Snowflake reimagines email security with Sublime

Overview

Snowflake, a leading AI Data Cloud provider enabling thousands of global organizations to share data, build applications, and power their businesses with AI, is committed to constantly enhancing its cloud email security posture and using cutting edge solutions particularly to obtain greater visibility into email threats and avoid false positives.

After implementing Sublime, Snowflake observed a decrease in false positives and the overall time spent managing email security.

The Challenge

Snowflake's prior email security solutions, while effective, took a one-size-fits-all approach that did not provide the flexibility that was desired for its sophisticated environment.

When it came to defense in depth controls, the team wanted the ability to customize banners, decode rewritten URLs, perform advanced attachment analysis, and more at the email level to align with the organization’s overall security strategy.

The security team faced growing requests from across their SOC, IT, Threat Intelligence, and Threat Detection teams for greater visibility into the types of email-based threats Snowflake was receiving. They wanted to fully automate their abuse mailbox process but found their previous solution lacked the flexibility and control necessary to achieve meaningful automation.

With Sublime, the team has confidence in their overall email security posture as they are not having to work around their email security solution.  Sublime provides the team with advanced threat detection capabilities and the ability to integrate with existing workflows.

The Solution: Adaptive, transparent, and effective detection from day one

Selection criteria

When exploring new email security solutions, Snowflake identified three critical requirements:

1. Advanced Threat Detection
   Effective Detection and prevention of sophisticated, targeted email threats out-of-the-box.
2. Abuse Mailbox Automation
   Automate the triage, investigation, and remediation of user-reported messages.
3. Control and Transparency
   Access to advanced detections without tuning or additional headcount.
   

These would enable additional defense in depth controls for email and in turn, give the team the ability to extend Sublime into advanced use cases including policy-as-code for streamlined rule management and threat intelligence operationalization.

Snowflake's rigorous selection criteria aimed at significantly improving email threat visibility, operational efficiency, and overall security posture.

The Snowflake team was hands-on with Sublime at the start of the proof of concept (POC), and immediately had historical production data to review Sublime's efficacy.

Sublime’s Proof of Value (POV)

To thoroughly assess Sublime's capabilities, Snowflake’s Security Team conducted a detailed comparison against leading email security solutions. Their Red Team created a representative test of 45 diverse, sophisticated attack types:

• Malware delivery
• Link-based phishing
• Malicious calendar invites
• Fake forwarded email threads
• VIP impersonation

The evaluation results were definitive as Sublime had a 100% success rate in blocking attacks and by far exceeded other solutions examined by Snowflake's Security Team.

Seamless integration

Once deployed, the extensibility of the Sublime platform quickly became apparent. The Snowflake team found it straightforward to integrate Sublime with their existing security stack and workflows through open APIs that allowed them to utilize email insights for additional observability.

The relationship with Sublime has proven to be a true partnership. When the Snowflake team observes a new email threat, the Sublime team responds within hours, establishing a built-in feedback loop for continuous improvement.