Snowflake reimagines email security with Sublime

100%

Success rate blocking attacks in POV

65%

Higher success rate over competitors

The explosion and sophistication of AI-generated email attacks requires a solution that provides best-in-class efficacy, but also the ability to contextualize and respond to threats in real time. With Sublime, our team can prevent, detect, and respond to email-borne threats of today and the future.

Quote headshot

Brad Jones

CISO at Snowflake

Overview

Name

Snowflake

Region

Americas

Industry

Data storage

Protected Mailboxes

10,000+

Email Provider

Want to learn more?

Request Demo

Snowflake, a leading AI Data Cloud provider enabling thousands of global organizations to share data, build applications, and power their businesses with AI, is committed to constantly enhancing its cloud email security posture and using cutting edge solutions particularly to obtain greater visibility into email threats and avoid false positives.

After implementing Sublime, Snowflake observed a decrease in false positives and the overall time spent managing email security.

Sublime gives us the ability to use our email security solution across the organization in ways we previously couldn't. It is easy, effective, and evolves with the threat landscape.

Quote headshot

Haider Dost

Head of Global Threat Detection and Threat Intelligence

the challenge

Snowflake's prior email security solutions, while effective, took a one-size-fits-all approach that did not provide the flexibility that was desired for its sophisticated environment.

When it came to defense in depth controls, the team wanted the ability to customize banners, decode rewritten URLs, perform advanced attachment analysis, and more at the email level to align with the organization’s overall security strategy.

The security team faced growing requests from across their SOC, IT, Threat Intelligence, and Threat Detection teams for greater visibility into the types of email-based threats Snowflake was receiving. They wanted to fully automate their abuse mailbox process but found their previous solution lacked the flexibility and control necessary to achieve meaningful automation.

With Sublime, we're now working with our email security tool, not around it. Plus we're automating more around email security than we previously thought was possible.

Quote headshot

Haider Dost

Head of Global Threat Detection and Threat Intelligence

With Sublime, the team has confidence in their overall email security posture as they are not having to work around their email security solution.  Sublime provides the team with advanced threat detection capabilities and the ability to integrate with existing workflows.

SOlution

Adaptive, transparent, and effective detection from day one

Selection criteria

When exploring new email security solutions, Snowflake identified three critical requirements:

  • Advanced Threat Detection: Effective detection and prevention of sophisticated, targeted email threats out-of-the-box.

  • Abuse Mailbox Automation: Automate the triage, investigation, and remediation of user-reported messages.

  • Control and Transparency: Access to advanced detections without tuning or additional headcount.

These would enable additional defense in depth controls for email and in turn, give the team the ability to extend Sublime into advanced use cases including policy-as-code for streamlined rule management and threat intelligence operationalization.

Snowflake's rigorous selection criteria aimed at significantly improving email threat visibility, operational efficiency, and overall security posture.

The Snowflake team was hands-on with Sublime at the start of the proof of concept (POC), and immediately had historical production data to review Sublime's efficacy.

Sublime’s Proof of Value (POV)

To thoroughly assess Sublime's capabilities, Snowflake’s Security Team conducted a detailed comparison against leading email security solutions. Their Red Team created a representative test of 45 diverse, sophisticated attack types:

  • Malware delivery

  • Link-based phishing

  • Malicious calendar invites

  • Fake forwarded email threads

  • VIP impersonation

The evaluation results were definitive as Sublime had a 100% success rate in blocking attacks and by far exceeded other solutions examined by Snowflake's Security Team.

Phishing is still a top attack vector across the industry and there’s no silver bullet solution. To effectively combat the evolving threat landscape, you need a partner that can empower security teams to build tailored detections for your organization.

Quote headshot

Haider Dost

Head of Global Threat Detection and Threat Intelligence

Results: Enhanced security and control

In the first few months after implementation, Snowflake experienced enhanced security capabilities with Sublime and fewer false positives. The team now benefits from advanced capabilities including:

  • Granular detection and exclusion logic

  • Attack surface reduction by flagging domains from suspicious registrars

  • Advanced threat hunting and backtesting

In addition, Sublime uses a standardized JSON schema to represent email messages with the ability to export to S3. This data can be integrated with Snowflake’s existing security controls such as managed browser settings or splash pages if a user visits an identified suspicious domain.

From a Threat Intelligence perspective, Sublime is offering us a whole new paradigm in detection opportunities and controls. Leveraging Sublime's API, we can push our collections of indicators to include domains, IPs, hashes, etc. to Sublime and have immediate enforcement and blocking in real time.

Quote headshot

Haider Dost

Head of Global Threat Detection and Threat Intelligence

The Threat Intelligence team can now extract Indicators of Compromise (IOCs) from Sublime and feed them into other detections from other data sources.

Seamless integration

Once deployed, the extensibility of the Sublime platform quickly became apparent. The Snowflake team found it straightforward to integrate Sublime with their existing security stack and workflows through open APIs that allowed them to utilize email insights for additional observability.

The relationship with Sublime has proven to be a true partnership. When the Snowflake team observes a new email threat, the Sublime team responds within hours, establishing a built-in feedback loop for continuous improvement.

Across our security organization we value technology and partnership equally. Sublime gives us the best of both worlds.

Quote headshot

Haider Dost

Head of Global Threat Detection and Threat Intelligence

Looking ahead, the Snowflake team has high confidence that Sublime will continue to protect them from evolving email threats, allowing them to focus on other critical security priorities.

see more customer love

Now is the time.

Experience Sublime’s adaptable email security platform and take control of your email environment today.

Get a Demo
Get started
illustration