When we look at reining in and limiting nefarious activity on organisational networks, it helps to think like a criminal. Criminals look for vulnerabilities. They think in “graphs” while the organisations they target usually think in lists, combating crime through elimination.
Graphs are a way of representing reality in terms of nodes and the connections or relationships between them. Cybercriminals are looking for undetected relationships to exploit. It is these weaknesses that are inherent vulnerabilities. They are the multiple small connections that criminals seek to circumvent an organisation’s security measures.
Technology systems are built to withhold attacks, but many entry points exploit systemic vulnerabilities in an increasingly connected world. They are accessing a hole in the HR system to get to the financial accounts, for example.
Why we need graph data platforms
Graph databases map out the flows between assets needing protection and the vulnerabilities between them. Graph data platform is unique in this relationship-centred approach. And it has reached a point of maturity where we can run off-the-shelf algorithms over a network. These algorithms locate connections that pinpoint your system’s vulnerabilities. This lets you take corrective actions to shore up systems.
A pathfinding algorithm essentially finds the shortest path in a network. Security teams can use the algorithm to discover how it links to the largest potential vulnerability and close the door on it. Pathfinding can locate the central system that accesses the majority of the systems in the same network. This could be a system that allows access to important information but isn’t adequately protected. HR systems that connect to your IP storehouse, for example.
Graph data platform detects and analyses system irregularities in real-time, based on patterns in the network. It could be an IT network where you know the regular patterns flow in a hub and spoke fashion. An unusual pattern could be when edge devices, such as IoT devices in a telecoms configuration, try to connect or an outside area. This kind of irregularity suggests possible interference by cybercriminals. Cybersecurity teams can set a threshold based on abnormal system behaviour. A breach of this threshold triggers an alarm for intervention or isolation of the suspect part of the system.
A helpful way to employ a graph data platform is to make predictions to prevent future problems. It is possible to identify previous patterns where cybersecurity was potentially under threat. These seemingly innocuous patterns could easily have been cyber attacks. Taking these patterns and running them in a graph database allows for prediction and comparison with other patterns. You can create models of prior attacks using machine learning to which new data is added. Comparisons can be drawn to determine where weaknesses lie to guard against future attacks.
The adoption of graph data platforms in the region has enabled organisations across several sectors to detect and respond to cyber threats real-time by better understanding complex data relationships. Employing graph databases ensures that their anti-fraud team has a chance to strike first or act even before an impact.
How do you use a graph data platform
For example, a multinational banking and financial services company utilises a graph data platform to ensure its critical assets are cyber safe and resilient. Risk analysts are enabled to grant or deny requests and trace employees’ actions to prevent breaches and fraud.
Government agencies, securities and insurance providers and law enforcement across the region are also at the forefront in leveraging the power of graph data platforms, empowering them to identify and catch bad actors and prevent and minimise risks and losses.
Graph data platform is also a powerful weapon against money laundering and embezzlement. In AML, an analysis of a customer activity dataset using graph-based machine learning will reveal fraudulent and non-fraudulent behaviour.
Graph data platforms help accurately assess the risk and cybersecurity threats your businesses face. It shows you where you need to add in defenses and how much you need to invest to be adequately protected. In the battle for more robust cybersecurity, you need to know your enemy and exactly how they operate. When you understand this, you’ll be able to outsmart them.
By Nik Vora, Vice President, APAC at Neo4j
This article was first published by Tech Collective