The Secret Ingredient in the Alphabet Soup of Cybersecurity

John Cloonan avatar John Cloonan
Alphabet soup of cypher security

This is the first in a series of blogs exploring how the Quine Streaming Graph analytics engine is the secret ingredient in the Alphabet Soup of cybersecurity, enabling faster, more accurate detection of complex threats without compromising on the type or volume of data analyzed, the fidelity of alerts or response time.

The Dilemma of Data in Cybersecurity

As we all know, the letter combinations in cybersecurity continue to grow, sometimes falling out of view, floating just under the surface, and others rising to the top.  These letter combinations include network protection (NDR, NTA, ID/PS), endpoint (XDR, FIM, EPP, EDR, HIPS), or cloud (CWPP, CSPM, and CNAPP). Despite their diversity, these solutions all face a shared challenge: the amount of data they need to analyze and how to go about it.  

Including the correct information in the analysis process is a delicate balance – like that right balance of herbs and spices in our favorite meal.  It is no simple task to determine which data to analyze and how to do it efficiently without the risk of false positives/negatives. The current approach is to look at it in subsets and cohorts, but never holistically.  In some cases, this decision is warranted; the data is irrelevant – that ingredient simply does not go into our meal.  However, this process frequently results in context being left on the proverbial cutting board, and the data so watered down it is useless. 

A New Paradigm: Data Analysis Without Compromise

Imagine the following what ifs: what if we didn’t have to exclude relevant data?  what if you did not need to leave relevant data on the cutting board? what if we could analyze all data for any time – past, present, or future? 

With thatDot’s Quine Streaming Graph, you can continuously analyze real-time and historical data at scale to identify complex patterns and enable your solution to trigger an action within milliseconds. 

This enables product owners to reenvision current features and approaches—moving from periodic batch processing to real-time analytics. For cybersecurity vendors, this changes the game. Instead of relying on batch processing or overlooking key data for speed, you can achieve instant notifications to trigger mitigation and containment routines.

What’s Next?

There are various ways in which we intend to explore adding thatDot to various cybersecurity solutions to see what we can cook up.  Each of these is either not done adequately or only viable with lots of development time, custom code, and homegrown analysis pipelines, such as: 

  • Identifying attack paths
  • Triggering immediate response
  • Continuous enrichment of event data
  • Identify even the most latent of patterns
  • Real-time as well as “point-in-time” visibility
  • Context-Aware Threat Intelligence
  • Real-time MITRE TTP Awareness 

These are problems that can be solved in other ways; however, how long does it take to develop each successive detection pipeline?  Other than time to market, what else are you giving up? It may be avoiding asking too complex a question or inspecting a tiny sliver of time? Or just settling for pseudo and “near” real-time analysis?  Let’s explore Quine, drop some of those qualifiers, and make something great!

Learn More

Check out these resources:

  1. Are You Ready for Low and Slow Auth Attacks Blog Post
  2. Quine for cybersecurity and fraud use cases
  3. Download Quine