thatDot Graph Event Stream Processing

APT detection engine powering the next generation of cybersecurity technology

What thatDot Does

Graph Event Stream Processing

thatDot, the creators of Quine OSS, present the world’s first streaming graph analytics engine. Funded by Crowdstrike, developed for eight years in a DARPA project for advanced persistent threat (APT) detection, thatDot is the first and only graph event stream processor.

“APT detection used to be impossible. Now, it’s automatic.”
– Ryan Wright, CEO and Founder, thatDot

Cybersecurity

Developed by DARPA specifically to combat tough threats like advanced persistent threats (APTs) and insider threats, use thatDot to power your next-gen cybersecurity applications and architectures.

LEARN MORE

Financial

The same tech that powers next-gen cybersecurity, lets you reduce mean time to answers (MTTA) and exposure windows. Use real-time analysis of financial data to reduce risk analysis intervals to seconds, not hours or days, and turn fraud detection into fraud prevention.

LEARN MORE

Other Industries

Rapid deep analysis of mountains of data is a need in many industries. thatDot software helps you with entity resolution, smart filtering on data pipelines, digital twins, and even edge analytics. Any use case that requires deep graph analysis at event data processing speed needs thatDot.

LEARN MORE

What Do You Get From thatDot

Real-Time Deep Analysis at Scale

thatDot Streaming Graph is an event stream processor that finds the relationships between multiple data streams and analyzes that dynamic graph in real time.

Respond fast to catch threats

Reduce mean time to detect (MTTD)

thatDot was developed in a DARPA research project to catch low and slow attacks such as advanced persistent threats (APT), the most difficult to catch because the first part of their pattern of attack and the last could be separated by months. Not limited to time windows like every other event processor, thatDot remembers all partial pattern matches ever found. Within milliseconds of a data point completing the threat signature pattern, that match is responded to, sent downstream, shown in monitoring alerts, or sent as a Slack message to the person who needs to see it.

The results are fast detection of fraud or intrusion—often well within breakout time for new intrusions, within milliseconds of exfiltration even for low and slow intrusions and living off the land attacks.

Shrink loss windows with real-time forensics

Reduce mean time to contain (MTTC)

Processing streaming data in real time makes for real-time forensics. Quickly investigate and locate the new threat signature. Figure out exactly how the intruder got in, how long they’ve been there, what damage they did, and lock them out fast. Every minute that goes by with a bad actor loose in your infrastructure has a high dollar cost.

The shorter the loss window, the less money a breach costs your customer.

Reduce false positives to near zero

Constant false positive alerts cause burnout and let real attacks slip by under the noise.

New is not always novel. thatDot Novelty uses context awareness across your data streams to accurately tell the difference. The built-in proprietary AI learns the contextual fingerprint of your data environment without needing data labeling or other labor intensive training. It spots which things don’t belong with a level of accuracy that will let overworked cybersecurity people stop wasting their time on false alarms.

Cybersecurity threat signatures are constantly at least one breach behind. Real-time anomaly detection catches bad actors, even if they use an approach you’ve never seen before. Useful for:

Threat Hunting
Anomaly Detection
Insider Threat Detection
Fraud Detection

Analyze user and entity behavior in real time

Event stream processor + graph analytics = find relationships fast

With thatDot, find relationships between multiple streaming data sources at once (Apache Kafka, Kinesis, SQS,…) plus batch files for context, without the resource cost of excessive joins. Resolve duplicates, intelligently filter out unneeded information, and find threat signatures in real time. You can also do what graph data structures are best at, analyzing categorical data and the relationships between them, without the long delay and inaccuracy of first turning that data into numbers in a database before you analyze it.

Deep relationship analysis that only graphs do well like fraud detection, entity resolution, cyber threat detection, and risk analysis are now possible at event processor speeds.

