NSA-linked Sqrrl eyes cyber security and lands $7M in funding

Sqrrl, the big data startup whose founders used to work for the NSA, plans to announce Thursday that it is shifting its focus to cyber security with a new release of its enterprise service. The startup is also taking in a $7 million Series B investment round, bringing its total funding to $14.2 million, said Ely Kahn, a Sqrrl co-founder and vice president of business development.

The heart of Sqrrl’s technology is the NSA-developed and open-sourced Apache Accumulo NoSQL database, which the company, like other open-source-reliant companies such as Docker or Hortonworks, sells premium services around.

While the Accumulo technology, based on Hadoop, provided a way for companies to store and analyze all their data similar to how they could with other big data vendors like Splunk, Kahn said his team found that their biggest customers were using the technology for cybersecurity purposes. Just a hunch, but I bet the whole “ties to the NSA” thing probably leads to people wanting to give it a go for their security challenges.

Sqrrl’s technology spools together many different types of data sets, from intrusion detection logs to human resources information, and puts that in a single platform that can be used for discovering bad actors that may be loitering in a company’s infrastructure.

Because the Accumulo NoSQL database can function as a graph database (graph databases are a class of NoSQL databases, said Kahn) the Sqrrl team can dump all that data into the system and then receive a picture of the network that contains all the users, devices and servers and how they are connected together.

Sqrrl dashboard

Sqrrl dashboard

“We are able to take all these disparate data sets and defuse them into this linked-data model,” said Kahn.

Graph databases seem to be getting a lot of action these days (DataStax just bought out a graph-database company called Aurelius) and it’s often that people use the technology as a way to map out their infrastructure and learn about vulnerabilities.

Given this traction of using graph databases for security purposes it makes sense that Sqrrl would want to ride this wave, and its Sqrrl Enterprise 2.0 product line now contains security specific features including a visualization tools like bar charts and pie charts, and a dashboard for users to create reports based from the data.

“It’s a big data analytics platform with a focus on cybersecurity,” said Kahn. “It has a database foundation, but it now has advanced visualization capabilities that supports the incident-detection lifecycle.”

This might sounds similar to Argyle Data, which built fraud-detection software on top of the Accumulo database, but Kahn said that startup is more focussed on using its technology to prevent telephone scams and the like and that solving problems related to fraud requires different types of data sets than the ones Sqrrl analyzes to detect anomalies.

Rally Ventures drove the latest funding round along with previous investors Atlas Venture and Matrix Partners.

For more on how innovative companies are using big data to solve complex problems, be sure to check out Structure Data 2015 on March 18-19 in New York City.

Facebook launches collaborative threat-detection framework

It might be a bit more difficult for hackers to launch coordinated attacks against several different companies at the same time thanks to a new collaborative threat-detection framework by Facebook called ThreatExchange.

The new security framework, which Facebook plans to announce on Wednesday, works like an online hub where multiple organizations can sign up and deposit data pertaining to the types of hacks and malicious activities they may have experienced. This type of data includes malicious URLs, bad domains, malware and any sort of analytical data a company might have that’s related to that malware, explained Mark Hammell, [company]Facebook[/company]’s manager of threat infrastructure and the author of the blog post detailing the framework.

Once all that information is dumped in, Facebook’s graph-database technology can correlate all the data points together and figure out new relationships, such as which malware seems to be talking to a particular domain or if a domain happens to be hosted on a bad IP address, said Hammell. The point is for the framework to ingest all the different security data points between companies so they can keep each other abreast of threats they are experiencing in real-time. If the technology does its job right, users can discover patterns from the data that could help them prevent future attacks.

“We needed to have a platform that lets us share this data in real-time so that when the next attack comes online we are all aware simultaneously,” said Hammell.

The idea behind the new framework came about when Facebook, along with other big tech companies, suffered an attack last year (Hammell said the situation was quickly remedied, which is why there was little mention in the press) from some sort of Windows-related malware “that would try to hijack a variety of social-sharing accounts and use those accounts to propagate.” Essentially, the malware could spread itself across the various services of each company because of the way each service happens to be connected to one another.

For example, Hammell said that the attack might have started out from a private Facebook message that sent a corrupted link to a Tumblr blog that happened to be created with a [company]Yahoo[/company] account.

Although the malware was eventually stopped, Facebook decided to build upon its existing
ThreatData framework and open it up to other companies to use through APIs. It’s similar to how developers can connect to Facebook through APIs and create applications on its platform, explained Hammell.

[company]Pinterest[/company], Tumblr, [company]Twitter[/company], and Yahoo all gave Facebook feedback on the new framework and Bitly and Dropbox have now signed on to contribute as well.

As an example of how someone might use ThreatExchange, Hammell said participants will be able to search for any “malicious domains that have been added in the past day to the system.” If they want to add to ThreatExchange a malicious domain that they might have discovered, they can put it into the system and the underlying graph database technology can spew out a list of urls that it might associate with the bad domain, which could be be an indication that the malware is trying to spread across numerous sites.

Now that users can see who else might be affected, they can then ping the appropriate parties within the framework, said Hammell.

“Where we see the most success is when folks start taking the attacks they are seeing and share those with the folks they think might be affected,” Hammell said.

