Intuit Safeguards its Network Infrastructure and the Data of 100 Million Customers with Neo4j

Intuit built its security knowledge platform on a Neo4j knowledge graph, allowing it to map, monitor, and visualize network interdependencies and rapidly respond to security threats.


Today Intuit serves 100 million customers worldwide, and its products include household names like TurboTax, Credit Karma, Quickbooks, and Mailchimp.

Intuit must have a clear view of its infrastructure at all times for it to manage the breadth and depth of customer data within its products and take robust security measures. “We build our brand on being a reliable company and being good stewards of customer data we’re entrusted with means that we need to respond quickly to security events,” says Zach Probst, a staff software engineer at Intuit.

Security is paramount, so engineers must be equipped to quickly locate and patch any vulnerability to an affected system within Intuit’s vast tech stack to prevent it from being exploited and putting customers at risk. 

“Intuit is a large company with an enormous presence. Mapping that much computing and network infrastructure is already a huge challenge,” Probst explains, “But then we need to think about attribution, prioritization, and hygiene as well. Understanding who owns which endpoint, which vulnerabilities are most critical, and what infrastructure is no longer being used, ups the ante considerably.”

Security vulnerabilities require a deep understanding of the impacted software and the operating system or environment. Intuit found it challenging to perform endpoint-to-asset attribution, the process of associating individual hostnames within a domain with their respective assets that are crucial to achieving comprehensive visibility for effective security responses and ensuring sensitive information remains safe. This practice was also time-consuming and reliant on complex, manual tests that required expertise. 

Intuit has overcome this challenge by mapping its network of more than 500,000 endpoints to locate security vulnerabilities using a Neo4j knowledge graph for network topology mapping.

“This setup allows more people to understand network interdependencies, ensuring that vulnerabilities can be addressed quickly and customer data is kept safe,” Probst explains. Intuit needed to be one step ahead of the curve.

Powerful and Immediate Incident Responses

Intuit’s Security Knowledge and Insights Platform (SKIP) draws from a knowledge graph that integrates interconnected datasets, including vulnerabilities from security scans, cloud resources, compliance frameworks, org charts, DNS zones, entries, source code repos, and committers, Akamai property configs and redirect rules, and other sources. The knowledge graph is refreshed with new data through Nodestream, an open-source ETL (extract, transform, and load) framework for graph databases authored by the Intuit team. Nodestream also supports ingestion from data sources like Kafka, AWS Athena, flat files, and Akamai. Then, Neo4j Bloom is employed for easy graph visualization and exploration.

Before Neo4j, the team was unable to map the way Intuit’s infrastructure ran through Akamai, a distributed platform for cloud computing, security, and content delivery. It contains hundreds of property configs, each with thousands of lines of config and thousands of endpoints, which makes routing traffic both difficult and time-consuming.

“Using graph relationships allows us to draw powerful inferences that unlock information that would otherwise have been hidden in siloed data,” says Probst. “And there’s nothing as good out of the box as Bloom. It works nicely, with minimal fuss, which was handy when we first started this project.”

With Neo4j and Bloom, Intuit now understands explicitly how its data and network traffic is routed through Akamai. “These visualizations have uncovered previously hidden insights that were difficult to see before,” shares Chad Cloes, a senior staff software engineer at Intuit, “such as revealing where unused infrastructure may be hiding.”

The team can now tie common vulnerabilities and exposures (CVEs) to source code and connect that source code to front-end endpoints to map possible exposures from unused or unmonitored infrastructure. “What this allows us to do is service the most critical vulnerabilities first, and allocate resources appropriately to handle them,” notes Probst.

Cloes agrees: “We can now map possible exposures in seconds, something that previously took engineers hours and days to manually figure out.”

The Fastest Route to Safer Infrastructure, Data Returned in Milliseconds

Given its vast data and web footprint, Probst notes that, “Crucially, we can attribute over 500,000 endpoints to host names in milliseconds, simply because we can add new data quickly. We can turn around a zero-day vulnerability very quickly, see our exposure, and address it almost immediately.”

That’s as close to a near-time response as one might hope for.

Intuit is now capable of massive throughput, able to ingest and connect 20 million events and make 75 million database updates per hour into the graph, which contains 65 million nodes and 190 million relationships.

The ultimate impact? A more thoroughly mapped infrastructure leads to a safer environment with a much lower risk for security incidents. Another benefit of a clearer systems view: time saved, significantly boosting developer productivity. 

“Thanks to Neo4j, our developer team is able to calculate the risk score of every asset in Intuit, defined as any piece of software, server, services, website, source code, and more, in just four minutes,” says Probst. “These are complex traversals involving tens of thousands of assets, and we’re able to do them extremely quickly.”

Get in Touch

Curious about what insights you could unlock for your business with graph-powered solutions? Let’s talk — reach out, and we’ll get in touch.