Panther: Agility, Speed and Scalability for Modern Security Teams

By Will Griffith, Ben Bernstein, Tengbo Li And Murali Joshi | December 2, 2021

Source: Panther

In recent years, the cloud has transformed cybersecurity. Even as SaaS and the adoption of cloud infrastructure have resulted in new threat vectors, entrepreneurs have leveraged the cloud’s scale and speed to innovate new security products in areas such as endpoint and application security. Until recently though, security information and event management (“SIEM”)—a strategic priority for most security teams and one of the largest areas of security spend in the enterprise—has stayed stagnant. That’s why we were captivated by the vision of Panther founder and CEO Jack Naglieri who set out to develop a modern SIEM built on cloud-native architecture for an increasingly cloud-centric world. In the two years since we first met Jack, Panther has not only launched a powerful security platform but also exhibited one of the fastest growth trajectories we have seen in a security company. We are thrilled about ICONIQ Growth’s partnership with Jack and the entire Panther team.

Panther’s origin story began when Jack was a security engineer at Airbnb where he developed a homegrown security alerting tool to overcome the challenges he faced using traditional SIEM products to analyze activity across IT infrastructure. Jack and his team were grappling with alert fatigue resulting from the proliferation of applications and data, costs spiraling out of control in lockstep with the amount of data ingested by the SIEM, and a lack of compatibility with public cloud infrastructure and SaaS applications such as AWS, Okta, and Slack. Additionally, they found traditional SIEMs struggling to scale, preventing teams from quickly pinpointing and resolving issues when security incidents inevitably occur.

Panther was developed initially to address these limitations. Built on serverless, cloud-native infrastructure, Panther is, we believe, much more scalable, reliable, and economical than traditional options. The platform’s security data lake can ingest and analyze multiple terabytes of data per day, enabling security teams to identify the who, what, where, why, and how of security incidents in even the highest volume data environments within minutes instead of hours or days. The platform is integrated with a growing number of modern applications and cloud infrastructure resources, automatically capturing anomalous behavior in the corresponding activity logs of identity access management products, videoconferencing tools, S3 buckets, and much more. We have heard exceptional and energizing customer feedback about Panther’s speed, performance, and flexibility.

We were even more impressed that despite starting with what we believe are clear product advantages, Panther has always sought to remain at least three or four steps ahead of the market. For example, when initial architectural decisions did not enable the tremendous level of scalability to which Jack aspired, the company executed quickly to instead build the company’s data lake on Snowflake. Just as importantly, Panther developed a Python-based interface to empower security engineers to customize their alerting pipelines in a framework Panther has billed “Detection-As-Code,” driving far greater accuracy and contextual understanding of the user’s environment than the prebuilt alerts that are common in the SIEM category.

Reinforcing our excitement around Panther is the company’s opportunity to ascend beyond the SIEM category. We believe that Panther has the potential to become—in a more fundamental sense—the platform for security data, one that enables security teams to work with data in the fastest, most flexible way without having to worry about time-consuming operations work. The security data lake underlying Panther already creates extensive possibilities for what security teams can achieve. We think that Panther will lead the evolution in how modern security teams leverage data to drive greater visibility and efficacy across all their key activities, including prevention, detection, investigation, and remediation.

We have been enormously impressed with Panther’s execution to date, as well as the leadership and core values of its team. And now, we are excited to partner with Jack, Shvet, Joren, Erik, Hiro, William, Emily, Dan, and the whole of Panther to reinvent cybersecurity for our future in the cloud.