Cybersecurity Insights

Best Practices to Secure and Audit your Snowflake Deployment

Best Practices to Secure and Audit your Snowflake Deployment

Introduction

On May 20, 2024, Live Nation disclosed unauthorized activity in its third-party cloud database environment, identified as Snowflake, in an SEC filing. The compromised database contained information primarily from Ticketmaster. Subsequently, data from multiple Snowflake clients, including Santander Group, surfaced on the Dark Web for sale. This breach, traced back to stolen credentials from a Snowflake employee’s ServiceNow account through the Lumma Stealer campaign in October 2023, highlights the critical need for robust security measures in cloud environments.

Background

Snowflake, a leading cloud-based data warehousing platform, is renowned for its ability to manage extensive data storage and processing needs. Its scalable architecture is a favourite among industries for integrating data from diverse sources, facilitating powerful data-driven insights and advanced analytics.

Recently, Snowflake noticed a surge in cyber threat activity targeting some customer accounts. This activity is part of a broader, industry-wide identity-based attack aimed at accessing customer data using compromised user credentials. Investigations indicate that these credentials were exposed through unrelated cyber incidents. To date, there is no evidence suggesting any vulnerability, misconfiguration, or malicious activity within the Snowflake product itself.

Recommendations

To safeguard your Snowflake deployment, follow these best practices:

  1. Network Security:
    • Implement network policies to restrict access to known bad IP ranges (shared here by Snowflake.)
    • Use private connectivity options like AWS PrivateLink or Azure Private Link.
    • Ensure firewall settings allow only authorized client applications to connect to Snowflake.
  2. Identity and Access Management (IAM):
    • Enforce multi-factor authentication (MFA) for all accounts.
    • Use SCIM for managing users and roles where possible.
    • Rotate credentials regularly and use complex passwords managed by Privileged Access Management platforms.
  3. Data Encryption:
    • Utilize Snowflake's built-in encryption features and consider using customer-managed keys (CMK) for additional security.
    • Enable periodic rekeying if your organization requires it.
  4. Monitoring and Auditing:
    • Regularly audit login and query history using Snowflake’s ACCOUNT_USAGE schema.
    • Set up alerts in your Security Incident and Event Management (SIEM) platform and Cloud Monitoring solutions for unusual activity, such as logins from new locations or changes in user roles.
  5. Session Management:
    • Reuse sessions to maintain performance and close connections when no longer required.
    • Avoid using CLIENT_SESSION_KEEP_ALIVE unless necessary.

If you need any support with securing your Snowflake, don’t hesitate to This email address is being protected from spambots. You need JavaScript enabled to view it. Axon Technologies.

How Axon Technologies Can Help

Axon Technologies offers comprehensive cybersecurity services to enhance the security of your Snowflake deployments:

  • Technical Security Consulting & Advisory: Guidance and expertise for technical cybersecurity programs.
  • Advanced Security Testing: Rigorous cybersecurity testing across the environment to identify and address vulnerabilities.
  • Security Engineering & Architecture: Designing and implementing robust security architectures across on-premises and cloud environments.
  • Managed Security Services: Ongoing management and support of cybersecurity operations.
  • Incident Response: In the event of a breach, our incident response team swiftly mitigates the impact, investigates the cause, and aids in recovery.

Conclusion

Protecting your Snowflake deployment is crucial in today’s threat landscape. By implementing best practices recommended by Axon Technologies for network security, IAM, data encryption, and monitoring, you can significantly reduce the risk of data breaches.

Partner with Axon Technologies to ensure your organization’s data remains secure and resilient against cyber threats. For more detailed insights and tailored solutions, contact Axon Technologies today.