How Wallaroo Accelerated Security Machine Learning for an F100 Enterprise Client

September 1, 2021

Machine learning (ML) has become the shield of choice for companies looking to defend their business against security threats. With the ability to instantly detect risk factors, react to breaches in real-time, and even predict future incidents – ML adds a powerful layer of 24/7 protection that greatly enhances a security team’s efforts.

This is what one Fortune 100 enterprise was aiming for when they developed dozens of security models. Except their current security Machine Learning setup made productionizing those models unnecessarily slow, difficult, and expensive. It became even tougher after frequent model retraining and redeployment, which made them more sophisticated (e.g. involving deep learning or natural language processing) and consequently much trickier to get into production. 

All these obstacles left the enterprise with ML they couldn’t deploy on time, resources that were costly to maintain, and the inability to achieve the robust protection they needed.

Enter Wallaroo, with its simplified security ML pipeline and high-performing data processing engine. Wallaroo went above and beyond the initial success criteria, achieving: 

  • 553% faster data processing
  • 50% more models operationalized 
  • 75% reduction in computing costs

Here’s the full story.

The background

An established healthcare insurance corporation relied on a combination of in-house data processing, Apache Spark, and Splunk to detect and counter anomalous security events (e.g. suspect network connections, internal or external data transfers) across their extensive operations.

Their data science team developed over 50 ML models, which a data engineering team would then take into production. But to fully leverage these models their ML system needed to:

  • Instantly process millions of daily communications and billions of network events to catch incidents in real-time.
  • Rapidly operationalize ML models to stay ahead of security threats through continuous innovation. 
  • Allow data scientists to easily retrain their models based on new data to improve performance.
  • Efficiently use computing resources to keep infrastructure costs low.

The problem

Considering the scale of their security Machine Learning needs, their current setup fell remarkably short, throwing their poor data science team headfirst into some significant challenges:

Too much time and overhead to productionize models: Each model needed 2-4 weeks to go from development to production. Since the tech stack wasn’t making it easy, the data scientists had to spend a considerable amount of time helping the engineers operationalize the models. This unwelcome distraction pulled them away from experimenting, innovating, and doing what they signed up for. 

Retraining and deploying was difficult and delayed: With new threats and subtle risk patterns sneaking up every day, models need to be constantly retrained and redeployed using the latest data. The data scientists would refine their ML models, but with each one taking several weeks to go live, the benefits of retraining were infrequent and short-lived. Plus, many of these models never even made it into production at all.

Expensive infrastructure to maintain: Each model required an independent cluster – and they had over 100 models to run. This resulted in around 1,000 servers needed to process all the production data, which spiked infrastructure costs to an eye-watering $3M a year. On top of that, they still had to add the expense of operational overhead from managing and scaling all the clusters.

Data not processed in real-time: Data was processed in batches at the end of the day or in 15-minute micro-batches. This meant anomalies wouldn’t be detected until then, leaving the company exposed to breaches and undercutting the efficacy of their ML models. 

Enter Wallaroo

Tired of losing cutting-edge models to a sluggish ML pipeline, the enterprise enlisted Wallaroo – a platform for production AI and analytics known for its lightning-fast data processing, two-click deployments, and real-time monitoring.

A cloud environment of their choice (in this case: Microsoft Azure) was set up for the data scientists to upload their models and easily retrain them based on performance metrics generated by Wallaroo. To their relief, they could retrain their models using the tools they already knew (e.g. Jupyter Notebook, TensorFlow) and then redeploy instantly.

If the models detected any anomalous events, that output was sent downstream to their existing Splunk environment. Meaning they didn’t have to upend their entire ML system to integrate Wallaroo – just plug it in to replace the parts that weren’t working, and connect it to the parts that were.  

For 30 days, the data scientists launched, tested, and iterated their algorithms with Wallaroo and found that they could finally deliver the results the enterprise expected from their ML.

For a glimpse of what this looks like, choose a time on the graph below for an example of the summaries and detailed audit information Wallaroo can provide.

Threat Security Model

The Wallaroo difference 

After just 30 days, the data science team was able to operationalize 50% more ML models than before, deploy them within seconds (not weeks), and all while using 75% fewer computing resources.

This was a game-changing outcome for their business, leaving their (much happier) data science team with the following advantages:

Fast and simple productionizing: By cutting out complex reengineering, Wallaroo turned 2-4 weeks of operationalizing into just a few seconds, ensuring that every model – even the advanced ones – always reached production.

Easy retraining and redeployment: Ultra-fast data analysis and real-time metrics allowed data scientists to update their models often and quickly deploy them for continuously enhanced breach detection.

Real-time data processing: As the fastest platform on the market for production AI, Wallaroo can handle any amount of data in real-time so models can detect and react to anomalies the second they appear.

Less infrastructure to maintain: With the ability to run multiple models on a single server, the team could run their security Machine Learning using much less infrastructure and with drastically lower maintenance overhead.

“The market has shown that companies able to successfully leverage AI have a formidable competitive advantage. This is why Wallaroo’s core mission is to help companies succeed at deploying, operating, and iterating their AI.” – Aaron Friedman, VP Operations, Wallaroo.

Wallaroo can do the same for you

AI and ML are becoming indispensable for organizations to protect their data and customers from rapidly-evolving security threats. But to make the investment worthwhile, you need the right technology in your corner. 

Just like the healthcare insurance enterprise, in this case, most companies stitch several solutions together and end up making their data science team work twice as hard. Wallaroo is different. It’s an all-in-one platform that reimagines the future of production AI, so companies of all sizes can have a corporate-grade ML operation at a fraction of the cost. 

Get in touch today to start deploying your ML differently.