ThreatExchange is now available in beta and interested participants will have to fill out a form on Facebook’s site if they want to partake.

DataStax’s first acquisition is a graph-database company

DataStax, the rising NoSQL database vendor that hawks a commercial version of the open-source Apache Cassandra distributed database, plans to announce on Tuesday that it has acquired graph-database specialist Aurelius, which maintains the open-source graph database Titan.

All of Aurelius’s eight-person engineering staff will be joining DataStax, said Martin Van Ryswyk, DataStax’s executive vice president of engineering. This makes for DataStax’s first acquisition since being founded in 2010. The company did not disclose the purchase price, but Van Ryswyk said that a “big chunk” of DataStax’s recent $106 million funding round was used to help finance the purchase.

Although DataStax has been making a name for itself amid the NoSQL market, where it competes with companies like MongoDB and Couchbase, it’s apparent that the company is branching out a little bit by purchasing a graph-database shop.

Cassandra is a powerful and scalable database used for online or transactional purposes (Netflix and Spotify are users), but it lacks some of the features that make graph databases attractive for some organizations, explained DataStax co-founder and chief customer officer Matt Pfeil. These features include the ability to map out relationships between data points, which is helpful for social networks like Pinterest or [company]Facebook[/company] who use graph architecture to learn about user interests and activities.

Financial institutions are also interested in graph databases as a way to detect fraud and malicious behavior in their infrastructure, Pfeil said.

As DataStax “started to move up the stack,” the company noticed that its customers were using graph database technology, and DataStax felt it could come up with a product that could give customers what they wanted, said Pfeil.

DataStax Enterprise

DataStax Enterprise

Customers don’t just want one database technology, they want a “multi-dimensional approach” that includes Cassandra, search capabilities, analytics and graph technology, and they are willing to plunk down cash for commercial support, explained Van Ryswyk.

Because some open-source developers were already figuring out ways for both Cassandra and the Titan database to be used together, it made sense that DataStax and the Aurelius team to work together on making the enterprise versions of the technology compatible with each other, Van Ryswyk said.

Together, DataStax and the newly acquired Aurelius team will develop a commercial graph product called DataStax Enterprise (DSE) Graph, which they will try to “get it to the level of scalability that people expect of Cassandra,” said Van Ryswyk. As of now, there is no release date as to when the technology will be ready, but Pfeil said work on the new product is already taking place.

If you’re interested in learning more about what’s going on with big data in the enterprise and what other innovative companies are doing, you’ll want to check out this year’s Structure Data conference from March 18-19 in New York City.

With $20M, Neo Technology makes a case for the graph database

Neo Technology, the creator of the Neo4j graph database, has brought in $20 million in series C money, signaling that we are indeed seeing the rise of graph analysis in big data. The startup now has $44.1 million in total funding.

Unlike document databases like MongoDB, graph databases deal with the relationships between data points and are used by big social networking companies like Facebook and Pinterest to map out the connections of their many users. For example, Pinterest’s graph architecture lets the startup know which users are following other users as well as how their interests overlap with each other.

Similar to the NoSQL world where several companies and related projects like MongoDB, Couchbase and DataStax vie for the crown, there are many different graph database projects with no clear leader(s) yet. Some examples include GraphLab Inc. and the open-source GraphLab database, the Facebook-developed Giraph open-source database and the Cassovary big graph-processing library brought to you by Twitter.

Neo Technology CEO and founder Emil Eifrem said his startup stands out from other projects because of its large development community; the company claims it has 20,000 Neo4j Meetup members in 25 countries and has received 500,000 downloads since Neo4j 2.0 was released last year. Eifrem said that Neo4j now supports many different languages, frameworks and tooling through the help of community support and developers.

Neo4j was created from the ground up by Neo Technology’s founders back in 2007 and is not a rejiggered version of MySQL with some sort of relational layer built on top of it, he said.

Neo4j browser screenshot

Neo4j browser screenshot

As far as building a viable business, Neo Technology is following in the footsteps of other open-source-centric startups like [company]Docker[/company] in that it sells commercial software that functions as “operations and management tools,” but which is built atop open-source technology. While developers can download Neo4j for free, enterprises that want more-traditional IT features like monitoring and management and clustering will have to cough up some cash.

“I can’t see a big, serious company putting [the free version] in production,” Eifrem said.

The 80-person startup claims [company]Walmart[/company], [company]eBay[/company], [company]CenturyLink[/company], [company]Cisco[/company] and Medium as users of the Neo4j database.

Creandum and Dawn Capital drive the funding round along with Fidelity Growth Partners Europe, Sunstone Capital and Conor Venture Partners. Johan Brenner, a Creandum general partner, will join Neo Technology’s board.

Here’s a potentially powerful tool for exploring your social graph

A database vendor called Objectivity has created a mobile app called GraphMyLife that aims to let consumers explore links between the people and content in their various social networks. I say “aims” because although the idea is pretty cool, the app is a bit laggy and confusing (at least on my phone). But cut Objectivity a break: it’s a specialized (and old) enterprise-tech company trying to humanize its graph database software.

Six degrees of separation, NSA-style

Whether it’s ethically right or wrong to investigate deep into suspects’ networks of connections, the NSA certainly has the processing power to do it. “Three hops” away isn’t much when you can map potentially trillions of identities.