Blogs
August 3, 2025 / August 3, 2025 by Jonathan Rau | Leave a Comment
Introduction How do all of these self-congratulating posts start, again? Oh right, “in the ever-changing security threat bad guy landscape, data is the new oil or diamond pickaxe!” Cynicism aside, I will continue to shout from the rooftops: the most important asset and skillset that a security organization needs to develop is data. Data engineering […]
Read more »
July 29, 2025 / July 29, 2025 by Jonathan Rau | Leave a Comment
Introduction Azure Data Explorer (ADX) in an interactive, fully managed Exploratory Data Analysis (EDA) platform hosted on the Microsoft Azure cloud. ADX enables analysts to onboard datasets natively into ADX, from object storage such as Blob and ADLSv2, select databases, and Delta Lake tables. From there, analysts can further transform data and/or analyze and visualize […]
July 29, 2025 / July 30, 2025 by Jonathan Rau | Leave a Comment
Introduction The Cloud Native Application Protection Platform (CNAPP) category represents a consolidation of the cloud security space. Namely, Cloud Security Posture Management (CPSM), Cloud Workload Protection Platform (CWPP), and Cloud Detection & Response (CDR), with some additional capabilities also covered. One of the earliest in the CNAPP category is Lacework, acquired by Fortinet and rebranded […]
July 8, 2025 / July 8, 2025 by Jonathan Rau | Leave a Comment
Cyber threats are “always on”. No matter what countermeasures you have – be they in the form of environment-specific detection or prevention capabilities – firstline tools are hardly ever enough to counter salient threats to your business. One function quietly powers our most agile defenses, speeds up response times, and slashes false positives: Detection Engineering. […]
June 24, 2025 / June 24, 2025 by Jonathan Rau | Leave a Comment
Introduction Security teams are building more flexible architectures that prioritize data control, speed, and scale. Snowflake has emerged as a strategic data platform for security use cases, especially when combined with federated capabilities from Query that enable rapid analysis, detections, and investigations directly against Snowflake’s tables and views, without the need for data duplication or […]
June 3, 2025 / June 3, 2025 by Jonathan Rau | Leave a Comment
Complexity is the enemy of modern Security Operations (SecOps). Everyday, new product categories are born and with it they bring more and more datasets, some of them are very pertinent and some of them are duplicative. Data volumes continue to grow even from incumbent tools, and security teams are stuck holding the bag – often […]
May 27, 2025 / May 27, 2025 by Jonathan Rau | Leave a Comment
Introduction For security leaders at larger enterprises, MSSPs, MDRs, holding companies, and private equity firms, the complexity of multi-tenant security environments can be a back breaker. Whether driven by strategic M&A activity or supporting a diverse portfolio of subsidiaries or customers, organizations grapple with overlapping security tech stacks, siloed data pipelines, and fragmented detection workflows. […]
May 14, 2025 / May 14, 2025 by Jonathan Rau | Leave a Comment
Introduction Query Federated Security provides Security Operations (SecOps) teams and other observability, operations, and security teams with visibility and utility by bringing analytics, detections, search, and query translation to their data. Query Federated Security has over 45 Connectors as of this writing and we are continuously adding more to best serve our customers and stay […]
May 12, 2025 / May 12, 2025 by Jonathan Rau | Leave a Comment
Introduction Delta Lake is one of the three popular open table formats data lakehouses, and is an ideal choice for managing security telemetry at scale. It brings ACID compliance, schema enforcement, and performance optimizations to cloud storage, making it a strong fit for security data operations. When writing data to Amazon S3 using Delta Lake, […]
May 6, 2025 / May 6, 2025 by Jonathan Rau | Leave a Comment
Introduction For almost as long as Hadoop Distributed File System (HDFS) could mount S3 buckets, data lakes (then simply called data warehouses) were built on Amazon S3. Though you could argue the phenomenon stretches even further back, with S3 a popular durable storage location for raw and archival data for big data and security teams […]
