Security at AWS Scale: How We Process Terabytes of Logs with Zero Servers to Manage

How do you build a security platform that ingests terabytes of logs daily, runs real-time threat detection, and deploys seamlessly across SaaS, cloud-connected, and self-hosted environments—all without managing a single server?

In this session, we’ll take you inside Panther, a cloud-native SIEM built entirely on AWS serverless technologies. You’ll learn how we leverage Lambda and Fargate with dynamic compute selection, S3, DynamoDB, and SQS to build a resilient log processing pipeline and achieve true tenant isolation with dedicated AWS accounts per customer.

We’ll then dive into our deployment automation—an single, unified pipeline that provisions everything from AWS accounts via Organizations to Snowflake data warehouses, handling three distinct deployment models (SaaS, cloud-connected, and self-hosted).

Whether you’re building your own serverless data platform or just curious about running production security infrastructure at scale, this session offers practical insights from a real-world system processing massive amounts of security data every day.

Key Takeaways:

• Designing serverless architectures for high-volume data ingestion
• Multi-single tenant isolation patterns on AWS
• Automating complex deployments using Windmill and CodeBuild