SlideShare a Scribd company logo

Graph Gurus Episode 22: Cybersecurity

TigerGraph
TigerGraph

https://info.tigergraph.com/graph-gurus-22 A new weapon in the struggle against cyber security is now available. Graph analytics offer exciting possibilities for an organization to develop an intelligent approach to securing its IT environment with data-driven analytics. By watching this webinar you will learn how to: Detect and mitigate attacks against a firewall with unprecedented accuracy Identify and block devices used in denial of service attacks Build “footprint” profiles that can be used for machine learning.

1 of 22
Download to read offline
Graph Gurus 22 Guarding Against Cyber Security Threats with a Native Parallel Graph Database 1
© 2019 TigerGraph. All Rights Reserved Today’s Presenters ● Co-authored GSQL, TigerGraph’s query language, and expertise in graph solutions and algorithms ● Developed solutions for many Fortune 50 companies ● 5+ years with TigerGraph Xinyu Chang, Director of Customer Solutions Victor Lee, Head of Product Strategy ● BS in Electrical Engineering and Computer Science from UC Berkeley, MS in Electrical Engineering from Stanford University ● PhD in Computer Science from Kent State University focused on graph data mining ● 15+ years in tech industry 2
© 2019 TigerGraph. All Rights Reserved Some Housekeeping Items ● Although your phone is muted we do want to answer your questions - submit your questions at any time using the Q&A tab in the menu ● The webinar is being recorded and will uploaded to our website shortly (https://www.tigergraph.com/webinars-and-events/) and the URL will be emailed you ● If you have issues with Zoom please contact the panelists via chat 3
© 2019 TigerGraph. All Rights Reserved Some Big and Bad Cyberattacks Yahoo Date: 2013-14 Impact: 3 billion user accounts Marriott International Date: 2014-18 Impact: 500 million customers eBay Date: May 2014 Impact: 145 million users compromised Equifax Date: July 29 2017 Impact: PII of 209 million individuals Source: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html 4
© 2019 TigerGraph. All Rights Reserved Ransomware Attacks Reported Yesterday 5
© 2019 TigerGraph. All Rights Reserved Cybersecurity Statistics At-a-Glance ● 92% of malware is delivered by email. ● 56% of IT decision makers say targeted phishing attacks are their top security threat. ● The average ransomware attack costs a company $5 million. ● It takes organizations an average of 191 days to identify data breaches. ● 69% of companies see compliance mandates driving spending. ● 88% companies spent more than $1 million on preparing for the GDPR. ● 25% of organizations have a standalone security department. ● 54% of companies experienced an industrial control system security incident ● 61% of organizations have experienced an IoT security incident Source: https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html 6
© 2019 TigerGraph. All Rights Reserved A Connected Data View of Cyberattacks ● Your system is a graph ● The attack is a chain of events: 7 ● A few perpetrators issue a vast number of attacks: hubs DDOS Attack
© 2019 TigerGraph. All Rights Reserved Basics of Graph-Based Cyberattack Defense ● Your system is a network of components and processes → make a real-time graph model ● Set up monitoring and known-pattern defenses at strategic points ● If an attack occurs, graph assists in tracing both upstream to source and downstream to effects ● Collect historical data to feed into Machine Learning → Develop AI models to detect future attacks 8
