Notes from the Trenches

Security is in the midst of a transformation that is putting extreme pressure on security analysts and hunt teams. One shift that is causing teams a lot of pain in their daily work is that as threats have gotten more sophisticated, security products have gotten much less sure of themselves. Security products increasingly detect the “anomalous” and report threats on a sliding scale of confidence. Not only must staff deal with advanced threats, but they must spend an increasing amount of time navigating the grey areas and ambiguities of modern threat detections to determine and deliver the right actions.

Welcome to the  Age of Maybe, where it is critical that we arm analysts for dealing with the indicators that are diverse, widespread...and uncertain.

Today, Verizon released the 2018 edition of the Data Breach Investigation Report, and the Graphistry team is proud to have been able to contribute to the report. In fact, the cover of the report is a stylized and simplified version of our graph analysis that you can see on page 56 of the report!

The Graphistry team is excited to report: production-grade open GPU compute is coming to JavaScript with the Apache Arrow[JS] project and GOAI. We have been contributing to these projects because they are big enablers for the web. In our case, that means we can build best-of-class visual fastpaths for security and fraud teams struggling to investigate through tools like Splunk, Elastic, and Hadoop.

O'Reilly's Data Show recently had our CEO, Leo Meyerovich, on to talk about why and how enterprises and data teams are adopting graph technology. You can check it out here where we dive into how we are using graphs as an interface to AI tools & data. 

Meanwhile, our team is on the move. Let us know if you'll be near one of our upcoming talks and events - we love catching up with current & new users!

Ron Gula's (ex-Tenable CEO) fireside chat at the NYC Infosec Meetup got serious when he questioned whether to optimize security team efficacy vs. efficiency. This dovetailed beautifully with our tech talk right before.  When we explain visual playbooks, people quickly see how they cut MTTR, which in turn gets at both efficacy and efficiency. This has led us to think about what KPIs to focus on, so I ended up presenting a different take: focus on reliability... and an actionable KPI around that, playbook coverage.

Image: Leo sharing visual playbook best practices

A key part of making big data useful is figuring out how to deliver the massive power of GPUs to  standard commodity browsers in a way that is both fast and interactive. This is a major area of innovation for us at Graphistry, and we recently got a chance team up with our friends over at Dremio to talk about how we are using Apache Arrow to change how data is visualized in the browser.  Take a look and let us know what you think.

Amazon is investing heavily in graph technologies, which is worth paying attention to. Between launching Neptune and the likely acquisition of Sqrrl (on top of other security acquisitions!), they’ve been busy.  For our users and those interested in the broader space, we thought it’d help to share our perspective. Graphistry’s mission is to power the next generation of investigation and visualization technologies, so we’ve been quite active on adjacent problems.

Federal investigators aren’t normally the type to thank you for making their dreams come true. But, as we’ve started sharing Graphistry, that sort of sentiment has become just another week around here.