Neo4j helps Intuit protect enterprise network infrastructure and the data security of 100 million customers.

As a globally renowned financial and tax software company, Intuit faced challenges in managing vast amounts of customer data and responding to security threats. By adopting Neo4j’s knowledge graph technology, Intuit built the Security Knowledge and Insights Platform (SKIP), enabling network topology mapping of over 500,000 endpoints and rapidly associating them with assets, significantly improving vulnerability identification and remediation efficiency. The platform integrates multi-source data, utilizes the Nodestream framework for real-time updates, and leverages the Neo4j Bloom visualization tool to uncover hidden network dependencies and unused infrastructure. Today, Intuit can perform risk scoring calculations in milliseconds, process 75 million database updates per hour, and reduce zero-day vulnerability response times from days to minutes—enhancing both data security and developer productivity. Neo4j empowers Intuit to explore data relationships graphically, ensuring reliable management of customer data.

 

Intuit, a renowned financial and tax software company founded in 1983, specializes in providing financial management, tax management, payroll, payment, and personal finance solutions for small and medium-sized businesses, individuals, and accounting professionals. Today, Intuit serves approximately 100 million customers worldwide through products like TurboTax, Credit Karma, QuickBooks, and Mailchimp, empowering individuals and small businesses to optimize their financial efficiency and make confident financial decisions.

To effectively manage the breadth and depth of customer data across its products and implement robust security measures, Intuit must maintain a clear understanding of its infrastructure. As Zach Probst, a software engineer at Intuit, stated: “Intuit’s brand is built on being a reliable company and a responsible steward of customer data, which means we need to respond swiftly to security incidents.”

Security Challenges
Security is paramount, so engineers must be prepared to quickly identify and patch vulnerabilities in Intuit’s extensive technology stack to prevent exploitation and protect customers from risks.

“Intuit is a large company with significant influence. Mapping so much computing and network infrastructure is already a massive challenge,” Probst explained. “But we also need to consider attribution, prioritization, and hygiene. Understanding who owns which endpoints, which vulnerabilities are most critical, and which infrastructure is no longer in use can significantly raise the stakes.”

Addressing security vulnerabilities requires deep insight into the affected software, operating systems, or environments. Intuit found it challenging to perform endpoint-to-asset attribution—the process of linking individual hostnames within a domain to their respective assets. This is crucial for achieving comprehensive visibility in security responses and ensuring sensitive information remains secure. The process was also time-consuming and relied on complex manual testing requiring specialized expertise.

The Solution
Intuit overcame this challenge by using Neo4j’s knowledge graph to map its network of over 500,000 endpoints, enabling precise network topology mapping to locate security vulnerabilities.

Probst explained: “This setup allows more people to understand network interdependencies, ensuring vulnerabilities are resolved quickly and customer data remains secure.” Intuit needed to stay ahead.

Powerful and Immediate Incident Response
Intuit’s Security Knowledge and Insights Platform (SKIP) leverages a knowledge graph integrating interconnected datasets, including vulnerabilities from security scans, cloud resources, compliance frameworks, organizational charts, DNS zones, entries, source code repositories and contributors, Akamai property configurations, redirect rules, and other sources.

The knowledge graph is refreshed with new data using Nodestream, an open-source ETL (extract, transform, load) framework for graph databases developed by Intuit’s team. Nodestream also supports data ingestion from sources like Kafka, AWS Athena, flat files, and Akamai. Neo4j Bloom is then used for simple graph visualization and exploration.

Before Neo4j, the team couldn’t map how Intuit’s infrastructure operated through Akamai, a distributed platform for cloud computing, security, and content delivery. Akamai includes hundreds of property configurations, each with thousands of lines of settings and thousands of endpoints, making traffic routing difficult and time-consuming.

Probst said: “Using graph relationships allows us to make powerful inferences, unlocking information that would otherwise remain hidden in siloed data. Nothing beats Bloom out of the box. It works seamlessly with minimal fuss, which was incredibly convenient when we started this project.”

With Neo4j and Bloom, Intuit now has a clear understanding of how its data and network traffic are routed through Akamai. Chad Cloes, a senior staff software engineer at Intuit, noted: “These visualizations reveal previously hidden insights that were hard to see before, such as identifying where unused infrastructure might be lurking.”

The team can now link Common Vulnerabilities and Exposures (CVEs) to source code and connect that code to frontend endpoints, mapping potential exposures in unused or unmonitored infrastructure. Probst pointed out: “This allows us to address the most critical vulnerabilities first and allocate resources appropriately to handle them.”

Cloes agreed: “We can now map potential exposures in seconds—something that previously took engineers hours or even days to figure out manually.”

The Fastest Path to a More Secure Infrastructure: Data Returns in Milliseconds
Given its massive data and network footprint, Probst emphasized: “It’s critical that we can attribute over 500,000 endpoints to hostnames in milliseconds, simply because we can add new data so quickly. We can pivot on zero-day vulnerabilities, assess our exposure, and resolve them almost immediately.” This is as close to real-time response as one could hope for.

Intuit now achieves immense throughput, ingesting and linking 20 million events and performing 75 million database updates per hour in the graph, which contains 65 million nodes and 190 million relationships.

Ultimately, more thorough infrastructure mapping leads to a more secure environment with significantly lower risks of security incidents. Another benefit of a clearer system view: time savings and a dramatic boost in developer productivity.

“Thanks to Neo4j, our developer team can calculate risk scores for every asset in Intuit—defined as any software, server, service, website, source code, etc.—in just four minutes. These are complex traversals involving tens of thousands of assets, and we can complete them incredibly quickly,” said Zach Probst, Staff Software Engineer at Intuit.

The Neo4j graph database platform helps businesses deeply, easily, and quickly uncover hidden relationships and patterns across billions of data connections. Customers leverage the structure of their connected data to reveal innovative solutions to their most pressing business challenges, from fraud detection and customer 360 to knowledge graphs, supply chains, personalization, IoT, and network management.