Neo4j Case Studies Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
Edit This Case Study Record
Neo4j Logo

Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph

Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph - Neo4j Industrial IoT Case Study
Application Infrastructure & Middleware - Data Visualization
Infrastructure as a Service (IaaS) - Cloud Databases
Equipment & Machinery
National Security & Defense
Product Research & Development
Intrusion Detection Systems
Cybersecurity Services
System Integration
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
Read More
The MITRE Corporation is a not-for-profit organization that operates federally funded research and development centers in the United States. Founded in 1958, MITRE works on projects in diverse fields such as national defense, energy, aviation, healthcare, and cybersecurity. The organization manages seven national research and development laboratories, including the Center for National Security, to address issues of cybersecurity. With over 8,000 employees, MITRE operates both public-private partnerships and an independent research program. The organization's work is primarily focused on providing support to government agencies.
Read More

MITRE Corporation

Read More
To overcome these challenges, the MITRE team developed CyGraph, a tool that consolidates cybersecurity information into knowledge, using the Neo4j graph database. CyGraph brings together isolated data and events into an ongoing big picture for decision support and situational awareness. The model schema in CyGraph is free to evolve with the available data sources and desired analytics, rather than being fixed at design time. This dynamically evolving tool provides context for reacting appropriately to attacks and protecting mission-critical network assets. It also incorporates mission dependencies, showing how objectives, tasks, and information all depend on other cyber assets. CyGraph prioritizes exposed vulnerabilities in mission-critical assets, correlates intrusion alerts to known vulnerability paths, suggests courses of action, and shows vulnerable paths that warrant deeper inspection for post-attack forensics.
Read More
With the implementation of CyGraph, MITRE now provides services with specialized analytic and visual capabilities that are more scalable, flexible, and comprehensive. CyGraph's comprehensive knowledge base tells a much more complete story than that of basic attack graphs or mission dependency models. It includes potential attack-pattern relationships that fill in gaps between known vulnerabilities and threat indicators. A key design feature of CyGraph is its ability to leverage existing tools and data sources to populate its knowledge base. It uses various security standards and tools such as Topological Vulnerability Analysis, MITRE’s Cyber Command System, and Crown Jewels Analysis. CyGraph also has the ability to visualize unpredictable patterns, allowing users to obtain analytic results and comprehend the semantics of their environment. It is used by multiple government agencies to help them achieve their mission, with use cases including detecting malicious network activity, modeling and simulation of cyberattacks, tracking Bitcoin transactions, and navigating through CAPEC.
Download PDF Version
test test