Case Study: McAfee achieves real-time, scalable global threat intelligence with MongoDB

McAfee is Improving Global Cybersecurity With MongoDB

McAfee Global Threat Intelligence (GTI) collects massive amounts of telemetry—network flows, file hashes, URLs and other indicators—from sensors worldwide to detect and block cyberthreats in near real time. GTI’s legacy relational systems struggled with the volume and semi‑structured, evolving data: schema migrations, slow joins, high storage costs and complex sharding made it hard to scale to tens of terabytes or petabytes while delivering low‑latency queries for analysts and automated defenses.

By adopting MongoDB’s document model and distributed architecture, GTI gained native JSON/BSON storage, auto‑sharding, replica sets, GridFS for large artifacts, geospatial indexing and broad driver support. The platform let McAfee scale storage and I/O linearly, add new indicator types without costly migrations, and slash query latency from seconds or minutes to tens or hundreds of milliseconds—enabling faster feature development, more reliable distribution of large files and significantly lower operational overhead.

McAfee

Wes Widner

IT Architect, McAfee