Snowflake is upgrading its security posture, giving admins the option to make multi-factor authentication (MFA) mandatory, as well as adding more security customization options and introducing a new platform for monitoring, and enforcing, MFA policies.
Admins will be allowed to decide whether to push MFA on all users, those using Single Sign-On (SSO), or just specific, individual accounts. Furthermore, users that log into their Snowflake accounts will be prompted to activate the new feature. If they decline, they will get another prompt in three days.
Aside from the MFA prompt, Snowflake is also introducing the Snowflake Trust Center, where admins can monitor the adherence to MFA policies. Part of that feature is the Trust Center Security Essentials scanner package, which helps mitigate credential theft issues.
Cybersecurity breaches
“This package looks for MFA compliance, as well as the use of network policies,” the company explained in a blog post. “As the recommended tool for compliance monitoring, it is enabled by default and available free of charge in all Snowflake editions.”
In addition to the scanner package, Snowflake also introduced the Trust Center CIS Benchmark scanner package, which evaluates the account against the CIS Snowflake Foundations Benchmark. These scanners can detect overprivileged users, accounts that haven’t logged in for more than three months, and more.
Snowflake has been at the center of much controversy over the past few months, when it was revealed that a threat actor tracked as UNC5537 used credential stuffing to compromise hundreds of accounts, including some belonging to large enterprises. Ticketmaster, Advance Auto Parts, and LendingTree are just some of the victims.
On the dark web, a hacker with the alias Sp1d3r was offering these databases for sale, with the archives going from $100,000 up to $1.5 million.