Vendor blueprint · partnership
Dremio + VAST Data — Zero Trust cyber lakehouse
Announced May 2, 2024. A jointly-marketed "Zero Trust" cyber lakehouse: Dremio's SQL engine and semantic layer over VAST Data's all-flash DataBase, with OCSF normalization via Dremio Reflections, ABAC access controls, and protocol audit logging aligned to federal M-21-31. Compatible with SQL-speaking SIEM and visualization tools (Splunk, QRadar, Grafana, Elastic). A partnership and product pattern — no named production security deployment disclosed.
What ships today
Dremio connector for the VAST DataBase; OCSF mapping via Reflections; ABAC and fine-grained access controls; VAST protocol audit logging for M-21-31; the C3 columnar cache behind the "sub-second" query claims; bi-directional Dremio–Splunk integration. GA products on both sides.
What isn't shown
No named production security deployment, no measured outcomes, no published security metrics. "Sub-second" is a product claim, not a benchmarked result on a security workload. HIPAA / SOC 2 / ISO 27001 are Dremio's platform certifications, not a validated cyber deployment.
What it changes for architects
It's the on-prem / hybrid answer to the cloud-native security lakehouses — all-flash storage plus an Iceberg-compatible SQL engine, OCSF on read, for shops that can't or won't go cloud-only. The M-21-31 audit-logging angle is the genuine differentiator for federal buyers.
The honest critique
A real, coherent pattern with no public validator yet. It graduates toward a teardown the day a named production deployment with measured outcomes exists; until then, treat it as vendor-proposed and pilot on your own telemetry.
Sources: Dremio + VAST Data "Zero Trust data lakehouse" announcement (2024-05-02) · Dremio blog "Why a Cyber Lakehouse — Dremio & VAST Data" · Dremio / VAST partnership pages.