IT Science Case Study: How to Get Real-Time Risk Assessments

ThreatMetrix, which uses anonymized data from across 1.4 billion digital user identities to provide businesses with insight into the true digital identity of their customers, needed a way to do this better and faster.

Here is the latest article in a new eWEEK feature series called IT Science, in which we look at what actually happens at the intersection of new-gen IT and legacy systems.

Unless it’s brand new and right off various assembly lines, servers, storage and networking inside every IT system can be considered “legacy.” This is because the iteration of both hardware and software products is speeding up all the time. It’s not unusual for an app-maker, for example, to update and/or patch for security purposes an application a few times a month, or even a week. Some apps are updated daily! Hardware moves a little slower, but manufacturing cycles are also speeding up.

These articles describe new-gen industry solutions. The idea is to look at real-world examples of how new-gen IT products and services are making a difference in production each day. Most of them are success stories, but there will also be others about projects that blew up. We’ll have IT integrators, system consultants, analysts and other experts helping us with these as needed.

Today’s Topic:  Obtaining Real-Time Insight from Disparate Data Stores for Risk Assessments

Name the problem to be solved: ThreatMetrix uses anonymized data from across 1.4 billion digital user identities to provide businesses with insight into the true digital identity of their customers. However, the company needed a way to do this better and faster.

Describe the strategy that went into finding the solution: ThreatMetrix had very strict requirements for its database solution. It needed predictive and fast performance with a read latency of one millisecond or less. It also needed predictive and fast access to tens of billions of keys and more than 100 terabytes of raw data. ThreatMetrix also needed a database that was easy to administer, operate and expand because it has a relatively small operations team. Additionally, caching doesn’t work for ThreatMetrix, so it needed a solution that was fast without a big, dedicated caching layer.

List the key components in the solution: The solution’s key component is an enterprise-class, hybrid memory architecture database that delivers predictable performance at scale, superior uptime and high availability at a lower price compared to relational and first-generation NoSQL databases.

Describe how the deployment went, perhaps how long it took, and if it came off as planned: ThreatMetrix successfully deployed Aerospike servers to manage its entire global shared intelligence Digital Identity Network, which analyzes millions of transactions in real time to help our customer immediately distinguish good customers from bad. ThreatMetrix really liked that it was able to reduce the number of servers by 70 percent compared to the previous solution. The company now has a more manageable number of servers in its environment.

Describe the result, new efficiencies gained, and what was learned from the project: Working with Aerospike, ThreatMetrix is now evaluating billions of data points across 100 million daily transactions, all in real time. Its sustained workload is many tens of thousands requests per second with peaks 10 times the sustained load. Across its Aerospike clusters, ThreatMetrix has an average read latency of about .35 milliseconds, which is optimal. As a result, digital business can quickly and accurately distinguish between genuine users and fraudsters, making a true consumer’s online experience secure and friction-free.

Describe ROI, carbon footprint savings, and staff time savings, if any: The real benefit is that ThreatMetrix is in an even better position to stop global cybercrime by ensuring that customers really are who they say they are. The company’s Digital Identity Graph, powered by Aerospike technology, can cross-correlate billions of data points, mapping the complex, ever-changing associations between people, their devices, accounts, locations, addresses and the businesses with which they interact. This enables us to provide customers with a real-time risk assessment for every single persona and online transaction.

If you have a suggestion for an IT Science article, email

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor of Features & Analysis at eWEEK, responsible in large part for the publication's coverage areas. In his 12 years and more than 3,900 stories at eWEEK, he...