In this session, David Ting, VP of Engineering at DataVisor, explores the latency challenges associated with a global client base and what can be learned when implementing a performance-improving solution.

1. Improving Our China Clients’
Performance
David Ting, VP of Engineering
DataVisor

2. Company Overview
Company
– Company founded in 2013, backed by NEA, GSR Ventures, and
Genesis Capital
– Discover new types of attacks before any damage is conducted
Elite Technical Team:
– Founders are top researchers in Internet security from Microsoft
Research
– Team consists of mainly PhDs from top universities
DataVisor 20172
Protecting 2B users
globally
Marquee Customers:
BANKS
Processing 600B+
events to date
Detected 130M+ bad
accounts to date
Fortune

3. Core Technology – Unsupervised Machine Learning
DataVisor 2017
Early Detection
Catch sleep cells
High Coverage and Precision
Security domain expertise with rich
pre-existing datasets
No Label Required
Leverage clustering to identify
suspicious groups
Ultra Scalable System
Process 100s of million of events
each day
3

4. Principles of Unsupervised Machine Learning
DataVisor 2017
User Info
Device fingerprint
Application Events
User actions
…
…
Data Cleanup
and
Feature
Extraction
application_freq
application_time
…
…
Client Data
Contains several thousands
features: 𝒇 𝒙
Event
Model
User
Model
Device
Model
work_year_distrib
marriage_distrib
promoter_info
…
deviceid_distrib
ip_usage
devicetype_var
…
…..
…
…
…
𝑝(𝑥, 𝑦) =
𝑖
𝑤𝑖 ∗ 𝐹𝑖(𝑓𝑥 , 𝑓𝑦) 𝑝(𝑥, 𝑦) = 0
• Self-learning system
• Bad users are clustered together based
on similar behavior
A 𝐶𝑗 =
𝑗
𝑝𝑗(𝑥, 𝑦)
4

5. Detailed Analysis of Behavior
DataVisor 2017
• Visual analysis
• Case review
• Customizable reports and dashboards
User Groups
User Disposition
Clusters of Bad behavior
5

6. Successful Use Cases
Stop Fake Account Creation
• Prevent mass registration of
fake account armies
Prevent Transaction Fraud
• Reduce e-commerce and
financial fraud 30%-50% more
than traditional solutions
Identify Account Takeovers
• Detect compromised users
before damage to your
customers or brand
Block Fake Reviews & Likes
• Maintain trust in your platform
by reducing fake comments &
voting
Filter Spam
• Prevent spammers from
posting illicit or annoying
content
Discover Fake App Installs
• Save millions of dollars per
year by flagging fake mobile
app installs
Early detection view shows how
DataVisor catches crime rings
before damage is done.
DataVisor 20176

7. DataVisor Global Intelligence Network
DataVisor 2017
• Global Signals that Make Machine Learning
More Powerful
• Aggregated telemetry signals updated
dynamically
• Observations from
– 2B users & >600B events
– 410 million+ IP addresses
– 5.3 million+ user agent strings
– 3.6 million+ email domains
– 700,000+ phone prefixes
– 300,000+ OS versions
– 160,000+ mobile device types
– … …
• Support investigations in UI
IP addresses User agent strings
Email domains Device types
OS versions Cloud hosting providers
Phone prefixes and more….
7

8. DataVisor Technical Platform
DataVisor 20178

9. Global Cloud Footprint
DataVisor 20179
Rest of the World China
Great Firewall of
China
• Multi-Region
• 80+% of instances are spot
• Thousands of instances
• International instance
• More cost effective than AWS
• Beijing only
• Separate from rest of world
• No spot instances $$$
• Best cloud option in China
Future

10. Distributed Pipelined Computation
DataVisor 201710
Pipline Module 1
• Process several GB/day/client
• 5000+ QPS peak for each
average client
• Batch process runs multiple
times per day
• Real-time disposition done
separately, but is based on
batched analysis
• Results are precomputed and
written to each data store
Original Data
Pipline Module 2
Pipline Module N+1
Pipline Module N
Pipline Module N+1 Pipline Module N+1

11. Challenge of a Global Customer Base
DataVisor 201711
Admin
Console
• AWS West is primary location
serving worldwide traffic
• Close to 1 Petabyte of data stored in
distributed manner across the
various clouds, regions and data
stores!!!!
ISSUE: Slowness reported
Over 30 seconds load time
in China!

12. Already Using Incapsula for WAF
API Gateway
Untrusted
API Caller
Trusted API
Caller
API Server
OAuth2
Customer
Portal
S3/OSS
IP
Whitelist
Customer
Access
Incapsula Web
Application Firewall
Admin
Console
Global
Protect VPN
IP Whitelist
HTTPS Transfer
Client Data Upload
DataVisor S3/OSS
Ferry Script
DataVisor 201712
Data In Transit Security

13. Solution: Incapsula CDN
DataVisor 201713
Admin Console
Incapsula
CDN
Result:
• Approximately 40% improvement in load-time globally
• China is still an issue with over 15 second page load
time

14. Solution: Incapsula CDN + PCN
DataVisor 201714
Admin Console
Incapsula
CDN + PCN
Result:
• China load-time improved by more than 5 times
• Now under 6 seconds load time average

15. Incapsula PCN – Premium China Network
• Performance solution for China
• Reduces latency for browsers in China
– For applications where websites are hosted outside of China
– Predictable performance – faster route
– Significant performance improvement by eliminating hops
• Bandwidth from premium providers
– Agreements with China Telecom and China Unicom
– Configured on a per-site basis
– Provisioned by Incapsula support
DataVisor 201715

16. DataVisor 201716
Thank You!
Speaker: David Ting, VP of Engineering
Email: david.ting@datavisor.com
Sales: business@datavisor.com