Fabrizio Di Carlo’s Post

Recent events underscore the critical need to focus on security in SaaS environments like #snowflake and #databricks, especially following the unauthorized access incidents affecting some Snowflake customers. Identity lies at the heart of these challenges. Explore our latest blog to discover how to assess and protect your Snowflake environments: https://lnkd.in/eJVfUk-T #saassecurity #cybersecurity #cloudsecurity

Want to know more about securing your data in Snowflake? Check out 'Trace3's Guide to Snowflake Security: Best Practices and Insights' by Asher Lohman. https://lnkd.in/gki-zdXX #snowflake #cybersecurity #dataanalytics

In the light of recent news related to increased cyber threat activity targeting some customer-managed Snowflake accounts I believe many teams have started revising their security configuration and how their accounts are protected. It’s nice to see that Snowflake has introduced a tool which helps with this activity and is able to scan your account to find possible vulnerabilities. It also provides recommendations how to mitigate them. ❄️ The tool is called 𝗧𝗿𝘂𝘀𝘁 𝗖𝗲𝗻𝘁𝗲𝗿. The account scanning is based on packages which contain set of security checks. Currently there is available one package provided directly by Snowflake. It is called CIS Benchmarks. It’s set of industry-recognized best practices and security configurations intended to keep Snowflake accounts secure. It contains 39 checks including following ones: 🔎 Checking whether SSO is enabled 🔎 Checking whether local login is disabled for SSO users 🔎 Checking whether MFA is enabled for users with password based authentication 🔎 Checking whether inactive users are disabled 🔎 Checking whether external stages are protected with stored integration and many more… 🧑💻 You can provide custom scheduling settings how often would you like to run all those checks and receive the report. Provided report contains recommendation how to mitigate the risk together with detailed information about the violation (e.g. list of users without MFA, etc.) It’s great to have this bundled into standalone feature as you do not have to think about what everything you should have under monitoring and implement it. 👏 However I can imagine some improvements like: ✅ Possibility to disable some checks which are not relevant for you - e. g. SCIM integration if you do not use it ✅ Possibility to provide custom configuration for some checks - e.g. I do not really need to have 90 days time retention for critical data.  ✅ Possibility to integrate custom checks, packages. Maybe you have list of your own custom checks and it would be nice to have all of it under one UI. There might be checks which are not relevant for you but you will still see them as violation. I would rather have an option to disable or modify them. 💯 How to you like this? Have you tried it yet? Find the links for more info in comments. 👇 #data_superhero #snowflake_advocate

🔒 Snowflake Breach: Key Takeaways and How Our Tech Could Have Helped The recent Snowflake breach has been making headlines, with initial reports suggesting that the details of 560M Ticketmaster customers were leaked. At first, it seemed to be a direct breach of Snowflake, affecting multiple customers who had to initiate incident response. 🚀 How Our Encryption Tech Could Have Helped: 1️⃣ Data Encryption: Snowflake customers could encrypt all their data before sending it to Snowflake. 2️⃣ Untrusted Cloud Model: Treat Snowflake as an untrusted cloud provider, acting only as a dumb data processor. 3️⃣ Breach Mitigation: Ensures a breach of Snowflake’s systems wouldn’t reveal customer information. However, the actual attack was much simpler: attackers used infostealer malware to find valid user credentials for Snowflake accounts. These accounts lacked MFA and network ACLs restricting access. Shockingly, Snowflake doesn’t provide controls to mandate org-wide MFA. Mandiant reported that at least 165 organizations were affected, providing a detailed diagram of the breach mechanism. 🔑 Updated Insights: ✅ Key Material Protection: If the key material isn’t exposed when user credentials are compromised, attackers can’t access plaintext data. ✅ Noise in Decryption: Even if key material is exposed, decrypting generates numerous data access events, making the attack noisy and easier to detect. The Snowflake breach underscores the importance of both multi-factor authentication and modern encryption approaches in safeguarding sensitive information. Our technology offers these critical layers of protection to ensure your data remains secure, even in the face of sophisticated — or in Snowflake's case, unsophisticated — attacks. #CyberSecurity #DataProtection #Encryption #Infosec #SnowflakeBreach #MFA #TechInnovation #CloudSecurity

Snowflake issued a warning over the weekend that a "limited number" of its customers have been singled out as part of a targeted credential theft campaign.     Given the critical nature of data in Snowflake databases, many organizations are evaluating their security posture around credentials, secrets, and other critical data like PII/PHI.    Below are the controls Varonis provides for Snowflake, which you can evaluate during our free security posture assessment.   ➡ Enforcing MFA: Identify Snowflake users without MFA, including those with elevated permissions. ➡ Identifying sensitive data exposure: Understand what users can do with critical data and where it is overexposed. Identify data published on the Snowflake marketplace or exported to public stages in AWS, Azure, or GCP ➡ Monitoring network access: Validate network settings and monitor user activity to detect threats across Snowflake and your cloud environment. ➡ Reviewing sign-in activities: Isolate compromised accounts by monitoring historical sign-ins from public IPs and blocking suspicious geolocations or applications In just 15 minutes, Varonis can provide these insights. DM me if interested. #DataSecurity #CyberSecurity #Data

There's been a lot of talk about breaches of Snowflake accounts and who should be responsible. In this week's newsletter, I give my thoughts on this topic and broadly about who should be responsible for product security in a SaaS world. https://lnkd.in/gawDc-Tu #cybersecurity #snowflake #breach

Recent security events have emphasized the critical need for robust measures to protect your data. As a leading provider of cybersecurity and data analytics solutions, Trace3 is dedicated to offering best practices for safeguarding valuable company data. Our VP of Data & Analytics, Asher Lohman, has authored a comprehensive guide on Snowflake security, detailing the platform's robust features and best practices to ensure data protection. In partnership with Snowflake, Trace3 is committed to helping organizations enhance their security posture. I encourage you to read Asher's insightful guide to learn how to effectively leverage Snowflake's security features to protect your data. https://lnkd.in/dXXW2gdc

Check out the Trace3 guide to Snowflake security!