Skip to main content
SIGMA PUBLIC IS LIVEJOIN FOR FREE
Sigma Computing
Security

Unlock Your Data Potential: How to Transform Security Analytics with Sigma and Snowflake

Rahul Gupta
Rahul GuptaHead of Information Security & GRC
Terence Wilson
Terence WilsonSenior Security Engineer
Kelsey Hammock
Kelsey HammockPartner Engineer
Nick Nieves
Nick NievesSecurity Architect Field CTO, Snowflake
June 13, 2024
6 min read
Unlock Your Data Potential: How to Transform Security Analytics with Sigma and Snowflake


Legacy platforms once dictated security architectures, but the rapidly evolving data landscape presents new challenges, outpacing traditional tools and creating a risk of unusable data. As businesses generate more data than ever, cyber engineers face the daunting task of developing a unified tool to meet their organization’s security needs that minimizes friction, can be deployed quickly, and offers comprehensive visibility. But the complexity of these tools coupled with data scattered across multiple locations makes them difficult to navigate and use effectively.

By combining the power of a dynamic and highly customizable analytics platform with the structure and reliability of a data lake, Sigma and Snowflake provide the foundation for robust security analytics against the vast amounts of security data organizations collect.

Sigma and Snowflake have already released the Snowflake Security Monitoring Template in Sigma, which allows Snowflake and Sigma customers to monitor the security of their Snowflake environment including login events, privileged object changes, stale passwords, and more. .. This asset is a great out of the box option for monitoring Snowflake security through Sigma, but by leveraging the two technologies together, security teams can build custom solutions to dive deeper into more robust security workloads across the organization.

Why Snowflake for Data Lake

What is a data lake and why should I use it? A data lake is a single source of truth where data from multiple sources comes together and can be normalized. Snowflake provides storage that enables analysts access to data that is always hot — removing any manual rehydration process for data stored in various stages of ‘cold’ archive. Snowflake’s ability to instantly scale compute resources removes any resource contention issues, and data processing that allows one to pipe data to a single location while also transforming and organizing the data in whatever way will be most useful at nearly unlimited scale. This comes with the added security of being in control of your data from the point it is created to the point it is used for analysis, taking advantage of Snowflake’s powerful native governance features including role based access control and data masking policies

Isolated data silos hinder comprehensive security strategies, making integrated solutions crucial. The single source of truth provided by a security data lake is essential for accurate analysis, quick decision-making, and effective threat detection. By unifying data across the organization, we can equip security teams to better protect against evolving threats.

Why Sigma for Security Insights & Dynamic Analytics

Sigma has long been considered a Business Analytics (BI) tool for data analytics for cloud data warehouses like Snowflake with build-in code free connections and visualizations. Expanding from primary data analytics use cases; Sigma with Snowflake’s Data Lake provides an efficient and cost effective way to build different Cyber Security and Operations use cases.

A computer screen with graphs and numbers on it.
Defensive security relies heavily on the quality of insights derived from your data. Traditional security tools often limit users to a narrow and specific data set but with Sigma, the scope expands to include everything in the data lake for a comprehensive view. Sigma provides a wide range of security analysis models, enhancing meaningful insights and strengthening defenses.
A screen with a graph showing the average and high and low values.
Vulnerability management (VM)

Maintaining individual vulnerability management (VM) tools has historically been a pain point for security teams. Combining Sigma with Snowflake’s Data Lake eliminates the need for specific VM tools and lets organizations combine data from multiple sources like internal ticketing systems, Cloud Security Posture Management (CSPM), Data Security Posture Management (DSPM), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Containers, and External/Internal VM tools, while customizing to fit their needs. With the power of Sigma and Snowflake’s Data Lake, teams can track, prioritize, analyze, and create reports on any vulnerability that may be discovered. This gives teams time to prioritize and resolve issues, while removing the need to constantly refer to the individual tools themselves, saving an organization time and money.

A computer screen displaying a list of information.
Security Analyst Investigations

Sigma, powered by Snowflake’s Data Lake, offers a seamless solution for security investigations. With data from various sources like Identity Providers, Cloud IaaS Providers, Email Gateway, System Audit logs, End-point Detection and Remediation (EDR), Mobile Device Management (MDM) etc. Security teams can conduct a range of investigations within a single Sigma workbook. This provides a comprehensive view of an organization’s data with the ability to take immediate action, from a single, consolidated view. In addition, Mobilizing this security data allows for better reporting and visibility of progress to leadership teams, overall alignment in the security organization of common goals, and better insights into areas of improvement. These insights allow for actionable goals and tracking of performance over time.

A black screen with a message that says
Organizations can leverage Sigma and Snowflake’s Data Lake for many types of investigations, including:
  • Initial Investigation: Combines data using inline functions and multiple critical data sources to provide an instant look at a user’s recent activity.
  • Authentication Breach and Investigation: Correlates data from Identity Providers (IDP), Secure Access Service Edge (SASE), and Password manager to create insightful visualizations and logs, expediting investigations.
  • Social Engineering: Combines data from IDP, Password manager, and Email Security to detect any successful or attempted user compromises.
  • Cloud Activity: Integrate audit logs from multiple Cloud platforms,Network platform, IDP and System logs, Sigma can help to build identification for suspicious or unauthorized activities in the cloud.

Getting Started

Built in Sigma and in collaboration with Snowflake’s security team, the Snowflake Security Monitoring Template helps you answer questions about your Snowflake security, like what authentication methods are being used, who the account admins are, when users last changed their passwords and more. Try it out for yourself!

In a continuation of this blog series, next we will discuss how the Snowflake Data Platform and Sigma can enable Security leaders to alleviate common hurdles in forming data-driven strategies to protect their data and structure processes with governance, risk management and compliance practices.

To learn more about Sigma and Snowflake for specific security workloads, continue to follow us here as we expand this series and dive deeper into Snowflake and Sigma for Security, Risk and Compliance workloads.

Request a demo

FOLLOW SIGMA

Related articles

Why PCI-DSS Compliance Matters For BI And Data Security

Why PCI-DSS Compliance Matters For BI And Data Security

Payment card data has long been a target for attackers, which is why the Payment Card Industry Data Security Standard (PCI-DSS) exists. For years, it has guided organizations that handle credit and debit card information on how to protect sensitive details. While it is often thought of as something only banks or payment processors need to worry about, the truth is broader. Any system that stores, processes, or passes along cardholder data (including business intelligence platforms) may fall within its reach if cardholder information is present.

September 30, 2025
9 min read
How BI And Analytics Fit Into CCRA’s Data Privacy Mandates

How BI And Analytics Fit Into CCRA’s Data Privacy Mandates

As our world becomes increasingly data-driven, data privacy mandates are becoming more complex. While global data regulations like the General Data Protection Regulation (GDPR) are well-known, many are less familiar with more localized laws like the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

August 21, 2025
15 min read
From Compliance To Competitive Advantage: How Modern Data Strategies Are Evolving Globally

From Compliance To Competitive Advantage: How Modern Data Strategies Are Evolving Globally

Data’s value is surging, and so is the demand for compliance in a heavily regulated world. But a forward-thinking data strategy shouldn’t just meet regulatory requirements; it should turn them into a competitive advantage. Many companies have taken steps in this direction but are missing a critical piece that unlocks their data’s full potential. This blog uncovers that piece and explores how to evolve your data strategy to stay ahead of the curve.

November 21, 2024
7 min read

Activate your data warehouse

Stop buying a new tool for every workflow. Build it once on governed data, then scale it across the business.

Start AutomatingSee How Teams Consolidate