Example of an announcement banner goes here
Click here
thatDot half circle logo
Search
Get Started
Try for Free
thatDot half circle logo
Products
Streaming Graph

Analyze streaming data with the power of graph analysis.
Novelty

Find important data fast with an anomaly detecting AI in an event stream processor

Novelty for AWS

Isn’t it great to do something you can’t fail at? Just use the old one inch brush.
Solutions
Use Cases
Industries
Can't find the solution you need?

Check the hub for an organized searchable list

View Hub
Resources
Blog

Read articles and announcements
White Papers

Information and analysis for your needs
Data Sheets

Gain insights into the real data and reports
Need to discover more?

Browse everything on our Resource Hub

View Hub
Newsroom

Stay up to date with all of thatDot’s latest news stories and press releases.
Events

Find out where thatDot will be next with the latest events and webinars
Pricing
Company
About Us

Learn about the history of thatDot and the leadership team.
Careers

Apply for a challenging, fun job at an up and coming company.
Contact Us

Ask thatDot to learn more or speak to a representative.
Help Center
Streaming Graph
Novelty
View All Docs
View All How-To Videos
Support

Get in touch with our support team for any questions not answered in our help center.

Contact Us

Join our community on

Join Now
Get Started
Try for Free
Use Case
  • XDR
  • Cybersecurity

Advanced Persistent Threat (APT) detection

  • The Problem

    Discovering advanced persistent threats (APT) is, by design, akin to finding a needle in a haystack. 

    The threat actors behind APTs combine multiple tactics, techniques, and procedures (TTP) over extended periods of time to compromise and maintain access to their targets. 

    The IBM Cost of Data Breach Report 2023 reported an average attacker mean time to identify or discover (MTTI, MTTD) of 204 days. Some bad actors remain in systems for over a year without discovery. 

    APTs do this by evading legacy security solutions which rely on time-batched loads of data that filter for Indicators of Compromise (IoC), aka Indicators of Behavior (IoB) by executing incremental actions spread across numerous systems at rates that exceed batch analysis size and time window boundaries that other cybersecurity depends on. APT detection requires a new approach.

    Image

  • The Solution

    Matured within DARPA's Transparent Computing program specifically for the APT detection, Streaming Graph and Novelty work together to efficiently uncover the behaviors that indicate advanced persistent threats.

    Quine’s graph data model uses categorical data other systems ignore and excels at correlating individual events occurring in their billions/trillions across devices, software and services over any time period to find the behavior patterns (Indicators of Behavior or IoBs) that represent malicious activity.

    When patterns are detected, Novelty can then apply its categorical anomaly detection techniques to identify when a string of related actions represents a novel/anomalous behavior, greatly reducing false positives.

    Streaming Graph provides commercial support and licensing for Quine at scale on a distributed cluster, with namespaces for basic multi-tenancy. You can add real-time behavior-based APT detection to your stack with confidence.

    thatDot's core technology underpinning Streaming Graph and Novelty was developed in partnership with DARPA. Read more about thatDot's origin and some examples of using Novelty to detect cloud data exfiltration and credential theft.

    Image

Key Value Delivered

  • Quine + Novelty Detector detect both known and emerging behavioral patterns in a single workflow.

  • Joins multiple data sets to enable real-time identification of attack behaviors across domains

  • Identify behaviors over extended time periods using incremental streaming analysis (not batch)

  • Native support for categorical data simplifies operations and provides human-readable alerts for analysts

  • STIX Compliant, real-time detection of Indicators of Behavior (IoBs) and generation of STIX message events

Recent posts

  • Blog Posts
  • Event Driven Architecture

Microservice Hell: The State of the Art in Streaming Services

Discover how thatDot's Streaming Graph simplifies data processing, automating scalability and resilience for high-value insights through real-world examples....
  • Streaming Graph
Read More
  • Blog Posts
  • Categorical Data

4 Advantages to Streaming Analytics in Graph Form

Discover how streaming analytics in graph form revolutionizes data analysis, offering instant insights, deep relationships, and categorical data analysis....
  • Streaming Graph
Read More

Start building

Read the docs

Get the help documentation, getting started guides, and recipe examples.

Read More

View the demos

See thatDot in action, and see how it’s used.

Read More

Join our community

Meet with other thatDot users on Discord, trade tips, and ask questions.

Read More
Testimonials

What people are saying

thatDot Platform’s advanced Novelty Scoring for categorical data feature is the future of anomaly detection. Its speed powers our new real-time services while also significantly reducing false-positive findings for our customers.

Gery Szlobodnyik

CEO

The security industry is headed towards leveraging knowledge graphs of all the relevant evidence provided by threat groups, network indicators and endpoint artifacts to quickly identify and mitigate threats. The security companies that can most confidently extract relevant context from these graph and then immediately action on findings to mitigate threats will be the winners. This is exactly the problem Quine aims to address.

Evan Wright

Staff Data Scientist

See for yourself

If you think Streaming Graph or Novelty might be for you, contact us to see them in action.
Request a Demo