Entity and User Behavior Analytics (EUBA)
Dynamic Digital Twins
Fraud detection
Tainted Funds Tracking

Scale virtually without limits

Analyze your mountains of data

Machine data such as network, logs, sensors, etc. is too much for graph databases to handle. There is no known limit to how much data thatDot can handle. Unlike graph databases, thatDot software can distribute the workload across a cluster, even supernodes with hundreds of thousands of edges. But while thatDot software scales indefinitely, your budget doesn’t. thatDot only needs about 300 MB of RAM, and the recipe examples can all be run on the smallest raspberry pi made, ideal for deploying near the edge for IoT use cases that require smart filtering.

High scale, low resource requirements.

Develop thatDot-powered OEM applications or enterprise data pipelines fast

Rich APIs and standard Cypher graph query language

Embedding thatDot graph event stream processing in your applications or dropping it into your streaming data pipelines is straightforward. Data streams in. Answers stream out. No special tech or skills required. The built-in backpressure systems keep you from losing data or overwhelming downstream applications. The graph data model eliminates issues with out of order data. You can interactively explore the dynamic graph with ad hoc queries as it changes. See graph and query results in the UI, or in the visualization tool of your choice.

If a standing query finds something interesting, you can:

Send the results downstream to applications, monitoring, or messaging systems.
Feed back and add that information to the dynamic graph for more exploration.
Trigger additional queries.

Commercial Products

thatDot streaming graph analytics and machine learning-driven anomaly detection

Query the future with thatDot Streaming Graph

thatDot Streaming Graph queries the graph join of multiple data streams letting you find threat signatures and other patterns of interest without time window limitations that hamper all other event stream processing engines. This makes it uniquely well-suited to finding advanced persistent threats (APTs) and other cybersecurity threats. It’s also exceptional at real-time risk analysis, fraud detection, entity resolution, anomaly detection, digital twins, and smart filtering of edge data and other large datasets as they stream in.

Learn More

Find unknown hidden problems with thatDot Novelty

Novelty has a proprietary built-in AI designed to find the unknown unknowns in your data as it streams in. No training or data labeling is needed. As data streams in, the AI develops a contextual fingerprint of your specific data. With this contextual awareness, it reduces false positives to near zero, and provides an explanation for each ranking. Use it for cybersecurity to find insider threats, or new threats with no known threat signature. It also works well for finding well-hidden fraud. You know there are important things hiding in your data. thatDot Novelty can help.

Learn More

Testimonials

What people are saying

CrowdStrike and thatDot share a commitment to bringing speed and efficiency to data pipeline development teams through real-time, critical analysis of telemetry. The thatDot platform unlocks value for these teams, enabling them to understand and act upon massive amounts of data quickly and confidently.

Michael Sentonas

Chief Technology Officer

I see this as a shift from reactive to proactive security. This is the holy grail. Everyone is talking about active defense with XDR, quarantining, and so on. This is a good step in that direction because by being proactive, you’re reducing the window of opportunity for the bad actors and nation states.

Mark Lynd

Ranked #1 Global Thought Leader for Security
by Thinkers360

In event stream processing, there’s always this concept of a window. That window is bounded for a certain time and then it slides or it tumbles. For thatDot, there are no windows, because windows constrain you and you may have a late arriving transaction maybe hours or weeks later. There are a whole host of use cases that simply cannot be reasonably addressed by existing technology.

Sanjeev Mohan

Principal, SanjMo & Former Gartner Research VP, Data & Analytics

Find all the people who interacted with this fraudulent account in the last hour. With a traditional solution, you’re not going to get there. You can run reports. It’s going to take hours. You just won’t get there. Whereas this, because it is graph oriented and you’re noticing all these nodes and edges and you’re constantly streaming, that’s the kind of question you get an answer to quickly.

Eric Kavanagh

AI Analyst and Syndicated Radio Host

thatDot Platform’s advanced Novelty Scoring for categorical data features is the future of anomaly detection. It’s speed powers our new real-time services while also significantly reducing false-positive findings for our customers.

Gery Szlobodnyik

CTO

The security industry is headed towards leveraging knowledge graphs of all the relevant evidence provided by threat groups, network indicators and endpoint artifacts to quickly identify and mitigate threats. The security companies that can most confidently extract relevant context from these graphs and then immediately act on findings to mitigate threats will be the winners. This is exactly the problem Quine aims to address.

Evan Wright

Staff Data Scientist