<
Return to blog

Craxel's Innovative Approach to Cybersecurity Data Management

Craxel leverages time series graphs for real-time observability and advanced AI prediction

By Craxel Founder and CEO David Enga

March 15, 2024

“I love AI. I want lots of AI,” DoD Deputy CIO for Cybersecurity David McKeown told Breaking Defense. But, so far, neither government nor industry has developed artificial intelligence that can really help with cybersecurity.

It is coming. But first we have to get the data in order - and I literally mean in order!

Before we can apply generative AI to predict anomalous behavior, we need to be able to index petabytes of netflow, dns lookups, endpoint log data, etc., AS IT ARRIVES and organize it to facilitate fast and efficient access by both humans and machines. At Craxel, we do this using time series graphs. Our Black Forest platform maintains a consolidated timeline of everything that happens on every device on the network and all the relationships between devices/computers. Our ability to index all of this data as it arrives at scale delivers real-time observability of the network.

The timelines and relationships present in a time series graph are needed so that generative AI models can be trained to predict the next "normal" activity on a device's timeline. Much like in Large Language Model's (LLM’s) where generative AI models predict the next token (word or phrase) to output, generative AI can be used to predict what is expected to happen on a timeline. This includes predicting connections/relationships with other computers (netflow/dns lookups). Of course these predictions won't always be accurate because sometimes behavior looks random and past activity doesn't always predict future activity. But it would be a phenomenal help to threat hunters.