Knowledge base for relational context between objects and entities

Context-Rich and Timely Risk Assessment and Event Detection

Continuous Improvement and Optimization

Widely Diverse Social Applications

Mind your own business

Fractal's GraphStack is a revolutionary graph database that generates an intuitive and interactive map of your entire enterprise. It allows users to see not only what’s connected to what, but how everything interacts, over time and in real time.

By creating a Digital Replica™ of real-world systems, GraphStack also makes it possible for users to add, remove, or change elements of their business to explore hypothetical futures and “what-if” scenarios. Simulation runs identify risky configurations and overlapping or extraneous workflows, effectively providing a virtual Red Team that continuously probes any observed system for vulnerabilities and inefficiencies.

GraphStack's continuously updated, enterprise-wide visibility drives increasingly informed decision-making and economically focused risk management, empowering users to understand and optimize their business like never before.


Example Use Cases

Risk Assessment and Event Detection

Cyber-Physical Graph

A continuously updated view of every device, location, user, service, and web activity in an observed system displayed as nodes (or vertices) in a graph database, with their relationships and interactions stored as labeled connections (or edges) between them—all easily explored on an interactive graph called the CPG.

Blast Radius Impact Assessment

Determine potential impact (or, Blast Radius) of a breach by effectively modeling an attacker’s probabilistic network traversal (or lateral movement), based on continuous assessments of effort vs. reward associated with privilege escalation and accessibility of connected devices.

Network Resilience Scoring

Continual risk assessments based on internal telemetry and topology data combined with external vulnerability and exploit data enable Fractal OS to forecast a network’s ability to withstand and recover from an event, and to quantify this resilience in a single metric called the Network Resilience score.

Attack or Disruption Simulation

Explore hypothetical outcomes of possible attack paths or cascading effects of a disruption by performing iterative simulation runs with various vertices in a graph acting in turn as the source vertex of the attack or disruption.

Active Directory Monitoring

Expose hidden or unintended relationships between graph entities based on identity-centric characteristics such as Active Directory trust relationships, allowing users to identify potential attack paths that are highly complex and otherwise very difficult to visualize.

Dynamic Asset Discovery

Continuously monitor the relationships and interactions between entities and processes over time in order to immediately detect the unexpected connection of any host to the network, understand the connectedness of that hosts to others, and assess the potential impact (or Blast Radius) if that host or credential is compromised or misused.

Privilege Oversight

Users with high levels of access will typically present high scores for a number of graph metrics, and these indicators can be used to flag risky network configurations with identity-centric queries that identify the direct links available to traverse the network using a given set of user credentials.

Continuous Improvement and Optimization

Business Process Graph

Business Process Model and Notation (BPMN) can be used to inform a graph such that the business process itself is stored as a node (or vertex) and the data flows or interactions between processes are stored as weighted connections (or edges) between them, enabling optimization strategies that identify inefficiencies such as overlapping, duplicate, or extraneous workflows across the enterprise.

Topology Optimization

Planning algorithms iteratively explore network topology options by comparing Blast Radius and Resilience scores of all possible expansion and back-propagation configurations to recommend the most secure and efficient topology with minimal risk and cost.

Operational Risk Management

Leverage a virtual Red Team that is continuously probing an observed system for vulnerabilities and operational inefficiencies to drive increasingly informed decision-making across the enterprise.

Supply Chain Logistics

Inventory data can be tracked against purchase or frequency-of-use metrics to forecast changes in demand and continuously update warehousing and supply chain orchestrations.

IoT Optimization

Utilize IoT sensors to monitor variables such as pressure and temperature among interconnected systems to identify potential problems before they occur and schedule preventative maintenance to minimize operational risk and costs.

Compliance Assurance

Any industry-specific compliance standards databases can be queried continuously for updates which can then be automatically compared against internal processes, procedures, and infrastructure to alert on discrepancies.


Leverage insights from global productivity metrics to identify inefficiencies, variances, and trends to streamline processes, reduce labor costs, decrease product defects, and improve speed to market.

Intuitive queries of nested connections between graph entities can derive complex or hidden correlations and relationships to automatically enrich and extend knowledge graphs as more data is ingested.

User behavior data such as purchase history can be mapped to connected users with common interests as well as globally or locally trending analytics to provide meaningful and timely recommendations for shopping, dining, and other activities.

Recursive trending and pattern matching algorithms can be leveraged to deliver predictive awareness of user behavior in order to dynamically place focused ads in front of individuals when they will be most impactful.

Anomalous behaviors associated with trending or pattern-based purchases or other activities can be compared to known fraud cases to provide an added measure of protection against retail or identity fraud in near real-time.

Ingested healthcare data including medical records and disease-causing gene information is automatically stored with geospatial context to enhance the ability to diagnose, track, and prevent the spread of infectious disease.

Forensic sciences such as geographic profiling can be used to track a perpetrator's movements to isolate a point of origin, correlate and possibly attribute additional crimes, and predict where they may strike next.

Behavior and trend analytics coupled with deep knowledge graph insights enable continuous enrichment of user profiles, identification of new, meaningful connections, and timely, contextually rich updates across networked users and groups.


Flexible Data Ingestion

Distributed and stateless implementation enables the consumption and integration of data streams in parallel from multiple, diverse data sources simultaneously.

Next-Gen Data Storage

Datatype-agnostic nature of storage allows the persistence of heterogeneous data in the same data store, making it possible to express arbitrary join functions (including transitive closure and flexible data types) that can’t be expressed in relational databases.

Dynamic Entity Inquiry

Interactive graph exploration with the ability to right-click any entity to display next-action buttons that enable immediate, specialized inquiries that provide deeper context and understanding of that entity’s status and connectedness to other graph entities.

Intuitive Query Language

Rich and flexible query language enables data scientists and users to intuitively explore and better understand the relationships and data flows between entities throughout the network infrastructure.

Ad Hoc Query Support

Scratchpads allow users to easily define highly customizable, complex queries, choose from a variety of rich visualization options to correlate, sort, and render results in milliseconds, and store these queries for future reference or automation.

Sub-graph Query Capabilities

Dynamically query individual or combinations of subgraphs to explore, understand, and predict behavior and interactions between discrete subsets of graph elements, such as user-specified business units, application types, or user groups (e.g. domain admins or terminated employees).

Nested Group Detection

Automatically triage and alert on changes in network or privilege configurations that result in unintended user access because of that user’s membership in a particular user group or set of nested groups.

DSL/Ontology Support

Support for Domain-Specific Languages (DSLs) and common data schemas, such as Open Graph of IT (OGIT) ontologies to define enterprise-grade topologies of corporate networks.

Gremlin Compatibility

Imperative and declarative traversals over graph-based data are easily defined and performed using Gremlin’s intuitive, object-based syntax.

Flexible Data Retention

Highly customizable data expiration, as well as support for automatic transfer of expired data to S3 or Glacier with the option to asynchronously restore it when needed.