Arming Analysts for the Era of APIs & AIs

Posted by Leo Meyerovich on Dec 12, 2017
Find me on:

Federal investigators aren’t normally the type to thank you for making their dreams come true. But, as we’ve started sharing Graphistry, that sort of sentiment has become just another week around here.

The details behind how the Graphistry stack is supercharging how analysts work through investigations have started to come out. Last week, we were honored to be on stage at Amazon’s launch of their new Neptune graph database, demoing how Graphistry enables visually investigating it [1]. The next day, Nvidia announced their investment in Graphistry as a key enabler in the GOAI initiative for end-to-end GPU analytics [2]. We are finally taking a breath and starting this blog. The coming articles will help detail our unified vision for the future of interactive investigations, and drill into the individual technologies, platform best practices, and any open source contributions.

blog_image1.gifUsing our GPU-accelerated visuals to quickly spot patterns in a Fortune 500’s daily incidents

Already coming ahead will be exactly what we mean by Visual Analytics Playbooks, and some of our technologies like the notebook library for GPU-accelerated visual graph investigations [3], GPU dataframe components for accelerating the web such as our contributions to Apache Arrow [4], and our now-dominant fork of Falcor [5] for enabling reactive web frameworks to achieve our level of performance and flexibility. Stay tuned as we continue sharing the results from our mission to bring the future of visual investigation technology into a daily reality!

 

The Problem

It took us years of heads-down work with teams to bring data best practices into form factors needed for day-to-day investigations. We’ve come to think about the investigation problem in a more unified way than typical big data / analytics / AI vendors, which has in turn influenced our technology design. The rest of the article digs into our viewpoint on what’s missing.

botnet_demo.gifUsing our Splunk connector and visual analytics playbooks to automatically see an incident map, complete with scope & progression


Some of the most core workflows for teams have remained trouble spots for essentially decades: device 360 views, security incident mapping, network monitoring, tracking transactions, etc. Interestingly, analysts face surprisingly similar data problems across them. Even with a database or SIEM, it’s incredibly frustrating to manually gather and wade through the data from the many tools that generate and process mountains of data. Modern advances like APIs, automation, and AI introduce specific benefits, but are also introducing complicated infrastructure that is even more out of reach for day-to-day analyst needs when working through an issue. Traditional UI tools were not intended to reliably surface key connections for anywhere near this level of modern tooling. The result is that organizations have hit a frustrating wall where, despite having invested great detection tools and recording all their critical data, here we are, wondering whether their executives will be the next ones to get blamed by the press and fired this month.

Graphistry is solving this. We’re helping teams reach a point where, whenever an alert or question gets picked up, any analyst can jump into the corresponding visual workflows in Graphistry for that category, and quickly be run through it. The platform should be working with the team to guide analysts through steps like triage, and seeing the surrounding context such as incident maps, device 360, user 360, and network crossovers. The analyst gets to follow their natural workflow regardless of how many logs, data sources, and APIs needed to be traversed on the backend.  Under the hood, we’re working to take the suck out of gathering the right data, finding the correlations and anomalies, creating visualizations that make sense, and iterating to the next step.

Graphistry is a team of serious and successful technology pioneers on a mission to bring about the future of end-to-end investigations, and have already delivered the first steps with select security and anti-fraud teams. On behalf of everyone at Graphistry, I hope you’ll join us!

Get a Demo

[1] Graphistry on stage at Amazon’s launch of their new Neptune graph database, demoing how to enable visual investigations

[2] Nvidia announced their investment in Graphistry as a key enabler in the GOAI initiative for end-to-end GPU analytics

[3] Graphistry’s notebook library for GPU-accelerated visual graph investigations

[4] Graphistry’s contributions to Apache Arrow for enabling fast data & GPU data interop

[5] Graphistry’s fork of Netflix Falcor to increase speed & flexibility is now the primary project