Technology

The 6 questions to find an investigation platform in the age of complex data

September 16, 2019

The growing complexity of data-driven investigations exposes organizations to serious risks because of undetected threats. With data scattered across tools and databases, investigation teams fighting cyber attacks, financial crime or national security threats are struggling. The graph approach offers a unique way to tackle these issues but also brings new questions. How to make sense of graph data? What are the relevant tools in this space?

 

In order to help organizations facing these questions we’d like to list the 6 key aspects (in no particular order) that in our experience are important to consider when choosing an investigation platform for complex connected data.

1. Can I easily find information in complex datasets?

The first thing that is oftentimes considered are the actual investigation capabilities. Are users required to learn a complex query language to find information? Is it possible to search the graph via traditional full-text search? Is it possible to dynamically visually explore the graph?

 

These basic capabilities are a good starting point but there is a big difference between a good-looking graph visualization tool and a tool that can be used by investigators with real-world data. At Linkurious, we have learnt about this by working with 100s of organizations. Among the small details that make a big difference are:

 

 

  • Search: is it possible to do fuzzy searches? Is it possible to filter your search on specific fields or categories?
  • Filtering: is it possible to filter the graph using all the properties attached to nodes and relationships? Are qualitative and quantitative properties handled?
  • Exploration: is it possible to undo/redo actions? Is it possible to expand based only on a specific type of nodes or type of relationship?
  • Geospatial: is it possible to display geospatial data on a map?
  • Time analysis: is it possible to filter data based on time values?
visualize cosmos DB
Displaying and filtering a graph in Linkurious Enterprise

The tools that provide these different capabilities can allow data analysts to sift through complex data and quickly find answers.

2. Is it compatible with large graphs?

Another important aspect to consider when it comes to choosing an investigation platform for graph data is performance. Previous generations of investigation tools are either unable to manage large graphs or do so with poor performances. Performance may mean different things such as:

 

  • The size of the graph that the platform can manage
  • The number of nodes and relationships that can be displayed at a given time on the screen
  • The speed at which it’s possible to explore the graph

There’s a big difference here between tools that natively support graph databases and tools that rely on older relational databases. The use of WebGL is also important as it helps display more data faster than Canvas or SVG rendering.

A graph-ready investigation platform can detect complex patterns in large datasets and allow analysts to dynamically explore relationships in real-time.

3. Can we work on investigations as a team?

The value of an investigation platform goes beyond the experience of a single investigator. For all organizations, it’s important that their tool actually works with its current processes. It starts with the ability to export or share data among users. The best investigation platforms go beyond and help:

 

  • Automate the detection of patterns
  • Manage the process of reviewing alerts
  • Integrate with other applications (via an API for example)

Having a tool that covers the main aspects of the investigation process will save investigators from having to switch among multiple tools to do their job. That’s a big improvement in terms of overall efficiency.

4. How flexible is it?

The ability to customize your investigation platform is a key factor in its effectiveness.

 

It’s important for example that the look and feel of the user interface makes sense for the specifics of your context. Is it possible to use meaningful icons? Can the size or color of nodes and relationships be mapped to properties? Can the text displayed next to nodes and relationships be changed?

 

Beyond the user interface itself, it’s important to look at how the software can be integrated within the organization’s IT infrastructure. Does the software support cloud and on-premise deployments? Is it compatible with the company’s authentication service (LDAP, ActiveDirectory, etc)? Is it possible to manage fine-grained access rights?

 

Tools built internally by assembling different software components have a huge advantage here. These tools can be tailored-made to the specifics of a particular situation. For some organizations it may make sense to invest the resources to build and maintain such a tool. Before doing so, it’s worth considering whether the extra customization you would get when building your own software is worth the risks, time and resources.

5. Is it easy to use?

For a lot of organizations simplicity is key. If your software is too complex to setup, administer or operate, it will not make a lasting impact.

 

When it comes to setting up the platform, there’s a big difference between off-the-shelf software and bespoke software. With an off-the-shelf platform, a single person with limited IT skills can be up and running in hours if not minutes. With a bespoke software, having something production-ready may take months, will require a few developers and come with risks (as with all IT projects).

 

Once the software is deployed, how easy is it to administer? Some admin tasks can be simplified with user interfaces for:

 

  • Managing the data sources
  • Managing the access rights
  • Customizing the application’s visual interface for end-users

Simplicity looks different for end users but can be hard to measure. There’s a difference here between a software having the features the users want and the software actually being effective.

6. What’s the price?

As with all projects, price is a big factor when it comes to choosing an investigation platform for graph data. Off-the-shelf tools tend to be quite transparent in that regard with clear licensing fees. The price of building something from the ground up is oftentimes less clear. When considering building a custom solution, it’s worth taking into account that:


  • There’s a difference between building a nice graph visualization interface and having a full blown investigation solution. The latter requires tackling issues of security, collaboration, search, scalability, tests and more. There’s a risk of underestimating the efforts required for a custom solution
  • There’s a difference between creating a solution and maintaining it throughout time. The latter requires an ongoing investment and the sort of organization and focus that is not often found outside of software companies. There’s a risk of ending up with an aging solution that will need to be replaced


We hope that this guide of what to consider when choosing your next investigation platform for graph data will be useful. If you want to know how Linkurious Enterprise addresses these 6 considerations or if you have any questions, feel free to contact us!

Subscribe to our newsletter

A spotlight on graph technology directly in your inbox.

TOP