Notes from the Trenches

Incident responders and threat hunters are often facing a bit of an analytical catch-22. They typically have access to more and higher fidelity data sources than ever before, yet the volume and complexity of the data can often make it hard to see the point that matters.

Graph visualization has proven to be powerful for investigating almost any type of data, and most recently the team at Graphistry was able to help in uncovering a massive Ethereum heist on two of the world’s most popular DApps (distributed applications).

Learning to Whitebox the SOC-in-a-Box

Even as organizations automate their security operations with orchestration and AI, some of the most important parts of security investigations continue to depend on human analysis and talent. These critical moments in the investigation remain frustratingly slow, and need categorically different technologies that are optimized for human-in-the-loop analysis.

Security is in the midst of a transformation that is putting extreme pressure on security analysts and hunt teams. One shift that is causing teams a lot of pain in their daily work is that as threats have gotten more sophisticated, security products have gotten much less sure of themselves. Security products increasingly detect the “anomalous” and report threats on a sliding scale of confidence. Not only must staff deal with advanced threats, but they must spend an increasing amount of time navigating the grey areas and ambiguities of modern threat detections to determine and deliver the right actions.

Welcome to the  Age of Maybe, where it is critical that we arm analysts for dealing with the indicators that are diverse, widespread...and uncertain.

Today, Verizon released the 2018 edition of the Data Breach Investigation Report, and the Graphistry team is proud to have been able to contribute to the report. In fact, the cover of the report is a stylized and simplified version of our graph analysis that you can see on page 56 of the report!

The Graphistry team is excited to report: production-grade open GPU compute is coming to JavaScript with the Apache Arrow[JS] project and GOAI. We have been contributing to these projects because they are big enablers for the web. In our case, that means we can build best-of-class visual fastpaths for security and fraud teams struggling to investigate through tools like Splunk, Elastic, and Hadoop.

O'Reilly's Data Show recently had our CEO, Leo Meyerovich, on to talk about why and how enterprises and data teams are adopting graph technology. You can check it out here where we dive into how we are using graphs as an interface to AI tools & data. 

Meanwhile, our team is on the move. Let us know if you'll be near one of our upcoming talks and events - we love catching up with current & new users!

Ron Gula's (ex-Tenable CEO) fireside chat at the NYC Infosec Meetup got serious when he questioned whether to optimize security team efficacy vs. efficiency. This dovetailed beautifully with our tech talk right before.  When we explain visual playbooks, people quickly see how they cut MTTR, which in turn gets at both efficacy and efficiency. This has led us to think about what KPIs to focus on, so I ended up presenting a different take: focus on reliability... and an actionable KPI around that, playbook coverage.

Image: Leo sharing visual playbook best practices

A key part of making big data useful is figuring out how to deliver the massive power of GPUs to  standard commodity browsers in a way that is both fast and interactive. This is a major area of innovation for us at Graphistry, and we recently got a chance team up with our friends over at Dremio to talk about how we are using Apache Arrow to change how data is visualized in the browser.  Take a look and let us know what you think.

Amazon is investing heavily in graph technologies, which is worth paying attention to. Between launching Neptune and the likely acquisition of Sqrrl (on top of other security acquisitions!), they’ve been busy.  For our users and those interested in the broader space, we thought it’d help to share our perspective. Graphistry’s mission is to power the next generation of investigation and visualization technologies, so we’ve been quite active on adjacent problems... including with Amazon.