Technology Requirements
Armis Security processes 100 billion events per day for its global customer base and 30TB data sets in its largest customer environments. Armis collects data from anything an enterprise may have, including devices, firewalls, IoT, multi-tenant, ServiceNow and network traffic. This means Armis has a massive data pipeline to manage and analyze.
Armis needed a database technology to fulfill its technical requirements, including:
- Query SLAs of 1.5 seconds across three days’ worth of data; three seconds across seven days of data; and 10 seconds across more than 30 days of data to support real-time analytics
- A solution it could deploy as both a managed service and an on-premises solution to meet FedRAMP on-premises requirements
- The ability to frequently update lookups and effectively perform joins
"Using Elasticseach seemed like a reasonable choice considering the vast knowledge of the team in that technology and the fact that we needed fast searches and aggregations over a large data set. It's just that we didn't realize how big this dataset is going to be, and what would it require from us to maintain it."
Tomer Praizler
Cheif Architect, Armis Security
Why SingleStore?
Armis considered using Google BigQuery, but lack of multi-cloud support and absence of self-managed solutions were dealbreakers. “Then, in speaking with our customer base, we learned that most of them are SingleStore customers, and the more we heard, the more we liked,” said Cohen. Armis selected SingleStore DB for the on-premises portion of its deployment to satisfy FedRAMP compliance, and SingleStore Managed Service to support its cloud data strategy via AWS.
Other features that helped close the deal included:
- In-memory row stores and column stores in the same database
- Petabyte scale
- Security features built into SingleStore that Armis government clients require, including ISO/IEC 27001, SOC 2 Type 2 and Privacy Shield
Solution
The Armis Platform, of which now SingleStore plays a significant part, collects various types of raw data (traffic, asset, user data and more) from various sources, processes it, analyzes it, enriches it and aggregates it. This creates a full dynamic picture on all of the assets of its clients, which is accessible within the product by free queries on devices, IP session data, predefined metrics and more. The Armis Platform:
- Manages 100 billion events per day
- Manages 30TB data sets in its largest customer environments
- Delivers 1.5-second query speed across three days’ worth of data
Twingo represents, sells and deploys leading big data technologies. Experts in architectural design, Twingo helped Armis choose the right technology and provides the optimal big data solutions for complex problems. Twingo contributed to the POC for the SingleStore deployment at Armis, helping design the data cluster sizing, redesign queries, and optimize the model, then define and run the POC. Armis now has 32 managed SingleStore units, and each unit consists of 8 CPU cores, 64GB RAM, and a 2TB SSD.
“With ElasticSearch, if a single device was updated, Armis needed to update backwards three months’ worth of data,” said Golan Nahum, CEO, Twingo. “Armis needed to move to a relational model to work with ultra high scale and at the same time, simplify the modeling. With SingleStore, Armis achieved a substantial reduction in complexity and a significant increase in performance and huge reduction in cost,” said Golan Nahum, CEO, Twingo.
“Armis needed to move to a relational model to work with ultra high scale and at the same time, simplify the modeling. With SingleStore, Armis achieved a substantial reduction in complexity and a significant increase in performance.”
Golan Nahum
CEO, Twingo
At present, Armis still uses PostgreSQL and Elasticsearch for smaller and transactional workloads, has already moved its largest data set from Elasticsearch to SingleStore and moved all analytical workloads from PostgreSQL to SingleStore.
“Our partnership with Twingo helped us run a successful POC with minimal resources on our end. Thanks to Twingo’s experts, we avoided mistakes and created an optimized solution,” said Praizler. “They gave us continuous advice on how to progress and develop the system while pushing priorities for feature requests.”
Tomer Praizler
Cheif Architect, Armis Security
“Operations-wise, we simplified our pipeline with SingleStore, and things work much better than they did with ElasticSearch,” said Roy Franco, Data Infrastructure Team Leader, Armis Security. “We ingest this massive data pipeline, analyze streaming data and allow users to drill down on everything,” said Roy Franco, Data Infrastructure Team Leader, Armis Security.
Much of the data in the Armis Platform is updatable:
Facts result from the actual aggregations
Usable data is about the devices themselves and it updates in batch mode every 30 minutes
“We want to make this data real time by streaming those changes into SingleStore,” said Cohen. “As an example, let’s say a user’s Macbook Pro has just updated and is now vulnerable; they need to close that gap immediately.”
Outcomes
“Queries that would time out completely under ElasticSearch are now processing in less than 10 seconds with SingleStore, and some clock in under 1.5 seconds,” said Cohen. The massive increase in technical performance has led to eye-popping financial performance:
Accelerated Business Growth as Valuation Reaches $3.4 Billion
The scaling and performance improvements offered by SingleStore helped Armis Security substantially grow its business, which has helped it triple its valuation in less than two years. When private equity firm Insight Partners acquired Armis Security in February 2020, it had a $1.1 billion valuation. By YE2021, Armis Security was worth $3.4 billion.
70% Cost Savings
With SingleStore, Armis can flex its costs up and down with the size of its cluster. “We moved from the entire data pipeline including ElasticSearch costing more than $1 million annually to paying a fraction of that for Singlestore Managed Service, reducing our data pipeline cost by 70%,” said Cohen.
Faster Performance Improves Customer Device Security
The vastly improved performance Armis Security has realized with SingleStore gives its customers a better view of their device landscapes, allowing them to react faster based on fresher data to keep their environments secure.