Fighting cybersecurity with millisecond speed, at petabyte scale
About Cybereason
Cybereason stands at the forefront of cybersecurity, dedicated to safeguarding organizations from cyber threats with cutting-edge detection capabilities. Focused on reversing the adversary's advantage, Cybereason empowers defenders with advanced technology to protect endpoints, detect attacks, and understand the trends that precede them. With a mission to provide round-the-clock protection, Cybereason efficiently manages over 1 PB of new data daily, serving a wide range of customers, from those with minimal sensors to those monitoring hundreds of thousands.
Managing the flood of cybersecurity alerts and data
In the evolving landscape of cybersecurity, traditional alert-centric tools are becoming increasingly ineffective. These tools generate an overwhelming number of alerts for every suspicious behavior, creating a flood of notifications that burden security teams and require extensive manual investigation. This scenario is ripe for exploitation by attackers who, aware of these limitations, orchestrate operations that generate even more noise to camouflage their activities. Cybereason identified the need for a paradigm shift towards an operation-centric approach, focusing on the most critical threats and enabling protection across the entire digital ecosystem, from individual endpoints to the vast expanse of network devices and cloud services.
Avoid alerting overload
Security teams are flooded with alerts on every suspicious activity, necessitating an AI-driven approach to efficiently focus on genuine threats.
Incorporate massive data growth
Needed to not only manage present data volumes but also anticipate future growth non-disruptively.
Manage costs
As performance and scale demands increase dramatically, total costs must stay under control.
Aerospike and Google powering petabyte-scale, real-time detection
Embracing the challenge, Cybereason developed an innovative detection engine built on the robust foundations of Aerospike, Kafka, and Elastic, deployed on Google Cloud Platform (GCP). This AI-driven engine is designed for automation, allowing Security Operations Center (SOC) analysts to proactively utilize machine learning models across vast data sets. Aerospike, the key real-time data engine, enables the system to collect, process, and apply cross-machine correlations with unprecedented efficiency, handling over 2 million events per second with sub-millisecond latency across more than 150 nodes.
This integration, especially with Kafka, facilitates the ingestion of 6 million external messages per second, significantly enhancing Cybereason's data processing capabilities. The Aerospike-Elastic connector further optimizes performance, quintupling Elasticsearch's throughput. Such technical excellence is achieved with a keen eye on cost-effectiveness, highlighted by a 40% reduction in infrastructure costs through strategic optimization on GCP. This optimization includes leveraging less memory and CPU without sacrificing performance, automated operational tasks eliminating the need for manual intervention, and employing over 30K CPU cores across seven GCP regions.
Integrated, real-time stack on Google Cloud
The solution harnesses the combined power of Aerospike, Kafka, and Elastic on Google Cloud, creating a unified, real-time security platform.
Efficiently processing 2M events/second at sub-millisecond latency
Achieved with over 150 Aerospike nodes across multiple clusters, efficiently managing approximately one petabyte of data.
Simplified operations and enhanced efficiency
Leveraging Aerospike's automatic operational features, including Cross Datacenter Replication (XDR), to minimize manual maintenance and boost overall efficiency.
Robust scalability for future growth
Seamlessly accommodates continued increases in data volume and security demands, avoiding disruptive re-platforming.
Unprecedented efficiency and price performance
The strategic deployment of Aerospike and GCP has yielded remarkable outcomes for Cybereason. The company has experienced rapid market growth, extending its protective reach globally. The real-time data processing capabilities have significantly shortened the time to detect and mitigate cyber threats, boosting customer satisfaction. The financial wisdom of optimizing GCP infrastructure has led to substantial cost savings, ensuring efficient resource utilization. The ability to scale seamlessly, coupled with the peace of mind provided by Aerospike's reliability, underscores Cybereason's success in setting a new standard in cybersecurity.
Holistic AI-driven protection from petabytes of data
Expanding beyond individual endpoints to network-wide data, AI distills insights, boosting security analysts' efficiency (1:200K analyst-to-endpoint ratio).
93% increase in detection and response efficiency
Integrating real-time data streamlines threat identification and neutralization, significantly increasing client security.
9.8 PB data analyzed every week
Sifts through 9.8 petabytes of data weekly, demonstrating its scalability and comprehensive security monitoring.
40% cost reduction
Aerospike helped reduce infrastructure costs by 40%, increasing sustainability and minimizing CPU and memory use.
Testimonials
Additional resources
For a deeper understanding and more insights, explore these additional resources.