One of the most difficult challenges for cyber security analysts is navigating through vast quantities of network data, which can approach petabyte scales and is often distributed across many disconnected systems. In this demonstration, we show how an analyst can use the Palantir Cyber solution to detect beaconing, a network behavior suggestive of malware, by querying multiple databases at a large institution in a matter of seconds. As fraudulent patterns are uncovered, analysts can automate these searches into regularly run jobs, serving as proactive alerts of malicious activity that are fed into our new prioritized inbox interface, powered by Hadoop. Finally, these alerts can be shared between analysts through Palantir Gotham’s collaboration application, which enables the rapid exchange of information within and across institutions to diminish cyber security threats.*
*While this demonstration is based on a typical investigation workflow, the data is simulated and names were randomly generated. Any resemblance to real people or entities is coincidental.