Extra tags: cybersecurity
Graph technology is about making sense of data. It enables a connections-first approach, gives organisations a 360-view of their data and allows decision-makers to identify patterns that would otherwise be hard to spot using legacy tools.
It is these very characteristics of graph technology that enables it to play a crucial role in enhancing cybersecurity. And in a future that will be defined by more potent, more dangerous, and more sophisticated cyber attacks with far-reaching ramifications, it is high time that security teams leverage graph databases on top of deploying traditional cybersecurity measures.
Many of the world’s leading governments and organisations appear to be doing that already, with most turning to Neo4j to reinforce their cybersecurity strategies in the face of threats that are growing in number and sophistication.
To be clear, Neo4j is not a cybersecurity vendor. At its core, it is a data analytics company. But what is it that makes Neo4j’s graph technology a vital component of cybersecurity?
Liz Maida, Founder of and CEO at Uplevel Security, best explains why; “Security teams face an overabundance of data, and resource constraints make it simply impossible to analyse everything. The work put into investigating alerts is manual and time-consuming. And even after going through the effort of creating and managing correlations between data, security analysts pick something to investigate based purely on general instinct. Graphs not only help with visualising the data but also analysing the underlying data efficiently.”
In other words, graph technology helps security teams better identify anything out of the ordinary, thereby allowing them to be proactive rather than reactive. Or, as Ashkan Rahimian, Cyber-Artificial Intelligence Senior Lead at Deloitte Canada’s Omnia AI, points out; “The majority of security controls are detective in nature, already placing security operations teams at a high disadvantage against attackers. By leveraging Neo4j and graph analytics, we were able to create the Cyber AI Attack Path Modeling (APM) product, an Artificial Intelligence (AI)-led graph-based tool that provides assessment and unified visualisation of cyber risks and attack paths that threaten an organisation’s critical assets.”
Companies, though, are not the only ones utilising graphs to enhance their cybersecurity. Governments around the world are doing the same as well, with Neo4j, in particular, approved to run in classified environments by many departments of defence and intelligence community agencies.
One notable agency combating cyber attacks with the help of Neo4j’s graph technology is MITRE Corporation, a U.S. federally funded, not-for-profit company that aims to “solve problems for a safer world.” One of these problems is cybercrime, and among the solutions MITRE has developed to address it is CyGraph, a tool for cyberwarfare analytics, visualisation and knowledge management.
Graph technology is central to CyGraph, enabling it to bring in isolated data and events and piece together an overall picture for decision support and situational awareness. It exposes vulnerabilities, correlates intrusion alerts to previously identified vulnerability paths, and then recommends courses of action for attack response based on existing data. Critically, CyGraph evolves with both the available data sources and the desired analytics, thereby ensuring that it continuously provides context so it can react appropriately to attacks and protect mission-critical network assets.
The CyGraph blueprint will be the way forward in combating cybercrime because traditional cybersecurity technologies can only detect immediate relationships. The problem is that attackers nowadays typically launch network-based attacks and then use multiple layers of misdirection to delay or mislead security teams. Graphs can see through all that obfuscation, and that is why they are a handy resource to combat cyber attacks.
To find out more about graphs in relation to cybersecurity, click here for the Graphs for Cybersecurity lectures presented in “Connections 2021”, or download the following white paper.