Covering Disruptive Technology Powering Business in The Digital Age

Graphs Are a Security Trump Card: Connecting the Dots of Cybersecurity
April 11, 2022 News


Written by: Martin Dale Bolima, Tech Journalist, AOPG.

Graph technology is undeniably useful, with insight generation using available data now an essential aspect of the modern enterprise. It enables businesses to leverage the power of data and help them be ready for even the most abrupt of changes. And evidently, this humanised approach to making sense of data, which can usher in new and innovative ways to solve problems and uncover new frontiers, can also help enhance an organisation’s security architecture.

Such was the underlying message of the March instalment of Neo4j Connections, a digital event series by Neo4j to “keep the graph database community connected, energised and engaged in education.” This month’s event, aptly titled “Cybersecurity: Combating Modern Threats with Graph Databases,” focused on how graph technology can help in cybersecurity, with Xander Smart, Enterprise Account Manager at Neo4j, discussing the role of graphs in cybersecurity and Gal Bello, Senior Pre-Sales Engineer at Neo4j, modelling cybersecurity with Neo4j in particular.

Dr Jim Webber, Chief Scientist at Neo4j; Egor Burnashev, Cybersecurity SME, Risk Advisory, at Deloitte, and Ashkan Rahimian, Senior Manager, Cyber Emerging Technologies, also at Deloitte, also joined the virtual event, with Dr Webber delivering a  keynote about cyber threats and the resiliency landscape. Burnashev and Rahimian, on the other hand, spoke about graph-based threat modelling, security analytics and threat hunting.

Rounding off the speakers for “Cybersecurity: Combating Modern Threats with Graph Databases” were Hays Hutton, Cloud Architect at Palo Alto Networks (digital twinning the cloud for DevSecOps), Leon Goldberg, Chief Architect, Cider Security (the CI/CD graph) and Nariman Mammadli, Director & AI Architect at Royal Bank of Canada (cyber events to cyber stories). Dave Packer, Vice President of Product, Customer, and Partner Marketing at Neo4j, formally kicked off the proceedings by speaking about the data platform for today’s intelligent applications.

Cybersecurity Challenges Abound

The past few years, according to Dr Webber, have seen a rise in cybercrime, and if this is any indication, more of it is likely to come in the years ahead.

“The year 2022 figures to be another challenging year for business users, for people who do business and for individuals, actually, and it’s across every sector of the economy,” said Dr Webber. “It seems that the bad folks, the cyber adversaries, have made it their mission to inflict financial damage, to steal, to harass governments, companies and individuals, and make us pay a high price for their crimes… And on top of the normal level of cyber threats that we’re seeing, we almost certainly now have state actors waging part of that [cybersecurity] war by the internet. This is an incredibly feeble time.”

To illustrate the point of cyber threats being pervasive, consider these findings, which Dr Webber presented in his keynote:

  • In 2021, there was a 102% surge in global ransomware attacks.
  • There has been a 274% increase in brand abuse over the last year or so.
  • From January to December 2021, malware attacks rose by 423%.
  • In this time of pandemic, there has been a 521% increase in COVID-related phishing.

Given this bleak cybersecurity outlook, Dr Webber emphasised a need to reconsider this perspective from John Lambert, Distinguished Engineer and Vice President at Microsoft Threat Intelligence Centre: “Defenders think in lists, attackers think in graphs; as long as this is true, attackers win.”

“Most defenders are focused just on protecting their assets—sorting them by workload and business function,” Dr Webber explained. “But assets are actually connected to each other by security relationships. Attackers breached that network not just by filing on the top of a checklist but by landing somewhere in the graph. Using a technique like spear fishing, they can hack and find a soft system to enter and then crawl out along those connections to infiltrate other systems.”

In other words, the network cables in an organisation’s data centre are graphs that show which machines are talking to each other, and these graphs can be used “fine-tune and reinvigorate” an organisation’s defence strategy. Dr Webber, though, stopped short of calling graphs the answer to cybersecurity, but he did highlight “the value in thinking about the connections of these systems as a way of improving cybersecurity response.”

The Value of Graphs in Cybersecurity

Among other things, graphs can:

  • Help organisations identify and assess risk.
  • Help organisations understand how they can better protect their systems and services.
  • Aid organisations in detecting anomalies—in real-time.
  • Enable rapid response in near real time in case an attack does happen.
  • Facilitate rapid recovery in case of an attack.

The role of graphs, according to Smart, comes at the latter part of users’ typical progression in their use of graphs. This begins with creating a Graph of Things, like a graph of the organisation’s IT infrastructure or its applications, followed by making a Graph of Transactions to show how data is moving and how different organisational parts are related. Next comes the building of Graphs of Activity and Behaviour that, according to Smart, can help organisations “identify insider threats, or look for bottlenecks.”

“When you think about your IT network, you think about it as a graph,” explained Smart. “So, when you load this data into Neo4j, you can begin to understand how an access point is connected to a router. And if something goes down, what systems will be impacted? What’s the single throughput that I can ramp up my security posture to stop an attack?”

However, Smart did clarify that a graph database is not a replacement per se for existing security tools, like anti-malware, firewalls and antiviruses. Instead, graphs can give security teams an in-depth, three-dimensional view of cybersecurity problems and how they can impact an organisation’s networks and systems. In other words, graphs help security teams gain the full cybersecurity picture, thus allowing them to respond accordingly with informed decisions every step of the way.

The Final Takeaway

The biggest takeaway in Neo4j’s nearly day-long virtual event is quite obvious: In the digital world full of cyber threats, graphs can be an organisation’s ace up its sleeve in the war against cybercrime. But to be clear, graph technology is not the end-all and be-all of security; rather, it can complement and enhance a security architecture by helping security teams notice patterns, understand relationships better and spot anomalous behaviour faster.