Why Graph-Wide Scanning on Billions of Edges is the Future of Cybersecurity
In modern cybersecurity, the biggest threat isn’t the single, noisy intrusion—it’s the Advanced Persistent Threat (APT) that sits and waits for six months, slowly executing a multi-stage lateral movement attack. These threats hide in the noise, representing just a tiny fraction of all your data.
Traditional graph tools, which rely on index lookups or a “seed set,” simply can’t find them. They only search a small predefined set of data, leaving 99% of the data unexplored. (And frankly, if we knew what we were looking for, finding bad actors would be easy.)
This challenge is why a company like Rocketgraph exists, and it’s the core concept I explored with CTO and Co-founder David Haglin and graph and AI expert David Hughes on a recent episode of the GraphGeeks podcast. The consensus is clear: to detect the most sophisticated threats, you must move beyond pattern matching to Graph-Wide Scanning.
From Graph Lookup to Complete Context
In a discussion about the limitations of current approaches, David Haglin noted that you must “look over six months worth of cyber data to see if this advanced persistent threat is there and how it’s progressed.”
Traditional graph tools, which rely on index lookups or a “seed set,” simply can’t find them. They only search a tiny fraction of a graph, leaving 99% of the data—and the APT—unexplored. As David Hughes points out, “The challenge… is you have to have a strong belief in the starting points that you choose in your graph.” This fundamental flaw is why Rocketgraph pioneered the concept of Graph-Wide Scanning.
Graph-wide scanning is an approach that analyzes the entire data universe to find a pattern, regardless of where it’s hiding or how long it took to emerge. It’s the difference between checking a few known doors and surveilling the entire warehouse for anomalies.
For organizations dealing with extreme-scale data, this shift requires a complete re-evaluation of performance metrics. Throw out “queries per second.” Instead, the focus is on completeness and traversed edges.
In one incredible internal example, David Haglin shared a query executed on a 150 billion-edge graph that scanned a mind-boggling 123 trillion edges. It took three days to run, but the result was fewer than 4,000 answers. That is the power of finding the critical few from the overwhelming many, a capability made possible only by Rocketgraph’s underlying architecture built for High-Performance Computing (HPC) and extreme scale.
Democratizing Discovery
The need for graph-wide completeness is paired with an equally critical need for democratization. Even with the fastest, most scalable engine, analysts shouldn’t be burdened with complex query languages like Cypher.
This is why Rocketgraph baked GenAI into their Mission Control user experience from day one. Instead of requiring a data scientist, they empower the security analyst with domain expertise.
“GenAI insertion allowed this democratization of who can ask these 20 questions of the large data.” – David Haglin.
Critically, empowering the analyst means moving beyond just looking for known attack signatures. Analysts must be able to explore the entire connected dataset to discover anomalies they weren’t explicitly looking for. The state-of-the-art tooling is about embedding semantics and heuristics directly into the graph to assist this intuitive, investigative work. As David Hughes noted, the goal is to fully explore the data to:
“…look for anomalies in patterns that I don’t know about, but that still may represent crime or something that I should dig into a little bit more and see if there’s a connection. This is a connected data set, after all.”
With Mission Control, analysts can:
- Use Natural Language: Ask a question in plain English, and the system generates the complex query needed to traverse the graph.
- Iterate on Results: Rocketgraph’s unique edge frame approach allows analysts to save a result set and use it as the starting point for a subsequent query, enabling an investigative, “play 20 questions” approach to quickly peel back layers of complex threats.
The Future: Intelligence First
Both Davids agreed that the ultimate goal is to remove the current, high cognitive burden from the intelligence analyst.
The future Rocketgraph is actively building is one where the system does the heavy lifting, providing analysts with a summarized report of the most important events that occurred since their last shift. This vision frees the analyst to focus on what they do best: intelligence and investigation.
David Hughes perfectly summarized this evolution: “The systems that are being developed today are going to allow them to focus on intelligence.” With Rocketgraph, they are no longer data engineers or query composers—they are strategic cyber defenders.
If you’re ready to move past the limitations of sampling and index lookups and achieve true Graph-Wide Scanning on your most challenging datasets, you’re ready for Rocketgraph.
👉 Ready to see the power of Graph-Wide Scanning?
See it in action or take Rocketgraph for a Test Flight today!
