Kx for Cybersecurity - A New Approach

Most cybersecurity solutions ignore the human element, focusing solely on reporting and alerting. In contrast, Kx technology enables and augments the human data analyst, extending automated analysis tools with deep and immersive data exploration capabilities engineered to handle the volume, velocity, and variety of today's Big Data environment.

The few SIEM solutions that can handle the volumes and complexities come at a heavy cost in terms of hardware, software and maintenance. Enterprises need alternative Big Data security solutions that are robust and reliable, while offering flexibility and scalability, as well as low total cost of ownership. Kx technology, leveraging kdb+’s simplicity, performance and scalability, can be configured to meet any cybersecurity need and can be deployed on premises or in the cloud.

Download Whitepaper

Why use Kx for Cybersecurity?

  • Ingest, aggregate, and correlate network data at scale
  • Parse and augment traffic data at ingest via feed handlers
  • Create and embed session metadata to accelerate alerting and analysis
  • Store and query data from real-time or historical databases
  • Perform blazingly fast, near real-time queries (e.g. billion record queries in milliseconds)
  • Visualize network traffic in real-time to identify high-risk threats
  • Includes a state-of-the art interactive development environment (IDE) to write, debug, test, version, and deploy complete cyber software solutions
  • Ad-hoc Data
    Exploration & Visualization

    Ad-hoc Data <br> Exploration & Visualization
  • Network
    Threat Detection

    Network <br> Threat Detection<br><br>
  • Network Performance Analysis

    Network Performance Analysis<br/><br>
  • 3rd Party Hardware & Software Integration

    3rd Party Hardware & Software Integration
  • Log

    Log <br>Analysis

Ad-hoc Data Exploration & Visualization

The platform's Collaborative Analysis Environment gives the entire team access to your data. Using the environment, cyber analysts can execute real-time queries against any aspect of their network; perform complex ETL operations; import and export from a wide range of data formats; visualize massive datasets in seconds; build scripts to perform complex real-time computations; develop custom visualizations; and integrate any of these explorations into any existing dashboard.

And since all of their explorations can be shared via the environment's version-controlled repository, analysts can take a team-based approach to problem solving.
Ad-hoc Data Exploration & Visualization

Network Threat Detection

The solution is ideally suited for ingesting and analysing traffic data in real-time as well as drawing from historical databases to identify and detect threat-related anomalies and patterns.

The open nature of the platform allows you to integrate and leverage 'best-in-breed', third-party predictive, machine learning, behavioral, or anomaly detection libraries to build classification and prediction systems. Using these capabilities analysts can identify and isolate patterns of interest in near real-time.

The same capabilities enable specialists to iterate through the data, build adaptive models, and provide quick visual analysis tools to cybersecurity analysts, allowing them to track hundreds of millions of events each day.
Network Threat Detection

Network Performance Analysis

The solution's built-in database and dashboards give you immediate access to a wide range of performance data such as files accessed, services accessed, web categories, ports, events, bandwidth usage per user, threats by category, processes, and more.

In addition, the high-performance query language (q-sql) allows you to perform real-time queries on all of the data inside your system. Users can easily create custom reporting dashboards focusing on the data and metrics that matter to them most.
Network Performance Analysis

Third-Party Hardware & Software Integration

Integrate with existing anti-virus/anti-malware, anti-DoS/DDoS, security intelligence systems (SIEM) and data stores:

- Support for STIX threat ingestion
- Supports "real-time, ad-hoc, Big Data" exploration and analysis including:
- extract, transform, and load (ETL)
- import/export from a wide range of data sources (including CSV, ODBC, JSON, standard log formats, HDFS, )
- Interface with open-source and commercial predictive analytics, machine learning, behavioural, and anomaly detection libraries
Third-Party Hardware & Software Integration

Log Analysis

Harvest, aggregate, alert, and report on log data at scale:

- Leverage kdb+ to execute high-performance Big Data queries against structured data
- Use the built-in natural language processing support to query unstructured data
- Combine these approaches to simplify the task of identifying coordinated multi-level attacks
Log Analysis
Kx Technology


The basis for Kx Technology is a unique integrated platform which includes a high-performance historical time-series columnar database called kdb+, an in-memory compute engine, and a real-time streaming processor all unified with an expressive query and programming language called q.

Designed from the start for extreme scale, and running on industry standard servers, the kdb+ database has been proven to solve complex problems faster than any of its competitors.


Kx's core technology, the kdb+ time-series database, is renowned for its computational speed and performance, as well as the simplicity of its architecture for large-scale data analytics.

Talk to us today
+44 (0) 28 30258826

Get in touch Request a Demo