XDR Data Engineering… Solved

Real-Time, At Scale, With High Confidence

Out-of-the-Box Software For Known & New Indicator Detection Across Multiple Data Sources

XDR Detail Graph

Real-time Indicator Detection Across Multiple Data Sources At Scale

Replace Brittle Custom Data Pipelines With thatDot’s Streaming Graph

Thanks to DARPA funded R&D thatDot Connect software accelerates XDR service development with an out-of-the-box data pipeline application. Users define indicators as queries and Connect’s Streaming Graph Tech assembles events across XDR data sources and drives workflows when indicator matches are found, in real-time, at scale.

Eliminate Alert Fatigue; Confidently Identify New Novel Behaviors

A New Approach To Anomaly Detection Using Categorical Data

Numerical anomaly detection is the wrong tool for finding security risk behaviors. thatDot Anomaly Detector is a new approach. Our graph-based AI technique looks at categorical data to more confidently identify novel behaviors in real-time and at scale with fewer false-positives. We even identify multi-stage exploit campaigns.

Case Study: Eliminate Alert Fatigue

87% Security Alert Noise Reduction!

Cyber Security XDR Evolution Case Study

Human Readable & Prioritized Results

Challenge: Users configuration change monitoring solution swamped SOC analysts with 1,000s of alerts, the vast majority of which are false-positives. The volume and poor quality were compounded by SOC short-staffing resulting in an inability to investigate alerts in a timely manner.

Response: thatDot filtered alerts using system and user behavior modeling to identify the novel events that matter, separating truly novel findings from unique observations that traditional anomaly detection techniques identified as issues.

Result: 87% fewer alerts, prioritized and with “human friendly” explanations of why an event was novel.

Scalable & Cost Effective

thatDot Patent Pending Software Intelligently Scales to Meet KPI and ROI Objectives

Massive Scalability

  • Distributed horizontal scaling; to clusters of 100s of machines
  • Parallel asynchronous processing
  • Fully back-pressured, efficient and small footprint

Operational Efficiency

  • Incremental deployment, run alongside existing infrastructure
  • On-premise licensing for economical deployment
  • Integrate with your existing solutions; persistent storage, reporting, APIs, and services

Linear Scaling to Millions Of Events Per Second

425,000 Events/Per Second Using 64 AWS C5.2XL VMs

thatDot Linear Scaling

Develop and Deploy New XDR Services In Hours

Example Use Cases

Real Time Streaming ETL

Detect Stolen Credential Use

Real-time analysis of cloud service logs to monitor user assumed roles and service call behavior, at scale.

See the AWS Cloudtrail Example

Ransomware Campaign Detection

Streaming log analysis to identify the multi-domain activities that comprise a ransomware campaign, including stolen credential use, code injection, and data exfiltration.

Data Lineage

Data Exfiltration Detection

Real-time detection of storage service logs to detect data exfiltration behavior in on-premise or cloud environments.

Read the Data Exfiltration Detection blog.