Wiz Defend is Here: Threat detection and response for cloud

    Overview

    As cloud environments grow, many organizations adopt SaaS solutions such as databases, identity providers, and AI platforms to support their cloud needs. These solutions run and store critical data, however, they sit outside the cloud service provider’s (CSP) boundary. Ensuring the security of these Cloud SaaS platforms can be challenging as it often means teams pivot from their regular security workflows to siloed tools or even face a gap in their security coverage.

    The Snowflake Connector helps secure Snowflake using the same Wiz workflows customers use to secure the rest of their cloud, helping identify risks like sensitive data exposure, misconfigurations, excessive permissions, and real-time threat activity. If there is a critical Snowflake security issue, security teams can be confident that it’ll be identified and prioritized alongside the rest of their security issues across the cloud.

    Benefits

    With Wiz for Snowflake, teams quickly identify and remediate risks like exposed sensitive data, overly permissive access, and suspicious activity within Snowflake databases and tables. The following capabilities are now extended to Snowflake environments:  

    • Wiz DSPM automatically scans for sensitive data in Snowflake using hundreds of built-in classifiers, including PII, PHI, and PCI. After connecting to Snowflake, Wiz quickly discovers all databases, scans for sensitive data, and maps the findings on the Wiz Security Graph.

    • Wiz Cloud Detection and Response (CDR) monitors access logs for Snowflake accounts, databases, and tables in near real-time. Security teams can detect suspicious activity and analyze active threats with a detailed timeline of events, enabling them to prioritize, investigate, and respond quickly.

    • Wiz CIEM for Snowflake analyzes cloud entitlements and effective permissions to help teams understand their identity-related risk in Snowflake. This provides teams visibility into Snowflake roles, grants, users, and all identity-related configurations for who can access what data. Wiz CIEM enables you to quickly answer who can access what data and identify risks, such as excessive and admin privileges in Snowflake. 

    • Wiz CSPM scans Snowflake environments against the CIS Snowflake benchmarks to detect any deviations from secure configurations. For example, it identifies misconfigurations such as users who haven't logged in for over 90 days and should be disabled, users with password-based authentication that lack multi-factor authentication (MFA), and more. By continuously scanning your Snowflake environment, Wiz CSPM helps ensure adherence to best practices and minimizes potential configuration risks. 

    Wiz takes it a step further than just identifying Snowflake risks and threats in siloes by correlating the different risks to find toxic combinations that lead to critical sensitive data in Snowflake. For example, the following is an Issue that Wiz detects Snowflake subscription with a user without MFA has access to sensitive data. 

    Wiz correlates information detected about identities, misconfigurations, and data to identify an attack path that poses a critical risk to the environment. Seeing any of these risks in isolation would make it challenging to understand the criticality of this risk. However, the Wiz Security Graph allows organizations to quickly understand the full context around a security risk with easy-to-understand visualization. Teams can dig deeper into the toxic combination and see additional information, such as Cloud Configuration Findings detected on the Snowflake User, review the sensitive data found, and look at risky identity configurations. The combination of risks wrapped into a Wiz Issue makes it clear that this issue must be fixed immediately. 

    Better Together

    Operationalizing security for your Data Cloud 

    The Snowflake Connector helps give security, dev, and SOC teams visibility into the most critical issues in Snowflake. By bringing Snowflake into the same Wiz workflows these teams use to secure existing cloud data stores, organizations can operationalize security in the cloud and move faster by democratizing security across teams. The key benefits of extending Wiz to your Snowflake environment include: 

    • Improve Snowflake security posture: Gain unified visibility into critical Snowflake security risks by correlating across your environment’s data, identity, access, and configuration issues.

    • Prioritize with cloud context: Fix the Snowflake risks that pose the highest threat to your environment by correlating risks from your cloud environment and SaaS platforms, all contextualized on the Wiz Security Graph. 

    • Democratize security: Empower teams to respond to security issues across the cloud using the same context and workflows by leveraging a consistent security platform across CSPs and Cloud SaaS platforms like Snowflake. 

    Get a personalized demo

    Ready to see Wiz in action?

    “Best User Experience I have ever seen, provides full visibility to cloud workloads.”
    David EstlickCISO
    “Wiz provides a single pane of glass to see what is going on in our cloud environments.”
    Adam FletcherChief Security Officer
    “We know that if Wiz identifies something as critical, it actually is.”
    Greg PoniatowskiHead of Threat and Vulnerability Management