Blogs
October 2, 2025 / October 2, 2025 by Jonathan Rau | Leave a Comment
Introduction The security industry at-large likes to brand data as “the new oil”, or more frequently, as “gravity”. I disagree. Data is mass, like super dense tungsten ore or cobalt-based alloys like Inconel. The only way we can move these large masses of ore is via heavy machinery and heavy logistics, the analogue to that […]
Read more »
September 11, 2025 by Jonathan Rau | Leave a Comment
Introduction AI SOC. Autonomous SOC. LLMs for Security Analysts. You’ve seen it, we’ve seen it, there is something there, but the industry hasn’t nailed it yet. Security lives and dies on data. If your data foundation is weak, no amount of AI will help, and it is beyond a shadow of a doubt that there […]
September 10, 2025 / September 11, 2025 by Jonathan Rau | Leave a Comment
Introduction A core tenet of the Query Security Data Mesh is providing operators access to data, wherever it lives. Whether the relevant data is behind an EDR API, in Azure Data Explorer, or Snowflake, our Mesh allows you to interact with decentralized and distributed data sources as if they were centralized. Another tenet of the […]
August 3, 2025 / August 3, 2025 by Jonathan Rau | Leave a Comment
Introduction How do all of these self-congratulating posts start, again? Oh right, “in the ever-changing security threat bad guy landscape, data is the new oil or diamond pickaxe!” Cynicism aside, I will continue to shout from the rooftops: the most important asset and skillset that a security organization needs to develop is data. Data engineering […]
July 29, 2025 / July 29, 2025 by Jonathan Rau | Leave a Comment
Introduction Azure Data Explorer (ADX) in an interactive, fully managed Exploratory Data Analysis (EDA) platform hosted on the Microsoft Azure cloud. ADX enables analysts to onboard datasets natively into ADX, from object storage such as Blob and ADLSv2, select databases, and Delta Lake tables. From there, analysts can further transform data and/or analyze and visualize […]
July 29, 2025 / July 30, 2025 by Jonathan Rau | Leave a Comment
Introduction The Cloud Native Application Protection Platform (CNAPP) category represents a consolidation of the cloud security space. Namely, Cloud Security Posture Management (CPSM), Cloud Workload Protection Platform (CWPP), and Cloud Detection & Response (CDR), with some additional capabilities also covered. One of the earliest in the CNAPP category is Lacework, acquired by Fortinet and rebranded […]
July 8, 2025 / July 8, 2025 by Jonathan Rau | Leave a Comment
Cyber threats are “always on”. No matter what countermeasures you have – be they in the form of environment-specific detection or prevention capabilities – firstline tools are hardly ever enough to counter salient threats to your business. One function quietly powers our most agile defenses, speeds up response times, and slashes false positives: Detection Engineering. […]
June 24, 2025 / June 24, 2025 by Jonathan Rau | Leave a Comment
Introduction Security teams are building more flexible architectures that prioritize data control, speed, and scale. Snowflake has emerged as a strategic data platform for security use cases, especially when combined with federated capabilities from Query that enable rapid analysis, detections, and investigations directly against Snowflake’s tables and views, without the need for data duplication or […]
June 3, 2025 / June 3, 2025 by Jonathan Rau | Leave a Comment
Complexity is the enemy of modern Security Operations (SecOps). Everyday, new product categories are born and with it they bring more and more datasets, some of them are very pertinent and some of them are duplicative. Data volumes continue to grow even from incumbent tools, and security teams are stuck holding the bag – often […]
May 27, 2025 / May 27, 2025 by Jonathan Rau | Leave a Comment
Introduction For security leaders at larger enterprises, MSSPs, MDRs, holding companies, and private equity firms, the complexity of multi-tenant security environments can be a back breaker. Whether driven by strategic M&A activity or supporting a diverse portfolio of subsidiaries or customers, organizations grapple with overlapping security tech stacks, siloed data pipelines, and fragmented detection workflows. […]