© 2019 TigerGraph. All Rights Reserved Motivation - Why Native Parallel Graph? Why use graph database to minimize cyber security problems? 1. Huge data size. Up to terabytes of log generated per day. 2. Integrating multiple data source. log files, infrastructure info, user info. 3. Interconnected multi-level data structure. service-microservice, domain-subdomain, organization chart… 4. Required to do deep-link analytics Anomaly behavior pattern matching, source tracing 5. Real-time response to minimize the loss 9
© 2019 TigerGraph. All Rights Reserved Integrating Multiple Data Sources System Log Cyber Security System Service Info User Info Server Info Resource Info Organization Info Domain-URL-IP Info 10
© 2019 TigerGraph. All Rights Reserved A Graph View Queries from Submitted Request To Deployed in Reports To Serves As Has Admin Has IP In Domain Has Micro Service Has IP Has Device Works for Department Outputs To Has URL Has Alert Has Status Has Email 11
© 2019 TigerGraph. All Rights Reserved Cyber Security Problems Common Attack Pattern Classification (CAPEC) • Engage in deceptive interactions • Abuse existing functionality • Manipulate data structures • Manipulate system resources • Inject unexpected items • Employ probabilistic techniques • Manipulate timing and state • Collect and analyze information • Subvert access control 12
© 2019 TigerGraph. All Rights Reserved Graph Use Cases in Cyber Security 1. Match user behavior pattern 2. Trace the source of an error/alert/ problem 3. Anomaly detection 4. Graph feature extraction for machine learning 13
© 2019 TigerGraph. All Rights Reserved Detect Specific User Behavior Patterns Add Mobile Disk Event File Move Event Restricted File Remove Mobile Disk Event 1 2 3 Restricted File File Read Event Firewall Check Missing A user plugged in a mobile disk, copied the file then removed the mobile disk A user read from the restricted file bypassed the firewall check Firewall Service 14
© 2019 TigerGraph. All Rights Reserved Tracing the Source of an Error/Alert/Problem File Corrupted Alert File Read Event File Write Event Login EventWhat is the login IP of the user whose write operation resulted in a File Corrupted Alert for other services ? High CPU Usage Alert Request Login Event Which login IP resulted in a High CPU Usage Alert ? 15
© 2019 TigerGraph. All Rights Reserved Detecting Anomalies Flooding Detection One service receives way more requests than usual Request Request Request Request Request Request Request Footprinting Detection One service receives a much larger number of different requests from the same IP/user ID than usual Request Request Request Request Request Request Request 16
© 2019 TigerGraph. All Rights Reserved Graph Feature Extraction # of shortest paths to blacklisted users/IP # of blacklisted user/IP in 1/2/3...k hops K Nearest Neighbor Having similar sequence of user behavior with blacklisted users 17
© 2019 TigerGraph. All Rights Reserved DEMO 18
Q&A Please submit your questions via the Q&A tab in Zoom
© 2019 TigerGraph. All Rights Reserved Additional Resources 20 Start Free at TigerGraph Cloud Today! https://www.tigergraph.com/cloud/ Test Drive Online Demo https://www.tigergraph.com/demo Download the Developer Edition https://www.tigergraph.com/download/ Guru Scripts https://github.com/tigergraph/ecosys/tree/master/guru_scripts Join our Developer Forum https://groups.google.com/a/opengsql.org/forum/#!forum/gsql-users
© 2019 TigerGraph. All Rights Reserved Coming To A City Near You 21 Let us know if you would like to help organize a Graph Gurus Comes To You workshop in your city https://info.tigergraph.com/graph-gurus-request
Thank You

