Example of an announcement banner goes here
Click here
Search
Get Started
Try for Free
Products
Streaming Graph

Analyze streaming data with the power of graph analysis.
Novelty

Find important data fast with an anomaly detecting AI in an event stream processor

Novelty for AWS

Isn’t it great to do something you can’t fail at? Just use the old one inch brush.
Solutions
Use Cases
Industries
Can't find the solution you need?

Check the hub for an organized searchable list

View Hub
Resources
Blog

Read articles and announcements
White Papers

Information and analysis for your needs
Data Sheets

Gain insights into the real data and reports
Need to discover more?

Browse everything on our Resource Hub

View Hub
Newsroom

Stay up to date with all of thatDot’s latest news stories and press releases.
Events

Find out where thatDot will be next with the latest events and webinars
Pricing
Company
About Us

Learn about the history of thatDot and the leadership team.
Careers

Apply for a challenging, fun job at an up and coming company.
Contact Us

Ask thatDot to learn more or speak to a representative.
Help Center
Streaming Graph
Novelty
View All Docs
View All How-To Videos
Support

Get in touch with our support team for any questions not answered in our help center.

Contact Us

Join our community on

Join Now
Get Started
Try for Free
Use Case
  • XDR
  • Cybersecurity, Financial

Real-time AWS CloudTrail threat detection

  • The Problem

    AWS CloudTrail logs are full of untapped information

    This can help reduce risk and improve event response times, especially when analyzed in context and in real time. A thatDot cyber security customer seeking to expand their offerings to include threat detection monitoring of AWS CloudTrail logs faced three challenges. They needed to:

    • Reliably identify hard-to-detect insider and external threats using Indicators of Behavior (IoB) analysis
    • Generate highly informative alerts that low-tech customers could understand and act on
    • Shorten development cycles on new products
    Typical use cases for their new product would include identifying both existing employees misusing credentials to access restricted resources and outsiders using valid but compromised credentials. This combines two of the toughest cyber-security challenges in the industry.

  • The Solution

    Finding New Emerging Threat Behaviors, In Real-time

    The team at thatDot solved the client's threat detection problem with the first modern threat-hunting stack to combine real-time identification of unknown or emerging threats. Using both Novelty Detector and an event processing system that can instantly identify known patterns and act on them (Quine Enterprise). Novelty Detector is a new graph AI technique built on the Quine streaming graph that uses categorical data from events (e.g. IP addresses, file names, file paths, API call types) in order to understand the context within which user and system actions take place. This rich context is used to evaluate behaviors in order to identify novel behaviors in real time, with a notably low incidence of false positives.

Novelty Detector results displayed as a graph, making them easy to understand and act on. (From VAST use case.)

When it comes to instantly identifying and acting on known threats, including ones previously detected by Novelty Detector and classified, the client used Quine streaming graph. They ysed standing queries to monitor for patterns of behavior in the graph indicative of malicious behavior. And because Quine is not limited by time windows, they were able to build a threat detection system that monitored for a broader range of threat behaviors than traditional complex event processing systems and XDRs allow. Quine is ideal for SaaS businesses. Quine Enterprise can ingest millions of events/second from multiple streams, combine them into a single graph view, detect patterns for known threat indicators, and act instantly to emit contextually rich alerts.

    Image

  • The Solution Continued

    Human-Readable Results

    Both Quine and Novelty Detector are based on the same knowledge graph technologies that makes use of categorical data. This means the data structures they create and output -- node objects, their properties, and the relationships between those objects -- are expressed in a familiar human-readable format (subject, predicate, object). This means results are easy to understand and immediately contextualized. Knowing who did what when, whether or not they had the privileges to do so, how long they had those privileges, and similar contextual information -- all quite easy to generate with Quine and Novelty Detector -- means SOC/NOC analysts don't need to spend exorbitant amounts of time researching alerts.

    Image

  • The Solution Continued

    Fast Time To Market

    Quine Enterprise with Novelty Detector made development fast and straightforward. With both unknown and known threats covered, the client was able to quickly launch a threat detection product to round out their growing portfolio of cyber security products.

Key Values

  • Fewer false positives using shallow learning method that processes categorical data.

  • Profiles behavior (IoBs) instead of finding indicators of compromise (IoCs).

  • Contextually rich alerts in a human-friendly form make it easier for analysts to research and resolve.

  • Real-time processing of data means none of the delays of batch processing.

  • Scales to millions of events per second, making it suitable for fast-growing SaaS providers.

Recent posts

  • Blog Posts
  • Event Driven Architecture

Microservice Hell: The State of the Art in Streaming Services

Discover how thatDot's Streaming Graph simplifies data processing, automating scalability and resilience for high-value insights through real-world examples. ...
  • Streaming Graph
Read More
  • Blog Posts
  • Categorical Data

4 Advantages to Streaming Analytics in Graph Form

Discover how streaming analytics in graph form revolutionizes data analysis, offering instant insights, deep relationships, and categorical data analysis. ...
  • Streaming Graph
Read More

Start building

Read the docs

Get the help documentation, getting started guides, and recipe examples.

Read More

View the demos

See thatDot in action, and see how it’s used.

Read More

Join our community

Meet with other thatDot users on Discord, trade tips, and ask questions.

Read More
Testimonials

What people are saying

thatDot Platform’s advanced Novelty Scoring for categorical data feature is the future of anomaly detection. Its speed powers our new real-time services while also significantly reducing false-positive findings for our customers.

Gery Szlobodnyik

CEO

The security industry is headed towards leveraging knowledge graphs of all the relevant evidence provided by threat groups, network indicators and endpoint artifacts to quickly identify and mitigate threats. The security companies that can most confidently extract relevant context from these graph and then immediately action on findings to mitigate threats will be the winners. This is exactly the problem Quine aims to address.

Evan Wright

Staff Data Scientist

See for yourself

If you think Streaming Graph or Novelty might be for you, contact us to see them in action.
Request a Demo