Security Research | 2 min read

Welcome to CandyStore: Sweet Security’s Open Source Key-Value Storage

Written by Tomer Filiba, CTO
August 28, 2024

We’re excited to announce that Sweet Security has officially released CandyStore – an extremely fast open source key-value store, with a very low memory footprint.

Why We Created CandyStore

It’s not every day that a cyber security company develops its own database (or its little cousin, a key-value store), but Sweet is not your average security company. We believe that the best product requires the best-of-breed technology, even if it means we have to build it ourselves.

Before getting there, we tested several well-established databases and key-value stores (sqlite,  RocksDB, to name a few), but none of them met our performance, memory or concurrency requirements. After a few weeks of rigorous testing, we set off writing our own key-value store and thus CandyStore was born.

Key Benefits

CandyStore is unique in that it’s not based on LSM or B-Trees, as most existing key-value stores, but rather on a novel algorithm. This algorithm can be seen as a “zero overhead” extension of a hash table that’s stored over files. Because it operates in O(1) like a hash table, rather than log(N) like a tree, we are able to achieve sub-microsecond latency, normally requiring a single IO for lookup / insert / removal, and 2 IOs for an update..

Another huge benefit of CandyStore is that it does not require a journal or a write-ahead log (WAL), thus reducing the number of disk operations required while still being crash-consistent. This is especially important in cloud instances, where disk IOs are capped. It also does not require costly merges or maintenance, and its compaction operations are bounded in size.

CandyStore allows us to reduce our sensor’s memory footprint even further, and is already deployed to thousands of sensors in the field.

Being a Rust shop since day one, and relying a lot on open source technologies ourselves, we felt obliged to share this project with the open source community. The code is now available on Github, under the Apache 2.0 license. Feel free to check it out. For a technical deep-dive of how the DB works, see this blog.

If you’d like to learn more about our technology and offering, schedule a demo today! 

Share

Popular Posts

Feature Release

Customized Rules for Enhanced Threat Detection and Response

Sweet is excited to announce our new custom rules detection capability for CDR and ADR, which allows users to build customized rules according to their specific threat landscape.  Easily create custom rules or exclude findings within a minute, without using complex query language, through a selection of predefined options: Generate New Custom Findings: Create a […]

Or Harel | 5 min read
Read More
Feature Release

Introducing Connection Analysis: Unveiling Hidden Network Insights

As cloud environments grow in complexity, having a clear view of the intricate relationships between cloud assets across your infrastructure is not just a luxury—it’s a necessity. That’s why we’re so excited to announce Sweet’s latest feature: Connection Analysis.  Connection Analysis provides unparalleled visibility into your cloud network, offering detailed insights into every connection within […]

Lea Edelstein | 4 min read
Read More
Feature Release

Introducing Sweet Security for Hybrid Cloud Environments

Sweet Security is thrilled to announce comprehensive support for on-premises and private cloud environments. This expansion enhances our existing capabilities for all major cloud platforms—Azure, AWS, and GCP—and virtual machines (VMs) such as AWS EC2s, Google Compute Engine, and Azure Virtual Machines. Enhancing Cloud Application Security with Support for Hybrid Environments Application environments are complex. […]

Lea Edelstein | 2 min read
Read More