Large Scale User Behavior Analytics by Flink
We are HanSight, a leading security startup based in China. We provide solutions for enterprise cybersecurity with a main focus on User Behavior Analytics(UBA). Typical UBA deployment in large scale enterprise needs to handle 10k+ unique users over 10+ dimensions. Real-time analysis and detection on that scale of data has become a must have functionality yet a challenge for traditional security solutions. Most of the products on the market usually struggles with high throughput(100k TPS) and real-time analysis accuracy. With Flink’s streaming nature, we are able to present a next generation UBA system that tackles the large scale real-time data analysis challenge. Basically, Flink serves as a CEP engine processing data in a streaming fashion. And UBA engine (anomaly detection algorithms, rule engine) runs on top of Flink to achieve dynamic ETL rule configuration and hot deployment. Also we provide a stunning UI design for rule configuration, incident response and system monitoring.