Here’s what we talked about:
Q: Talk to me about how you guys use Neo4j at TruSTAR.
Ian Sinnott: TruSTAR’s whole mission statement and goal is to let companies shorten their incident response time. We’re a cybersecurity company, so if there is a cybersecurity incident at your company, there’s always a response time, and it varies from really quick – almost immediate – to a really long time. When it does take a long time, whoever is attacking you can do a lot of damage.
I’m the lead on the front end team here at TruSTAR, and how that particularly pertains to what we’re going to be talking about today is data visualization. It’s much more fun to look at it than to talk about it, so I’ve made this short video to give you an idea of what it looks like.
The main thing that we started with when we decided to use Neo4j was our data model. We have our users submitting incident reports into our system, and these incident reports can relate to each other. Say two incident reports share an IP address or a URL in the body; because they both share this indicator, they relate to each other.
Our data model has pieces of data that are highly interrelated with each other so a graph database was a natural fit. We liked Neo4j, it was easy to set up so we decided to go with you, and we haven’t looked back.
Q: What else made Neo4j stand out?
Ian: Yeah, the first thing was we needed a graph database and then once we knew that, we liked that Neo4j has a presence, especially here in San Francisco.
The whole reason we’re even talking right now is that I went to a meetup that you guys were at. It was really cool. Community is super important when choosing a technology.
Aside from the community, Neo4j was easy to set up, easy to install and get up and running. That’s especially important because we’re a very small startup. We can’t just dedicate a team to setting up this new graph database. Everyone is doing something already, and yet someone is going to have to do this in addition to what they’re already doing, so the ease of setting up was also very important.
Q: Can you talk to me about some of your most interesting or surprising results you’d had while using Neo4j?
Ian: The best moment in my experience has been that it’s just worked. It’s worked really well for exactly what we wanted to use it for.
Going into it, we were not using a graph database. We were just representing our data like I would say most companies probably do, in a more relational manner.
So when moving a large portion of our data into a graph database, we didn’t know exactly how it was going to work or whether it would be a good fit despite thinking that we thought it sounded great.
But it was great. Now, as we’ve used it, there’s been very little friction. There wasn’t so much an “ah-ha” moment as there was just no “ugh” moment.
Q: If you could start over with Neo4j, taking everything you know now, what would you do differently?
Ian: That’s a good question. I think just like I said in the last point, it’s worked out so well for us that I wouldn’t change anything. It’s gone quite well.
Q: Tell us a bit more about the graph visualization and how you use that.
Ian: I touched a bit earlier on why graphs and why Neo4j is good for TruSTAR, the company. Equally important is that it’s good for our users.
If I’m a user or an operator, I’m using the product and putting data into the system. When I submit a cybersecurity incident report, I’m not doing it just because I have spare time on my hands. I’m doing it because I want to enrich that data point. I want to see what else relates to this report, to this incident that I’m seeing in my system.
When I – as the user – put in a report, then what TruSTAR does is we help with that relation. We put the report data into Neo4j, and we run all our relational algorithms on it to see what it relates to and then we present that to the user.
That’s kind of where we shift toward the data visualization, because now we’ve got this awesome graph but it’s just that and nothing more. It’s a graph in the cloud somewhere – the user can’t see it.
As humans, our spatial awareness is amazing. We’re really good at seeing visual relationships, and a graph database just represents those data relationships really well. We decided to build out a product that in some ways resembles the Neo4j Browser. (See the embedded video above for a quick demo.)
You can see a lot of nodes and their edges and how they connect to each other, except instead of just visualizing a database, our goal is to help our users visualize the relationships between these reports and indicators that might be within those reports. That’s where I specifically have come in, working on that front-end data visualization tool.
Q: Anything else you want to add or say?
Ian: TruSTAR is live and in production right now, so if shortening your cybersecurity incident response cycle is something that you’re interested in, absolutely look us up. That’s what we do.
Want to share about your Neo4j project in a future 5-Minute Interview? Drop us a line at email@example.com
Learn more about how Neo4j is used for cybersecurity and fraud detection: Click below to download this white paper, Fraud Detection: Discovering Connections with Graph Databases and start detecting and deterring cyber threats in real time.