Architecture

Platform Overview

EchelonGraph is a cloud-native security platform built on a microservices architecture designed for multi-tenant isolation, horizontal scalability, and real-time threat detection. The platform processes cloud telemetry through a high-throughput event pipeline and presents results through interactive dashboards and a comprehensive REST API.

---

Core Services

The platform is composed of purpose-built services, each responsible for a distinct domain:

• API & Intelligence Layer: Serves the REST API, computes blast radius analysis, processes CVE feeds, and calculates risk scores
• Identity & Access: Handles all authentication (SSO, MFA, WebAuthn), role-based access control, SCIM 2.0 provisioning, and session management
• Compliance Engine: Continuously evaluates infrastructure against 17 compliance frameworks with 368+ automated controls
• Telemetry Pipeline: High-throughput ingestion and processing of scan results, delivering findings to dashboards in real-time
• Scanning Layer: Multi-tier scanning — agentless cloud API scanning, network-level discovery, and runtime telemetry collection
• Product Frontend: Interactive dashboards, 3D blast radius visualization, alert management, and compliance reporting

---

Data Flow

The scan-to-dashboard pipeline is fully automated — no manual data insertion at any stage:

1. Scanners authenticate with your cloud provider APIs using read-only credentials
2. Scanners discover assets and run 440+ misconfiguration rules mapped to CIS v2.0
3. Scanners correlate CVEs and build attack path graphs from internet-facing nodes inward
4. Findings are ingested through a high-throughput gRPC pipeline with at-least-once delivery
5. Findings are processed — graph builder computes attack paths, CVE correlator matches against NVD, compliance scorer evaluates 17 frameworks
6. The API layer queries processed data and serves it to dashboards and integrations
7. Dashboards update with 3D graphs, alerts, compliance scores, and webhook notifications in real-time

---

Tenant Isolation

Every customer's data is completely isolated at every layer of the platform. Cross-tenant access is architecturally impossible — not just restricted by application logic, but enforced at the data layer itself.

• Relational data: Row-level security policies ensure queries can only access the authenticated tenant's rows
• Graph data: Every node carries a tenant identifier with enforced scoping on all queries
• Analytics data: Partitioned by tenant for physical separation at the storage layer
• Caching layer: Namespaced per-tenant with no cross-tenant access possible
• Event bus: Tenant-scoped routing ensures consumers only receive their own events

---

Performance

The platform is engineered for sub-second response times under production load:

• Blast radius queries return in milliseconds, even for complex multi-hop traversals
• Telemetry ingestion handles hundreds of events per second per instance with automatic horizontal scaling
• Alert delivery reaches connected dashboards in under 100ms
• Frontend loads in under a second with optimized asset delivery

All services scale horizontally to meet demand, with built-in circuit breakers and retry logic to maintain availability during upstream issues.

---

Encryption

Data is protected at every layer:

---

High Availability

• Auto-scaling: Services scale horizontally based on demand with warm-instance support to eliminate cold starts
• Automated backups: Daily backups with point-in-time recovery for all critical data
• Event durability: At-least-once delivery guarantees for all scan results and alerts
• Circuit breakers: Automatic failure isolation with exponential backoff retry
• Health monitoring: Continuous liveness and readiness checks on every service