reason — there is far better technology available today,” he says. “I think that’s the root cause behind many of these mergers. In an effort to fill the deficiencies in their SIEM platform, vendors are mashing together capabilities that weren’t designed to work in a unified way, and probably won’t any time soon.”
Yet, while the traditional SIEM market is certainly undergoing a challenging evolution, the major players continue to benefit from a focus on tight integration with third parties and other existing relationships, says Forrester’s Mellen.
“Ultimately, it’s a matter of tradeoffs,” she says. “Using a data platform like Snowflake is an opportunity for some enterprises to consolidate business data storage and access. However, it comes with challenges, such as managing the data architecture and leveraging third-party partners for analytics, automation, and data pipeline management.”