🏗️

Architecture

Platform Overview

EchelonGraph is a cloud-native security platform built on a microservices architecture designed for multi-tenant isolation, horizontal scalability, and real-time threat detection. The platform processes cloud telemetry through a high-throughput event pipeline and presents results through interactive dashboards and a comprehensive REST API.

EchelonGraph Platform Architecture
EchelonGraph Platform Architecture

Core Services

The platform is composed of purpose-built services, each responsible for a distinct domain:

  • API & Intelligence Layer: Serves the REST API, computes blast radius analysis, processes CVE feeds, and calculates risk scores
  • Identity & Access: Handles all authentication (SSO, MFA, WebAuthn), role-based access control, SCIM 2.0 provisioning, and session management
  • Compliance Engine: Continuously evaluates infrastructure against 9 compliance frameworks with 368+ automated controls
  • Telemetry Pipeline: High-throughput ingestion and processing of scan results, delivering findings to dashboards in real-time
  • Scanning Layer: Multi-tier scanning — agentless cloud API scanning, network-level discovery, and runtime telemetry collection
  • Product Frontend: Interactive dashboards, 3D blast radius visualization, alert management, and compliance reporting

Data Flow

The scan-to-dashboard pipeline is fully automated — no manual data insertion at any stage:

EchelonGraph Data Flow
EchelonGraph Data Flow
  1. Scanners authenticate with your cloud provider APIs using read-only credentials
  2. Scanners discover assets and run 440+ misconfiguration rules mapped to CIS v2.0
  3. Scanners correlate CVEs and build attack path graphs from internet-facing nodes inward
  4. Findings are ingested through a high-throughput gRPC pipeline with at-least-once delivery
  5. Findings are processed — graph builder computes attack paths, CVE correlator matches against NVD, compliance scorer evaluates 9 frameworks
  6. The API layer queries processed data and serves it to dashboards and integrations
  7. Dashboards update with 3D graphs, alerts, compliance scores, and webhook notifications in real-time

Tenant Isolation

Every customer's data is completely isolated at every layer of the platform. Cross-tenant access is architecturally impossible — not just restricted by application logic, but enforced at the data layer itself.

EchelonGraph Tenant Isolation
EchelonGraph Tenant Isolation
  • Relational data: Row-level security policies ensure queries can only access the authenticated tenant's rows
  • Graph data: Every node carries a tenant identifier with enforced scoping on all queries
  • Analytics data: Partitioned by tenant for physical separation at the storage layer
  • Caching layer: Namespaced per-tenant with no cross-tenant access possible
  • Event bus: Tenant-scoped routing ensures consumers only receive their own events

Performance

The platform is engineered for sub-second response times under production load:

  • Blast radius queries return in milliseconds, even for complex multi-hop traversals
  • Telemetry ingestion handles hundreds of events per second per instance with automatic horizontal scaling
  • Alert delivery reaches connected dashboards in under 100ms
  • Frontend loads in under a second with optimized asset delivery

All services scale horizontally to meet demand, with built-in circuit breakers and retry logic to maintain availability during upstream issues.

Encryption

Data is protected at every layer:

LayerProtection
In transitTLS 1.2+ on all connections
At rest (infrastructure)AES-256 encryption on all managed data stores
At rest (sensitive data)Field-level encryption for credentials and personally identifiable information
Password storageIndustry-standard hashing with constant-time comparison
Secrets managementVersioned, audit-logged, and auto-rotatable secret storage
Self-hostedBring Your Own Key (BYOK) — customer-managed encryption keys

High Availability

  • Auto-scaling: Services scale horizontally based on demand with warm-instance support to eliminate cold starts
  • Automated backups: Daily backups with point-in-time recovery for all critical data
  • Event durability: At-least-once delivery guarantees for all scan results and alerts
  • Circuit breakers: Automatic failure isolation with exponential backoff retry
  • Health monitoring: Continuous liveness and readiness checks on every service
Previous API ReferenceNextDeployment