On Amazon’s Growing Graph Capabilities with Neptune’s Launch & Sqrrl Acquisition

Posted by Leo Meyerovich on December 21, 2017


Amazon is investing heavily in graph technologies, which is worth paying attention to. Between launching Neptune and the likely acquisition of Sqrrl (on top of other security acquisitions!), they’ve been busy. For our users and those interested in the broader space, we thought it’d help to share our perspective. Graphistry’s mission is to power the next generation of investigation and visualization technologies, so we’ve been quite active on adjacent problems… including with Amazon.

Neptune Launches

At Reinvent, Amazon launched their first Graph-Database-as-a-Service, Neptune. This is an especially big deal because Neptune is also the first managed graph database by a top 3 cloud provider. Graph databases help power a variety of technologies, and the ones Graphistry cares about are investigative. Think cybersecurity, anti-fraud, market analysis, netops, devops, etc. The Amazon Neptune team invited Graphistry to join them on-stage at Reinvent, where we were delighted to share what we have been seeing and doing in this space:


Graphistry+Neptune teams demoing
graph-powered investigations at Amazon Reinvent

Over the coming year, we expect to see many teams to start leveraging Neptune. For security, especially so alongside existing traditional SIEM tools — think Splunk, ElasticSearch, Hadoop systems, etc. The fraud story is similar and just as compelling. We have been seeing several top uses already:

  • 360 maps around key events and entities, like incidents, accounts, and devices. Graphistry has been turning best practices here into visual software that is smart, fast, and comprehensive, so stay tuned for our coming posts introducing visual analytics playbooks!
  • Decrease daily alert whack-a-mole through incident grouping & prioritization. See the video segment on the emerging trend of Enterprise Correlation Services. Matt Swann, on The Microsoft Office 365 Security blog, wrote up a great example of their first steps here.
  • Power smarter automated response. Graph DBs can accelerate queries like 360 neighborhoods, triangle counting, and shortest-path that feed into automated decision systems. Initially, we expect to see headless use much more in fraud, where it is already a growing norm.

As teams roll out graph data infrastructure, we’ll be excited to help with the problem of getting graph capabilities into the hands of more of their analysts.

Farewell to Sqrrl; Long Live Sqrrl!

We’ve watched Sqrrl, a suite of tools for analysts performing advanced threat hunting — including security analytics, a Hadoop cluster, and a graph-based active hunting UI — grow up from their roots as a NSA spinout. We’re already missing how David Bianco’s think pieces would easily trigger internal Slack discussions on what our easy visual playbook reinterpretation would look like, or if we could enable seeing more through our GPU visualizations. Sqrrl’s founders and employees merit a true tip of the hat for beating the drum on active hunt methodology!

For teams now needing to address a holiday surprise around the resulting platform risk in their visual tooling capabilities, Graphistry may be a shortcut: it can plug directly into wherever your data and compute already is, no matter if that is cloud or on-premise, nor whether it is Hadoop, Splunk, ELK, or anything else with an API. We would be happy to see about getting you up quickly. Our tech solves investigation visibility and workflow problems all the way down to your Tier 1, not just hunt, so at least there’ll be a silver lining.

To all the graphistas at Amazon, old and new, congrats from the Graphistry team, good luck with your future endeavors, and we look forward to the next time we’re in Seattle!