Cyber attacks have been on the rise in recent years with nation-state threat actors and foreign hacking collectives devoting more time and resources to making the life of the Chief Security Officer as challenging as possible. The pandemic has only escalated the problem, forcing businesses to shut down their physical buildings and putting unprecedented demand and pressure on digital platforms through work-from-home.
Cyberattacks have skyrocketed. In 2021, Forrester reported that 68 percent of APAC organisations were breached, with the average attack costing organisations US$2.2 million. In ASEAN, 92 percent of businesses believe that cybersecurity should be one of the top priorities for business leaders.
Globally, software supply chain attacks, which exploit vulnerabilities in embedded open source libraries, increased 430 percent in 2020 and continued their meteoric rise with a 650 percent increase in 2021.
Are the odds stacked against us?
This is not news to the IT security industry, which is a field characterised by extreme, unmanageable complexity. Something as straightforward as incident analysis requires pulling together data and logs from multiple platforms and tools. In parallel, defenders have an even bigger job. They must protect against every possible attack and patch every possible vulnerability, but an attacker needs to find only one opening to land and expand. Defenders have many responsibilities, and attackers just have to be hyper-focused on finding exploits.
To effectively mitigate against cybersecurity risks, governments and businesses need advanced data solutions that empower them to correlate and analyse connections at real-world scale. One such solution is graph technology. Instead of the traditional tables of columns and rows, graphs store data as nodes and links, which represent the relationships and dependencies between entities.
Criminals operate in a much more “graph-like” way: infecting one node and then spreading throughout the networks. As John Lambert, Distinguished Engineer and General Manager, Microsoft Threat Intelligence Center, has observed: “Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.”
By using a graph database, cyber defence teams can map out the flows between assets they want to protect and the vulnerabilities between them.
Graphs as cyber defence
Graph databases are a strong fit for cybersecurity, as they integrate multiple data sources, incorporate large data volumes, and easily reveal dependencies. Security data comes from many sources, with enterprises typically having an average of 75 security tools deployed, as well as many other applications and services that generate log files relevant to cybersecurity.
The advantage of graph databases increases with the size and complexity of the data. With a graph database, IT teams can gain a unified visualisation of the attack surface and the ability to conduct ongoing cyber risk assessment simply by connecting resources and users with the activities on the system. This enables predictive, pre-emptive, and proactive threat identification and cyber risk management with clear attack paths and reachability routes. It makes it easier to protect systems and detect anomalies in real time, respond with confidence to any incidents and recover quickly.
By modelling infrastructure as a graph, security teams can:
- identify the most valuable assets and target security investments
- generate alerts for relevant teams about the impact of incidents across systems
- more quickly spot suspicious behaviour, reducing mean time to detection and uncovering insider threats
- analyse and rationalise identity and access management to enforce the principle of least privilege.
Digital twins: a new advance
A new development that can help in the fight against cyber attacks is a digital twin. By modelling processes in a digital twin, organisations can quickly access a very extra potent security defence.
As a kind of real-time, “living simulation” mirroring the real world, a digital twin allows security experts to run vulnerability tests without disrupting everyday services. Even better, it’s a technology that can also be used to simulate cyberattacks and help with threat detection and smart decision-making should a breach occur. Additionally, digital twins can be used to carry out network analysis across connected IT systems to rapidly help security teams better identify vulnerabilities and quarantine them before they spread to other parts of the infrastructure.
Ultimately, creating and analysing a graph digital twin of your infrastructure is one of the most effective measures for improving cybersecurity posture. It’s also very helpful for managing the endless, dynamic complexity of cybersecurity vulnerabilities and threats
A digital twin can be very useful for cybersecurity analysts to query and take action on. It is also a representation that can be analysed by data scientists, who can build models to detect malicious activities.
Graphs are a powerful antidote to complexity—and there is no area more complex than the ever-morphing cybersecurity threat. The smart CSO move is to get a better handle on cybersecurity problems via modelling them as a graph-based digital twin.
By Nik Vora, Vice President, APJ at Neo4j
This article was first published by Tech Collective