Omer Singer, Director of Security at Snowflake Computing, speaks about how Agari Phishing Defense has kept their company safe from executive impersonation attacks and much more.
Well, I'm Omer Singer, I'm Director of Security at Snowflake. Snowflake is a cloud based data warehouse, which means companies put very large amounts of data in the data warehouse and we help them to analyze it and get insights from all that data.
When I joined Snowflake, we had an existing email security solution and we had several challenges with it. We had email attacks coming through, specifically executive impersonation, so we had people on an almost daily basis receiving emails pretending to be coming from certain executives. Previously we were relying on static rules that would match based on certain terms, certain conditions and so the security team also needed to spend time getting familiar with this other security solutions, rules engine, defining the rules, tuning the rules. So there was a lot of upkeep and still we would see the emails getting through on an almost daily basis.
And when we turned on Agari, there was a few days of learning and once the learning had finished, we instantly saw results. Emails were flagged as being executive impersonation. And we set a policy saying, once Agari recognizes that an email is part of this executive impersonation type of attack, to just block it, to just put it in the spam so that the person doesn't receive that email. And we went from having these attacks reported to us on an almost daily basis to going months between one of these attacks being reported. So my team really appreciated all the extra time that they got and the fact that they didn't need to tune rules anymore, but rather that Agari's machine learning models just identified these executive impersonation emails and blocked them.
Snowflake is a multi-cloud solution. And so we have to automate our security efforts, but the attacks that target the people, that's where we get help from Agari Phishing Defense. At Snowflake, we're lucky enough not to have legacy email infrastructure and my team doesn't need to worry about having mail servers on prem. We're all in the cloud and we do use G Suite and Google does have some levels of protection. So Agari IS sort of an additional layer of protection for us. Some of the attacks will be flagged by G Suite, but then Agari looks at other things that G Suite doesn't look at and we'll sort of classify and also let us apply policies to block attacks that match those policies. So, sort of working hand in hand. I would say with the protections that we get from G Suite.
There were a few differences in how Agari compares to other security solutions that we use. The first one is that Agari just sort of works, which was nice because of machine learning capabilities that are in the solution. Once it learned what is typical for us, we were able to start getting value without a lot of involvement from the security team though we are able to add additional rules and policies when we do have issues. And it's, I think it's always possible that some security control is going to have issues at some point. So when we did have any issues, we were able to reach out to the Agari team and it did feel like they were a part of our security team because we told them, hey, we're seeing this issue. We're seeing this email attack and we were able to get assistance, whether it was creating a rule to help block that attack or give us guidance on why certain things were getting to our employees.