Aerospike Vector opens new approaches to AI-driven recommendationsWebinar registration
Customer story

Fighting cybersecurity with millisecond speed, at petabyte scale

About Cybereason

Cybereason stands at the forefront of cybersecurity, dedicated to safeguarding organizations from cyber threats with cutting-edge detection capabilities. Focused on reversing the adversary's advantage, Cybereason empowers defenders with advanced technology to protect endpoints, detect attacks, and understand the trends that precede them. With a mission to provide round-the-clock protection, Cybereason efficiently manages over 1 PB of new data daily, serving a wide range of customers, from those with minimal sensors to those monitoring hundreds of thousands.

Challenge

Managing the flood of cybersecurity alerts and data

In the evolving landscape of cybersecurity, traditional alert-centric tools are becoming increasingly ineffective. These tools generate an overwhelming number of alerts for every suspicious behavior, creating a flood of notifications that burden security teams and require extensive manual investigation. This scenario is ripe for exploitation by attackers who, aware of these limitations, orchestrate operations that generate even more noise to camouflage their activities. Cybereason identified the need for a paradigm shift towards an operation-centric approach, focusing on the most critical threats and enabling protection across the entire digital ecosystem, from individual endpoints to the vast expanse of network devices and cloud services.

alert-icon

Avoid alerting overload

Security teams are flooded with alerts on every suspicious activity, necessitating an AI-driven approach to efficiently focus on genuine threats.

throughput-icon-1

Incorporate massive data growth

Needed to not only manage present data volumes but also anticipate future growth non-disruptively.

cost-icon

Manage costs

As performance and scale demands increase dramatically, total costs must stay under control.

Solution

Aerospike and Google powering petabyte-scale, real-time detection

Embracing the challenge, Cybereason developed an innovative detection engine built on the robust foundations of Aerospike, Kafka, and Elastic, deployed on Google Cloud Platform (GCP). This AI-driven engine is designed for automation, allowing Security Operations Center (SOC) analysts to proactively utilize machine learning models across vast data sets. Aerospike, the key real-time data engine, enables the system to collect, process, and apply cross-machine correlations with unprecedented efficiency, handling over 2 million events per second with sub-millisecond latency across more than 150 nodes.

This integration, especially with Kafka, facilitates the ingestion of 6 million external messages per second, significantly enhancing Cybereason's data processing capabilities. The Aerospike-Elastic connector further optimizes performance, quintupling Elasticsearch's throughput. Such technical excellence is achieved with a keen eye on cost-effectiveness, highlighted by a 40% reduction in infrastructure costs through strategic optimization on GCP. This optimization includes leveraging less memory and CPU without sacrificing performance, automated operational tasks eliminating the need for manual intervention, and employing over 30K CPU cores across seven GCP regions.

check-mark-icon

Integrated, real-time stack on Google Cloud

The solution harnesses the combined power of Aerospike, Kafka, and Elastic on Google Cloud, creating a unified, real-time security platform.

check-mark-icon

Efficiently processing 2M events/second at sub-millisecond latency

Achieved with over 150 Aerospike nodes across multiple clusters, efficiently managing approximately one petabyte of data.

check-mark-icon

Simplified operations and enhanced efficiency

Leveraging Aerospike's automatic operational features, including Cross Datacenter Replication (XDR), to minimize manual maintenance and boost overall efficiency.

check-mark-icon

Robust scalability for future growth

Seamlessly accommodates continued increases in data volume and security demands, avoiding disruptive re-platforming.

Results

Unprecedented efficiency and price performance

The strategic deployment of Aerospike and GCP has yielded remarkable outcomes for Cybereason. The company has experienced rapid market growth, extending its protective reach globally. The real-time data processing capabilities have significantly shortened the time to detect and mitigate cyber threats, boosting customer satisfaction. The financial wisdom of optimizing GCP infrastructure has led to substantial cost savings, ensuring efficient resource utilization. The ability to scale seamlessly, coupled with the peace of mind provided by Aerospike's reliability, underscores Cybereason's success in setting a new standard in cybersecurity.

Holistic AI-driven protection from petabytes of data

Expanding beyond individual endpoints to network-wide data, AI distills insights, boosting security analysts' efficiency (1:200K analyst-to-endpoint ratio).

93% increase in detection and response efficiency

Integrating real-time data streamlines threat identification and neutralization, significantly increasing client security.

9.8 PB data analyzed every week

Sifts through 9.8 petabytes of data weekly, demonstrating its scalability and comprehensive security monitoring.

40% cost reduction

Aerospike helped reduce infrastructure costs by 40%, increasing sustainability and minimizing CPU and memory use.

Testimonials

Additional resources

For a deeper understanding and more insights, explore these additional resources.