Financial | Streaming analytics for cybersecurity Real-time security intelligence

An estimated 17.6 million Americans—about 7% of U.S. residents age 16 or older—were victims of identity theft in 2014. The 2015 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen.



We evaluated building our own and explored other vendors, but chose SQLstream because they met our requirements entirely and they provided the only 100% ISO ANSI/SQL standards-based streaming platform. That enabled us massive scalability, a very fast deployment and a highly competitive TCO.



InfoArmor’s identity protection services are tasked with detecting and correcting identity theft before any damage is done or costs incurred. Real-time identity theft monitoring has complex, rules-based alerting intelligence that must be applied over a large number of different data sources simultaneously. With continuous integration and massive scalability being two necessary conditions for flawless service, InfoArmor needed a real-time stream processing platform that could scale to new levels of data acquisition, conditioning, analytics and alert delivery, and allow for continuous support to an evergrowing base of users.


  • Too large a variety of data feed formats;
  • Identification of theft rules coded in PHP;
  • System did not allow for integration of additional capabilities;
  • Platform was not scalable; base was close-to-capacity at 600,000 users.


SQLstream was chosen for its power to capture, process and integrate in real-time high volumes of unstructured data coming from a large variety of sources, its massive scalability for high velocity real-time operational intelligence, and its simple, fast deployment.

SQLstream’s stream processing platform enabled InfoArmor to meet the rapid growth in demand for its real-time identity monitoring services: the system now captures, parses and conditions multiple data feeds in different XML-based formats on the fly, and applies a sophisticated rules catalog across all data, delivering real-time alerts to consumers through SMS when rules and specific combinations of rules are breached.

Technology: s-Server.

The SQLstream solution provided an integrated platform for cybersecurity and ID theft monitoring & remediation, tracking, in parallel:

  • Malicious Command & Control networks;
  • Black market forums;
  • SSNs, names, addresses, emails and DOBs;
  • Wallet items (i.e. credit cards, medical insurance card);
  • Phishing networks;
  • Exploited websites;
  • Known compromised machines & servers.



  • Real-time identification of “me-notme” alerts;
  • Correlated “me-notme” responses;
  • Scaled up to 10x the volume processed per each commodity server;
  • Increased the overall user base capacity from 600,000 to over 10,000,000.