Cybereason: Implementing a High Performance Scalable Petabyte Cyber Solution

Dotan Gutmacher, Big Data, DevOps & Infrastructure Team Leader, Cybereason

My name is Dotan Gutmacher. I’m leading the data and infra team part of the big DevOps group at Cybereason. Cybereason provides organization with a multi-layer protection stack to defense against known and unknown malwares. Cybereason’s solution is based on in-memory graph DB. In-memory is hard to scale, hard to operate and it’s quite expensive for the hardware part.

So what surprises us about Aerospike is how easy it is to work with and how easy it is to operate. Using Aerospike we are able to create a big data solution, persistent and highly available. So the benefits for our customers using Aerospike is to use more data, more query to understand better what is going on in their environment, and to find and spot any abnormal activity. In Aerospike we have, we will have more than 150 hosts divided on multiple clusters, which is about one petabyte net solution.

We are reading the data from Kafka using microservices and then we write it to Aerospike. Kafka helps us to handle more data, a massive amount of data, and then write it in the optimal way into Aerospike. We are running Aerospike on both GCP and Amazon clouds. Running Aerospike on GCP is so much better because you can customize the hardware for the optimal Aerospike solution.

Basically we started to work with both Elasticsearch and Aerospike. In the operational perspective, Aerospike is so easy to work with. Aerospike does everything automatically. You don’t need to maintain nothing if you compare it to a product like Elasticsearch that you need to maintain manually the size of the index, the number of the shards, the size of the shards. We are using Aerospike as the single point of truth and Elasticsearch is the search engine, and we are starting to manage Elasticsearch-to-Aerospike and by doing that we manage to boost the Elasticsearch performance by five times more.

Aerospike is like a big family for us. They are willing to help and solve our issues immediately. Aerospike has a lot of benefits: easy to scale, flexible hardware that helps us to save money and time and optimize the ROI. Aerospike is the best key value store.