Al + Security Analytics, and Snowflake: Key Insights from the Webinar

Image

In a recent webinar, Tarsal CEO Sunny Rekhi hosted Tyler Warren, Deputy CISO at Prologis and Jake Berkowsky from Snowflake, leaders in cybersecurity and data management, to discuss the past, present, and future of security data and analytics. The conversation explored how modern data lake solutions like Snowflake, enhanced by Tarsal’s innovative approach to security data ingestion, are transforming security operations. Here are some of the major takeaways.


Unlocking the Potential of AI through Snowflake’s Data Platform and Tarsal’s Seamless Integration

Data lakes have emerged as powerful tools for security teams needing flexibility, real-time insights, and scalability beyond traditional SIEM systems. Rekhi explained, “Putting your data on Snowflake means you can unlock a bunch of AI stuff that is harder to unlock with traditional SIEMs.” Snowflake enables organizations to decouple security analysis from high-cost proprietary storage, reducing vendor lock-in and empowering security teams to maintain control over their data.

Tarsal makes this transition seamless. By leveraging Tarsal’s “one-click, zero-maintenance connectors,” security teams can integrate and operationalize data lakes with minimal internal development resources. Tarsal’s pre-built connectors eliminate weeks or months of pipeline-building, offering organizations a way to get data into Snowflake fast without compromising quality or uptime.

Prologis’s Journey: Scaling Security Analytics

Tyler Warren from Prologis shared the story of their transformation from on-prem SIEM systems to a modern data lake on Snowflake. Originally, Prologis used traditional on-prem and cloud-based SIEMs but ran into scaling and cost challenges as log volumes grew. Moving to Snowflake, enabled Prologis to handle data at 10-15 times their previous volume at a fraction of the cost.

“[With Snowflake], we’re handling 10-15 times the log volume we ever did before…” “It’s been one of the best decisions we’ve ever done.” – Tyler Warren, Prologis

Warren commented on how the journey would have been easier if systems like Tarsal had been around when they began the journey. He noted the challenges they faced given the differences between “security guys” and “data guys”.

The panel pointed out how organizations can use Tarsal to follow a similar data lake path. Tarsal’s pipeline removes the challenges of in-house pipeline development and maintenance while retaining all the benefits. At a fraction of the time and cost of DIY. This approach also gives more control over data, allowing companies to pick “best-of-breed” tools and easily integrate new technologies.

Overcoming Pipeline Challenges with Tarsal’s Connectors

Custom built data pipelines can be complex and costly to maintain, especially when data sources and formats frequently change. Jake Berkowsky, a Cybersecurity Architect with Snowflake, and Rekhi both emphasized that while setting up a pipeline may seem simple initially, the ongoing maintenance is challenging, as vendors modify data structures and as logs evolve.

Tarsal removes this burden by maintaining compatibility and consistency with multiple data sources. Security teams using Tarsal’s platform no longer need to worry about tracking API changes or troubleshooting unexpected field shifts. Tarsal’s connectors handle it all, ensuring data flows smoothly into Snowflake, where it’s normalized and easily accessible for analysis.

“… you have dozens and dozens of sources that are all slightly different, some … which are very stable and … others, that will just change it without telling you. All of a sudden you you have different problems, right? … [T]he cost of getting something done versus production is orders of magnitudes and then maintaining it on top of that.”
– Jake Berkowsky, Snowflake

AI-Powered Insights for Faster Investigations

AI has become indispensable in security analytics, transforming tedious, data-heavy processes into fast, insightful decision-making aids. Tyler Warren discussed Prologis’s use of AI and natural language to simplify investigations and empower less experienced SOC personnel to get immediate answers. Prologis is also automating investigations, which has reduced manual work on one investigation from 30 hours to just 8 hours.

“[Using AI] we took an investigation from … 30 hours down to just 8.” – Tyler Warren, Prologis

Berkowsky expanded on this by stating, “Everyone is a junior at something.” Explaining that even experienced security professionals might not be experts at concepts like networking or firewall rules but AI allows that user to leverage their expertise and combine it with vast AI knowledge.

Jake continued on the role of AI in security data. He noted that in general “[There’s] a lot of talk about ‘replacing people’. But when you think about it, there’s all this stuff that wasn’t being done before…” “It’s allowing people to do jobs that maybe they weren’t even doing before.”

Snowflake’s Cortex Analyst, exemplifies this shift by allowing security teams to analyze data in plain language, making it accessible even to those without deep technical expertise.

Data Quality: The Foundation of AI-Driven Security

High-quality data is critical for any AI application. As Berkowsky pointed out, “I think one one thing that keeps coming up over and over again is the idea of ground truth. You can automate something, but if it’s wrong, then you might as well just … not deal with it. So if you’re going to automate something, if you’re going to apply AI you need to make sure it’s correct.” Inconsistent or poorly structured data can derail AI applications, leading to inaccurate or incomplete analysis.

“[I]f you’re going to automate something, if you’re going to apply AI you need to make sure it’s correct.” – Jake Berkowsky, Snowflake

Making that clean, reliable data is where pipelines like Tarsal are invaluable through standardizing key fields like IP addresses, time stamps, and user IDs across sources, and by making data ingestion fast, smooth, and accurate.

Sunny pointed this out, saying, “We make it easy on a couple of dimensions, normalizing indicators of compromise … and pull these fields top level into Snowflake so it’s very easy for [AI] to understand.”
This quality-first approach keeps data ready for complex applications, allowing companies to unlock the potential of AI without worrying about whether their data can support it.

Looking to 2025: Risk Scoring and Autonomous Security

Berkowsky talked about the future of AI at Snowflake with Cortex Analyst in 2025, noting that it is currently in public preview.

Prologis is also looking toward 2025 as a year to leverage AI even further, including advancements in user and business risk scoring, which will help predict potential security issues based on behavioral analysis. By centralizing data and maintaining quality security teams can access historical and real-time insights that are invaluable for proactive security planning.

Using security tools and analysis on the information provided by AI tools is also an important future trend, with many organizations needing to ensure they are using AI securely. Keeping tabs on the chats and the data being fed into LLMs and other AI tools is essential to protecting the business.

Wrap-up

The webinar highlighted how Tarsal’s seamless integration with Snowflake’s data lake model is transforming the way security teams manage, analyze, and protect data. By prioritizing data quality, operational simplicity, and simple analysis/insights, Tarsal is a game-changer in the world of security analytics. For security leaders, Tarsal’s approach represents a powerful solution to the challenges of modern data management in cybersecurity and a stable path forward.

Watch the full recording of the webinar on LinkedIn: https://www.linkedin.com/events/ai-securityanalytics-andsnowfla7254882571505856513/