More Related Content

Graph Gurus Episode 22: Cybersecurity

  • 1. Graph Gurus 22 Guarding Against Cyber Security Threats with a Native Parallel Graph Database 1
  • 2. © 2019 TigerGraph. All Rights Reserved Today’s Presenters ● Co-authored GSQL, TigerGraph’s query language, and expertise in graph solutions and algorithms ● Developed solutions for many Fortune 50 companies ● 5+ years with TigerGraph Xinyu Chang, Director of Customer Solutions Victor Lee, Head of Product Strategy ● BS in Electrical Engineering and Computer Science from UC Berkeley, MS in Electrical Engineering from Stanford University ● PhD in Computer Science from Kent State University focused on graph data mining ● 15+ years in tech industry 2
  • 3. © 2019 TigerGraph. All Rights Reserved Some Housekeeping Items ● Although your phone is muted we do want to answer your questions - submit your questions at any time using the Q&A tab in the menu ● The webinar is being recorded and will uploaded to our website shortly (https://www.tigergraph.com/webinars-and-events/) and the URL will be emailed you ● If you have issues with Zoom please contact the panelists via chat 3
  • 4. © 2019 TigerGraph. All Rights Reserved Some Big and Bad Cyberattacks Yahoo Date: 2013-14 Impact: 3 billion user accounts Marriott International Date: 2014-18 Impact: 500 million customers eBay Date: May 2014 Impact: 145 million users compromised Equifax Date: July 29 2017 Impact: PII of 209 million individuals Source: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html 4
  • 5. © 2019 TigerGraph. All Rights Reserved Ransomware Attacks Reported Yesterday 5
  • 6. © 2019 TigerGraph. All Rights Reserved Cybersecurity Statistics At-a-Glance ● 92% of malware is delivered by email. ● 56% of IT decision makers say targeted phishing attacks are their top security threat. ● The average ransomware attack costs a company $5 million. ● It takes organizations an average of 191 days to identify data breaches. ● 69% of companies see compliance mandates driving spending. ● 88% companies spent more than $1 million on preparing for the GDPR. ● 25% of organizations have a standalone security department. ● 54% of companies experienced an industrial control system security incident ● 61% of organizations have experienced an IoT security incident Source: https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html 6
  • 7. © 2019 TigerGraph. All Rights Reserved A Connected Data View of Cyberattacks ● Your system is a graph ● The attack is a chain of events: 7 ● A few perpetrators issue a vast number of attacks: hubs DDOS Attack
  • 8. © 2019 TigerGraph. All Rights Reserved Basics of Graph-Based Cyberattack Defense ● Your system is a network of components and processes → make a real-time graph model ● Set up monitoring and known-pattern defenses at strategic points ● If an attack occurs, graph assists in tracing both upstream to source and downstream to effects ● Collect historical data to feed into Machine Learning → Develop AI models to detect future attacks 8
  • 9. © 2019 TigerGraph. All Rights Reserved Motivation - Why Native Parallel Graph? Why use graph database to minimize cyber security problems? 1. Huge data size. Up to terabytes of log generated per day. 2. Integrating multiple data source. log files, infrastructure info, user info. 3. Interconnected multi-level data structure. service-microservice, domain-subdomain, organization chart… 4. Required to do deep-link analytics Anomaly behavior pattern matching, source tracing 5. Real-time response to minimize the loss 9
  • 10. © 2019 TigerGraph. All Rights Reserved Integrating Multiple Data Sources System Log Cyber Security System Service Info User Info Server Info Resource Info Organization Info Domain-URL-IP Info 10
  • 11. © 2019 TigerGraph. All Rights Reserved A Graph View Queries from Submitted Request To Deployed in Reports To Serves As Has Admin Has IP In Domain Has Micro Service Has IP Has Device Works for Department Outputs To Has URL Has Alert Has Status Has Email 11
  • 12. © 2019 TigerGraph. All Rights Reserved Cyber Security Problems Common Attack Pattern Classification (CAPEC) • Engage in deceptive interactions • Abuse existing functionality • Manipulate data structures • Manipulate system resources • Inject unexpected items • Employ probabilistic techniques • Manipulate timing and state • Collect and analyze information • Subvert access control 12
  • 13. © 2019 TigerGraph. All Rights Reserved Graph Use Cases in Cyber Security 1. Match user behavior pattern 2. Trace the source of an error/alert/ problem 3. Anomaly detection 4. Graph feature extraction for machine learning 13
  • 14. © 2019 TigerGraph. All Rights Reserved Detect Specific User Behavior Patterns Add Mobile Disk Event File Move Event Restricted File Remove Mobile Disk Event 1 2 3 Restricted File File Read Event Firewall Check Missing A user plugged in a mobile disk, copied the file then removed the mobile disk A user read from the restricted file bypassed the firewall check Firewall Service 14
  • 15. © 2019 TigerGraph. All Rights Reserved Tracing the Source of an Error/Alert/Problem File Corrupted Alert File Read Event File Write Event Login EventWhat is the login IP of the user whose write operation resulted in a File Corrupted Alert for other services ? High CPU Usage Alert Request Login Event Which login IP resulted in a High CPU Usage Alert ? 15
  • 16. © 2019 TigerGraph. All Rights Reserved Detecting Anomalies Flooding Detection One service receives way more requests than usual Request Request Request Request Request Request Request Footprinting Detection One service receives a much larger number of different requests from the same IP/user ID than usual Request Request Request Request Request Request Request 16
  • 17. © 2019 TigerGraph. All Rights Reserved Graph Feature Extraction # of shortest paths to blacklisted users/IP # of blacklisted user/IP in 1/2/3...k hops K Nearest Neighbor Having similar sequence of user behavior with blacklisted users 17
  • 18. © 2019 TigerGraph. All Rights Reserved DEMO 18
  • 19. Q&A Please submit your questions via the Q&A tab in Zoom
  • 20. © 2019 TigerGraph. All Rights Reserved Additional Resources 20 Start Free at TigerGraph Cloud Today! https://www.tigergraph.com/cloud/ Test Drive Online Demo https://www.tigergraph.com/demo Download the Developer Edition https://www.tigergraph.com/download/ Guru Scripts https://github.com/tigergraph/ecosys/tree/master/guru_scripts Join our Developer Forum https://groups.google.com/a/opengsql.org/forum/#!forum/gsql-users
  • 21. © 2019 TigerGraph. All Rights Reserved Coming To A City Near You 21 Let us know if you would like to help organize a Graph Gurus Comes To You workshop in your city https://info.tigergraph.com/graph-gurus-request