SOCRadar cuts threat query times with AlloyDB shift
Wed, 1st Jul 2026 (Today)
SOCRadar has migrated its threat intelligence platform from PostgreSQL to Google Cloud's AlloyDB, a move that lifted analytical query performance by up to 20 times, according to Google Cloud.
The cybersecurity company, which serves organisations in more than 30 countries, said its previous on-premises database had become a bottleneck as threat volumes rose and customers demanded faster results. Engineers were managing both high-speed data ingestion and heavy real-time analysis on the same system, pushing it to its limits.
SOCRadar chose AlloyDB after reviewing managed PostgreSQL-compatible options that could handle mixed workloads without a full redesign of its data stack. The migration was carried out with support from partner NGC, which validated the architecture and managed the cutover with limited disruption.
The shift has changed how SOCRadar processes cyber telemetry from sources including dark web forums, botnet logs and social media feeds. The workload combines live transactional ingestion, operational lookups during active investigations and deeper historical analysis for customer reporting.
In performance tests cited by Google Cloud, live ingestion speed increased by 3.2 times. Random indexed lookups that previously took between three and 3.5 seconds were completed in one second on AlloyDB, while analytical queries across historical datasets ran up to 20 times faster.
Operational shift
The operational impact appears to be as significant as the speed gains. SOCRadar said AlloyDB's automation reduced the need for manual tuning and sharply cut routine administration work.
Its database administrator now checks system health only "about once every two or three days", freeing up 75% of database administration resources for other work, including changes to the core platform.
Storage management was another area of savings. Automatic scaling after old logs were removed allowed SOCRadar to reclaim more than 45 TB that would otherwise have remained provisioned in a more static environment.
That matters for a business built around the speed and relevance of external threat intelligence. In cyber defence, a delay of even a few minutes can affect how quickly an organisation identifies an indicator of compromise or responds to an attack in progress.
AI filtering
Alongside the database move, SOCRadar has integrated Gemini Enterprise Agent Platform into its alarm management system. It is using the AI system to filter active alert streams and separate likely genuine threats from false alarms before analysts see them.
Security teams have long struggled with alert fatigue, where analysts are overwhelmed by large volumes of warnings generated by monitoring tools. SOCRadar said the AI layer categorises, filters and routes alerts directly on top of data workloads running in AlloyDB, aiming to reduce noise for users and improve the quality of alerts sent for investigation.
The database migration is part of a wider shift in how the platform is built. Rather than treating the database only as a store of records, SOCRadar is using the new setup as the foundation for more automated workflows across threat hunting and incident response.
Next phase
SOCRadar's AI team is now testing agent-based workloads designed to move beyond passive analysis. Areas under development include natural language querying for analysts, semantic similarity search across historical logs and automated incident summaries that turn technical records into plain-language briefings.
Natural language querying would let analysts search large data sets in conversational language instead of relying solely on traditional database syntax. Semantic similarity search would use vector embeddings to identify related patterns that might not appear in keyword searches.
Automated summarisation is aimed at incident response teams handling large volumes of machine-generated logs during active investigations. This would condense long technical records into shorter summaries for analysts and decision-makers.
SOCRadar said the migration removed a key infrastructure constraint that had diverted engineering time into maintenance. It added that the combination of faster analysis, reduced administration and AI-based filtering has changed how quickly it can deliver intelligence to customers across multiple markets.
According to the company, AlloyDB now maintains sub-second lookup latency as processing volumes scale.