Streamlined and Accelerated Cyber Analyst Workflows with CLX and RAPIDS

Cybersecurity poses considerable challenges for Security Operations and IT departments at enterprises across the world. The volume of data is enormous, datasets are often heterogeneous, and rapid responses to anomalous behavior are required. As a result, data science is becoming more important to cybersecurity teams. However, integrating data science tooling with existing security information and event management (SIEM) systems is difficult both at a basic functional level and at the scale demanded by increasing volumes of cyber data. In this paper, we present CLX (Cyber Log Accelerators), a solution built on RAPIDS, the suite of open source libraries for GPU- accelerated data science. CLX provides Input/Output modules to simplify loading SIEM data into analytics workflows and IP address preprocessing functions that are on average 295x faster than their CPU equivalents. We also demonstrate that RAPIDS PageRank and Louvain are on average 2190x and 1240x faster than cost-similar CPU equivalents on data from NVIDIA’s internal log processing systems. Using these accelerated tools allows cyber analysts to investigate and respond to potential threats in near real-time.