Graph Event Stream Processing

Reduce mean time to detect (MTTD)

thatDot was developed in a DARPA research project to catch low and slow attacks such as advanced persistent threats (APT), the most difficult to catch because the first part of their pattern of attack and the last could be separated by months. Not limited to time windows like every other event processor, thatDot remembers all partial pattern matches ever found. Within milliseconds of a data point completing the threat signature pattern, that match is responded to, sent downstream, shown in monitoring alerts, or sent as a Slack message to the person who needs to see it.

The results are fast detection of fraud or intrusion—often well within breakout time for new intrusions, within milliseconds of exfiltration even for low and slow intrusions and living off the land attacks.

Reduce mean time to contain (MTTC)

Processing streaming data in real time makes for real-time forensics. Quickly investigate and locate the new threat signature. Figure out exactly how the intruder got in, how long they’ve been there, what damage they did, and lock them out fast. Every minute that goes by with a bad actor loose in your infrastructure has a high dollar cost.

The shorter the loss window, the less money a breach costs your customer.

Constant false positive alerts cause burnout and let real attacks slip by under the noise.

New is not always novel. thatDot Novelty uses context awareness across your data streams to accurately tell the difference. The built-in proprietary AI learns the contextual fingerprint of your data environment without needing data labeling or other labor intensive training. It spots which things don’t belong with a level of accuracy that will let overworked cybersecurity people stop wasting their time on false alarms.

Cybersecurity threat signatures are constantly at least one breach behind. Real-time anomaly detection catches bad actors, even if they use an approach you’ve never seen before. Useful for:

• Threat Hunting
• Anomaly Detection
• Insider Threat Detection
• Fraud Detection

Event stream processor + graph analytics = find relationships fast

With thatDot, find relationships between multiple streaming data sources at once (Apache Kafka, Kinesis, SQS,…) plus batch files for context, without the resource cost of excessive joins. Resolve duplicates, intelligently filter out unneeded information, and find threat signatures in real time. You can also do what graph data structures are best at, analyzing categorical data and the relationships between them, without the long delay and inaccuracy of first turning that data into numbers in a database before you analyze it.

Deep relationship analysis that only graphs do well like fraud detection, entity resolution, cyber threat detection, and risk analysis are now possible at event processor speeds.

• Entity and User Behavior Analytics (EUBA)
• Dynamic Digital Twins
• Fraud detection
• Tainted Funds Tracking

Analyze your mountains of data

Machine data such as network, logs, sensors, etc. is too much for graph databases to handle. There is no known limit to how much data thatDot can handle. Unlike graph databases, thatDot software can distribute the workload across a cluster, even supernodes with hundreds of thousands of edges. But while thatDot software scales indefinitely, your budget doesn’t. thatDot only needs about 300 MB of RAM, and the recipe examples can all be run on the smallest raspberry pi made, ideal for deploying near the edge for IoT use cases that require smart filtering.

High scale, low resource requirements.

Rich APIs and standard Cypher graph query language

Embedding thatDot graph event stream processing in your applications or dropping it into your streaming data pipelines is straightforward. Data streams in. Answers stream out. No special tech or skills required. The built-in backpressure systems keep you from losing data or overwhelming downstream applications. The graph data model eliminates issues with out of order data. You can interactively explore the dynamic graph with ad hoc queries as it changes. See graph and query results in the UI, or in the visualization tool of your choice.

If a standing query finds something interesting, you can:

• Send the results downstream to applications, monitoring, or messaging systems.
• Feed back and add that information to the dynamic graph for more exploration.
• Trigger additional queries.