FalkorDB Security Graph

FalkorDB's security graph is an application of its core graph database specifically configured for cybersecurity workloads. It models security data — users, roles, permissions, cloud resources, IP addresses, and vulnerabilities — as nodes and edges, enabling multi-hop traversal queries to trace attack paths, map entitlement chains, and correlate alerts across identity, network, and workload layers in real time. The primary use cases are CNAPP, CSPM, and CIEM deployments, where the relationships between cloud identities, resources, and permissions are too complex and fast-changing for relational schemas to handle efficiently. It also supports IAM analysis, lateral movement detection, and attack path mapping. Key technical properties relevant to security workloads include sub-millisecond query performance on multi-hop traversals, native multi-tenancy with full isolation across more than 10,000 graphs within a single instance, and a flexible schema that evolves as the threat surface changes. Queries are written in Cypher. It is primarily aimed at security vendors building CNAPP, CSPM, or CIEM products on top of FalkorDB as infrastructure, rather than enterprise security teams deploying it directly. It is open source and available on-premises or as a managed cloud service.