Use Cases Archives

Real-time Blockchain Fraud Detection

The Problem Real-time linking of transactions, accounts, wallets, and blocks within and across blockchains is not possible with current solutions. Instead, the user must either rely on batch processing, which means results are out of date, or perform recursive lookups across table joins, which means unacceptable latency. The Solution Graph data structures are ideal for modeling the relationships described in blockchain events. Flows of cryptocurrency between accounts and wallets are ideal...

Authentication Fraud

by thatDot | Use Cases

The Problem Metered attacks that generate low volume log-in attempts, from diverse IPs and across extended time frames, are designed to avoid the "3 strikes in 24 hours" business rules in authentication applications and the more complex analysis of log analytics / SIEM platforms. Batch solutions by definition cannot react until after a compromise has occurred while all real-time solutions impose time windows -- any data falling outside these rolling windows, no matter how important, is simply...

Financial Fraud Detection

by thatDot | Use Cases

The Problem Financial fraud detection requires monitoring billions of transactions, devices and users in real-time for suspect behaviors without false positives that alienate customers when service is denied in the middle of a foreign vacation or late night business event. The Solution What is needed is a system that do four things: detect complex patterns of behavior combine multiple sources and scale up to millions of events/sec take the appropriate, user-specified action when patterns are...

Video Observability for Root Cause Analysis

by thatDot | Use Cases

The Problem Real-time video observability that can solve Quality of Experience (QoE) issues while live broadcast events are still playing require the simultaneous monitoring of millions of data points. Video sessions flow across multiple systems including origins, CDNs, manifest services, and players provided by multiple vendors. Relational database approaches to perform this complex log analysis at productions scale run into costs constraints that prohibit comprehensive real-time operations...

Streaming Graph ETL

by thatDot | Use Cases

The Problem Most ETL tools use the batch processing paradigm to find high-value patterns in large volumes of data. Whether the specific business application is fraud detection, cyber security, network observability, e-commerce or ad targeting, batch processing translates into delay. Even if you are processing data in small batches, you are missing opportunities to react to events as they happen and shape outcomes in ways beneficial to your business. A great example is insider trading. The cost...

Log Analysis

by thatDot | Use Cases

The Problem Monitoring systems comprised of multiple services is typically done by monitoring each service individually using it's logs, or on an end to end basis that lacks visibility into the individual performance characteristics of each service. Root cause analysis is usually based on operations personnel instinct and past experience, making automated remediation next to impossible for many use cases. The Solution With thatDot's streaming graph logs and events from servers, operating...

Graph AI

by thatDot | Use Cases

The Problem Pick One. Recent AI research is generating a growing number of graph AI techniques that take advantage of graph data relationships, and the rich context it provides, however production graph data pipelines lack the performance needed to deploy these new tools at scale. Graph AI development promises significant advances for AI application to a range of use cases thanks to the rich data context available from a graph data model. Moving graph AI techniques from the lab to production...

Stateful Digital Twin

by thatDot | Use Cases

The Problem While digital twins and the emerging subcategory of asset graphs promise operators greater visibility into the relationships between IT assets and equipment under management, current approaches are more like snapshots of a point in the past. Events take place in real time, meaning the digital twin is almost always out of date, limiting its utility. Lack of visibility translates into delayed reactions to threats or failure modes. Digital twins are out of step with enterprises...

Real-Time IoB Threat Hunting

by thatDot | Use Cases

The Problem Modern threat detection requires data – lots of data – typically from multiple sources. This brings with it a number of interesting data engineering challenges, especially when we want to materialize that data into a single view and execute analysis in a timely and cost-effective manner. Finding indicators of behavior (IoBs) in real time amplifies already significant challenges: processing enough of the right kind of data from multiple sources in a timely fashion is beyond the...

Advanced Persistent Threat (APT) Detection

by thatDot | Use Cases

The Problem Discovering advanced persistent threats (APT) is, by design, akin to finding a needle in a haystack. The threat actors behind APTs combine multiple tactics, techniques, and procedures (TTP) over extended periods of time to compromise and maintain access to their targets. The IBM Cost of Data Breach Report 2021 reported an average attacker dwell time of 212 days. APTs evade legacy security solutions which rely on time-batched loads of data that filter for Indicators of Compromise...

Real-time AWS CloudTrail Threat Detection

by thatDot | Use Cases

The Problem AWS CloudTrail logs are full of untapped information that can help reduce risk and improve event response times, especially when analyzed in context and in real time. A thatDot cyber security customer seeking to expand their offerings to include threat detection monitoring of AWS CloudTrail logs faced three challenges. They needed to: Reliably identify hard-to-detect insider and external threats using Indicators of Behavior (IoB) analysis Generate highly informative alerts that...