July 10, 2024 at 12:52PM
Mandiant’s report linked data thefts to Snowflake account intrusions due to lacking multi-factor authentication controls. In response, Snowflake now offers a mandatory MFA option and a new authentication policy. The Snowflake Trust Center and security scanner packages are now available, aiming to promote MFA adoption and secure configurations. Snowflake denies responsibility for certain intrusions but is working to address the security issues.
Based on the meeting notes, the key takeaways are:
1. Snowflake is implementing a mandatory multi-factor authentication (MFA) option for admins in response to recent data thefts linked to Snowflake account intrusions. This new authentication policy is available for all users of a Snowflake account and can be applied to local users, single sign-on (SSO) users, or on a user-by-user basis.
2. The Snowflake Trust Center (STC) has been announced, providing a framework for customers to monitor compliance with MFA policies. Additionally, two packages within STC, the Security Essentials scanner package and the CIS Benchmarks scanner package, have also been made generally available.
3. Snowflake is promoting individual compliance for MFA adoption by prompting users without MFA to enable it through Snowsight, the web interface. The app-based MFA solution is powered by Duo and is the only option for customers.
4. Snowflake has denied responsibility for the recent intrusions at companies such as Ticketmaster and Santander, attributing them to attacks following a former employee’s credentials being used by a malicious third party. The number of organizations impacted by the Snowflake saga, as reported by Mandiant, is approximately 165, though it’s unclear if this number has increased.
These takeaways provide a clear summary of the important updates and developments discussed in the meeting.