Startup Spotlight: Dassana and the Future of Security Control Effectiveness Reporting
Welcome to Snowflake’s Startup Spotlight, where we learn about awesome companies building businesses on Snowflake. In this edition, we’re digging into cybersecurity with Parth Shah, Co-Founder and Head of Product at Dassana, as he discusses the power of operationalizing security data, why you need to consider security data lakes, and how Snowflake gave Dassana an agility upgrade.
What inspires you as a founder?
I am inspired by the power of data and how it can be used to solve complex problems. From a young age, I have been fascinated by the idea of tracking and analyzing information to improve efficiency and productivity. This passion for data has driven me to build a company that empowers organizations to maximize their security control effectiveness by providing them with the insights they need to make informed decisions.
But my fascination with data extends beyond just professional pursuits. In my personal life, I track my habits and activities to gain insights into my own behavior and make positive changes. This drive to constantly improve and optimize is what motivates me to push the boundaries of what is possible with data.
Ultimately, what inspires me as a founder is the opportunity to make a real impact on the world by leveraging the power of data and technology. By helping organizations operate more securely and efficiently, we can contribute to a safer, more prosperous future for everyone.
What problem does Dassana aim to solve?
Dassana means “insight,” and that’s what we strive to offer our customers: better insight into their security. Our mission is to address the challenge of ineffective security controls and the resulting heightened risk for enterprises. With a deep understanding of the cybersecurity industry and a commitment to leveraging data, we strive to enhance security control effectiveness. Recognizing that many organizations struggle to operationalize their security tools, we offer a solution that normalizes data, adds organizational context, and attributes data to its rightful owners. By ensuring the effective use of security tools, we help reduce residual risk and lower the total cost of ownership.
What’s the coolest thing you’re doing with data?
Traditional security posture assessments often lack the necessary operational insight to provide a complete, up-to-date, and accurate picture of an enterprise's security posture. At Dassana, our mission is to deliver a holistic, actionable, and accurate approach to security control effectiveness, one that CISOs can trust.
One of the innovative ways we’re achieving this is by connecting the dots between various security scanners and attributing the resulting information to the right business units, while also determining the criticality of the issues found. This helps us gain a deep understanding of the most pressing security concerns, and whether they are being addressed on time.
To help organizations respond effectively to security incidents, we’ve developed a security behavior score, similar to a credit score, that tracks how well they are handling security issues, both at an organizational and business unit level. By improving this score, organizations can be confident that they have the right processes in place to handle any security eventuality.
How has Snowflake enabled you to push the envelope in your line of business?
Enterprises incur huge economic and operational costs due to the siloed nature of data. This problem applies equally to all the security tools that support their own proprietary database. That has to change in order to give enterprises a holistic view of exposure across all attack surfaces so they can improve their ability to prioritize and resolve per SLA goals.
Furthermore, the past decade has seen tremendous growth in data and business intelligence, and we believe the same is about to happen in the realm of security. As a result, a security data lake is becoming increasingly vital for large enterprises to cut through the noise and extract meaningful insights. At Dassana, we have been strong believers in the power of the security data lake and built our own using Clickhouse. However, we soon realized that the sheer amount of data engineering required to run a security data lake for a large enterprise is no small feat.
That's where Snowflake comes in. We recently decided to move to Snowflake’s Data Cloud and have been amazed by the capabilities it provides.
With Snowflake, Dassana has been able to significantly reduce the amount of time it takes to onboard customers and deliver value to them. Previously, setting up and managing a security data lake for a large enterprise was a complex and time-consuming process that required significant engineering resources. With the Snowflake Data Cloud, we can now quickly manage a security data lake for our customers at scale, freeing up valuable engineering resources for other core business initiatives.
Snowflake’s ease of use and scalability has also enabled Dassana to rapidly iterate and innovate on product offerings, quickly responding to customer feedback and market changes. This agility has been crucial in helping us stay competitive in a rapidly evolving security landscape.
Overall, Snowflake’s ability to accelerate time to market has been a game changer for Dassana, allowing us to onboard customers faster, innovate more quickly, and stay ahead of the curve in the highly competitive security industry.
How did you decide which architecture to use when implementing Snowflake?
We decided to support both the connected and managed models for implementing Snowflake. The connected model is recommended for customers who already use Snowflake for business intelligence or security and want to own their data and have all of it in the same place. This approach allows multiple tools to work together and deliver the best insights possible.
On the other hand, for customers who want to get started with a security data lake quickly but don’t want to manage it, we offer the managed model where we manage the full stack. Whenever these customers want to build a larger security data lake strategy across multiple tools, we help them move to the connected model. The feedback we’ve received from customers has been positive, with many appreciating the flexibility and scalability of both models.
What’s the most valuable piece of advice you got about how to run a startup, and where did it come from?
The most valuable piece of advice I received about running a startup is to prioritize people, product, and profits—in that order. This advice comes from Ben Horowitz’s book, The Hard Thing About Hard Things, which has been instrumental in guiding our startup—especially during the pandemic when external factors affected the market.
For us, focusing on people means ensuring that everyone working at Dassana is fully invested in the company’s success and has everything they need to do their job effectively. We prioritize our customers and spend time listening to them and learning from them. This helps us identify areas where we can improve our product and partnerships.
Product development is an ongoing process, and we’ve learned to adapt to our customers’ needs over time. For instance, we recently changed our security data lake implementation after listening to feedback from customers. As part of product development, we also look for partnerships that can create synergy and a win-win situation for everyone involved.
Finally, profits. We believe that by taking care of our people, product, and processes, we’ll be able to achieve profitability faster.
Now that you’ve been in the founder’s seat for a while, what’s something you’ve learned that you wish you’d known earlier?
One lesson I learned the hard way was the importance of delegation. As a founder, it can be tempting to want to be involved in every aspect of the business, especially in the early stages. However, I quickly realized that this approach was not sustainable as we grew and scaled. I found myself becoming overwhelmed and unable to effectively manage all the tasks and responsibilities on my plate.
It was only when I started delegating tasks to other team members and trusting them to take ownership and responsibility that I was able to free up my own time and focus on the areas where I could provide the most value. This allowed me to better prioritize and make more strategic decisions for the company.
Looking back, I wish I had recognized the importance of delegation earlier and implemented it more effectively. It would have saved me a lot of stress and allowed me to be more effective as a leader.
What’s next for you? What role will Dassana play in the security industry’s future?
We believe that security control effectiveness reporting should be a proactive, ongoing process that empowers organizations to stay ahead of threats and protect their assets. By providing an intuitive and easy-to-use platform that integrates with leading security tools, Dassana aims to make security control effectiveness a central component of any security strategy. Our goal is to help organizations reduce risk; increase resilience; and ensure the confidentiality, integrity, and availability of their data as the cybersecurity landscape continues to evolve.