Sublime gives us the ability to use our email security solution across the organization in ways we previously couldn't. It is easy, effective, and evolves with the threat landscape.
.png){kind=icon}
Overview
Snowflake, a leading AI Data Cloud provider enabling thousands of global organizations to share data, build applications, and power their businesses with AI, is committed to constantly enhancing its cloud email security posture and using cutting edge solutions particularly to obtain greater visibility into email threats and avoid false positives.
After implementing Sublime, Snowflake observed a decrease in false positives and the overall time spent managing email security.
The Challenge
Snowflake's prior email security solutions, while effective, took a one-size-fits-all approach that did not provide the flexibility that was desired for its sophisticated environment.
When it came to defense in depth controls, the team wanted the ability to customize banners, decode rewritten URLs, perform advanced attachment analysis, and more at the email level to align with the organization’s overall security strategy.
The security team faced growing requests from across their SOC, IT, Threat Intelligence, and Threat Detection teams for greater visibility into the types of email-based threats Snowflake was receiving. They wanted to fully automate their abuse mailbox process but found their previous solution lacked the flexibility and control necessary to achieve meaningful automation.
With Sublime, the team has confidence in their overall email security posture as they are not having to work around their email security solution. Sublime provides the team with advanced threat detection capabilities and the ability to integrate with existing workflows.
The Solution: Adaptive, transparent, and effective detection from day one
Selection criteria
When exploring new email security solutions, Snowflake identified three critical requirements:
- Advanced Threat Detection
Effective Detection and prevention of sophisticated, targeted email threats out-of-the-box. - Abuse Mailbox Automation
Automate the triage, investigation, and remediation of user-reported messages. - Control and Transparency
Access to advanced detections without tuning or additional headcount.
These would enable additional defense in depth controls for email and in turn, give the team the ability to extend Sublime into advanced use cases including policy-as-code for streamlined rule management and threat intelligence operationalization.
Snowflake's rigorous selection criteria aimed at significantly improving email threat visibility, operational efficiency, and overall security posture.
The Snowflake team was hands-on with Sublime at the start of the proof of concept (POC), and immediately had historical production data to review Sublime's efficacy.
Sublime’s Proof of Value (POV)
To thoroughly assess Sublime's capabilities, Snowflake’s Security Team conducted a detailed comparison against leading email security solutions. Their Red Team created a representative test of 45 diverse, sophisticated attack types:
- Malware delivery
- Link-based phishing
- Malicious calendar invites
- Fake forwarded email threads
- VIP impersonation
The evaluation results were definitive as Sublime had a 100% success rate in blocking attacks and by far exceeded other solutions examined by Snowflake's Security Team.
Seamless integration
Once deployed, the extensibility of the Sublime platform quickly became apparent. The Snowflake team found it straightforward to integrate Sublime with their existing security stack and workflows through open APIs that allowed them to utilize email insights for additional observability.
The relationship with Sublime has proven to be a true partnership. When the Snowflake team observes a new email threat, the Sublime team responds within hours, establishing a built-in feedback loop for continuous improvement.
.avif)
