A data lake is an unstructured repository of data that allows for the storage of different data types from different sources. Depending on the requirements, a typical organization will require both a data warehouse and a data lake as they serve different needs and use cases. A data warehouse is a database optimized to analyze relational data coming from transactional systems and lines of business applications. The data structure and schema are defined in advance to optimize for fast SQL queries, where the results are typically used for operational reporting and analysis. Data is cleaned, enriched, and transformed so it can act as the “single source of truth” that users can trust.
A data lake is different because it stores relational data from line of business applications, and non-relational data from mobile apps, IoT devices, and social media. The structure of the data or schema is not defined when data is captured. This means you can store all your data without careful design or the need to know what questions you might need answers for in the future. Different types of analytics on your data like SQL queries, big data analytics, full-text search, real-time analytics, and machine learning can be used to uncover insights.
As organizations with data warehouses see the benefits of data lakes, they are evolving their warehouse to include data lakes, and enable diverse query capabilities, data science use-cases, and advanced capabilities for discovering new information models. Gartner names this evolution the “Data Management Solution for Analytics” or “DMSA.”
Threat hunters and intelligence analysts can gather data from sources such as Red Sky Alliance and use it by itself, correlate it with their own internal data, netflow data, or with data from another Snowflake Data Provider. Companies no longer have to rely on one data source to provide intelligence and can now leverage data from the Red Sky Alliance Cyber Threat Analysis Center (CTAC). Snowflake is not another high-priced contract that overloads the security team. Users only pay for the computing resources they use, so small, medium, and enterprise customers alike can scale the use CTAC threat intelligence as part of their security operations using an affordable pricing structure.
Customers can leverage Red Sky Alliance’s valuable data without having to pay for licensing costs or annual subscriptions. With access to the same CTAC breach data, malicious email, phishing, sinkhole, and other data sets, users have the option to use the Snowflake platform, putting defenders in a much better position to keep employees safe. This information can help consumers detect, investigate, and respond to cyber incidents which may not otherwise have been identified. There are tens of millions of indicators of compromise (IoC’s) available for customers to identify security compromises and threats such as keylogger and botnet activity. Companies can identify threats facing their customers, supply chain, and employees and the portability of the data in Snowflake allows customers to leverage IoC’s to prevent or mitigate cyber-attacks. With the power of the Snowflake Data Lake, Red Sky Alliance customers can be sure that they have maximum visibility into the threats facing their company.
CTAC on Demand service on Snowflake CTAC on Demand
CTAC services: CTAC — Wapack Labs
At Red Sky Alliance, we can help cyber threat teams with services beginning with cyber threat notification services, and analysis.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
Comments