FireEye (Trellix): Providing Real-Time Threat Analysis using a Graph Database

FireEye, now known as Trellix, is a NASDAQ-listed cybersecurity firm that provides a comprehensive range of security solutions, including threat intelligence platforms and managed defenses, catering to clients across various sectors such as telecommunications, healthcare, finance, and government. At the ScyllaDB Summit 2019, representatives from FireEye's Threat Intelligence DevOps team outlined their transition from a PostgreSQL-based system to a more robust architecture using JanusGraph with ScyllaDB as the storage engine, which enhanced their ability to process complex threat intelligence data at scale. The new system, built on an open-source graph database model, significantly improved query response times and allowed for more efficient data organization and threat analysis, enabling FireEye to handle massive volumes of data with nodes and edges representing various threat elements. This architecture, deployed in a secure AWS Virtual Private Cloud with components like NGINX web servers and Elasticsearch, provided high availability and disaster recovery capabilities, ultimately reducing operational costs by allowing the decommissioning of unnecessary nodes due to ScyllaDB's efficiency.