Neo4j Case Studies Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph

Edit This Case Study Record

	Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph Neo4j

Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph

Neo4j

Technology Category	Application Infrastructure & Middleware - Data Visualization Infrastructure as a Service (IaaS) - Cloud Databases
Applicable Industries	Equipment & Machinery National Security & Defense
Applicable Functions	Product Research & Development
Use Cases	Cybersecurity Intrusion Detection Systems
Services	Cybersecurity Services System Integration
Challenge	MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities. Read More
About Customer	The MITRE Corporation is a not-for-profit organization that operates federally funded research and development centers in the United States. Founded in 1958, MITRE works on projects in diverse fields such as national defense, energy, aviation, healthcare, and cybersecurity. The organization manages seven national research and development laboratories, including the Center for National Security, to address issues of cybersecurity. With over 8,000 employees, MITRE operates both public-private partnerships and an independent research program. The organization's work is primarily focused on providing support to government agencies. Read More
Customer Name	MITRE Corporation Read More
Solution	To overcome these challenges, the MITRE team developed CyGraph, a tool that consolidates cybersecurity information into knowledge, using the Neo4j graph database. CyGraph brings together isolated data and events into an ongoing big picture for decision support and situational awareness. The model schema in CyGraph is free to evolve with the available data sources and desired analytics, rather than being fixed at design time. This dynamically evolving tool provides context for reacting appropriately to attacks and protecting mission-critical network assets. It also incorporates mission dependencies, showing how objectives, tasks, and information all depend on other cyber assets. CyGraph prioritizes exposed vulnerabilities in mission-critical assets, correlates intrusion alerts to known vulnerability paths, suggests courses of action, and shows vulnerable paths that warrant deeper inspection for post-attack forensics. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - Data Visualization

Infrastructure as a Service (IaaS) - Cloud Databases

Applicable Industries

Equipment & Machinery

National Security & Defense

Applicable Functions

Product Research & Development

Use Cases

Cybersecurity

Intrusion Detection Systems

Services

Cybersecurity Services

System Integration

Challenge

MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.

About Customer

The MITRE Corporation is a not-for-profit organization that operates federally funded research and development centers in the United States. Founded in 1958, MITRE works on projects in diverse fields such as national defense, energy, aviation, healthcare, and cybersecurity. The organization manages seven national research and development laboratories, including the Center for National Security, to address issues of cybersecurity. With over 8,000 employees, MITRE operates both public-private partnerships and an independent research program. The organization's work is primarily focused on providing support to government agencies.

Customer Name

MITRE Corporation

Solution

To overcome these challenges, the MITRE team developed CyGraph, a tool that consolidates cybersecurity information into knowledge, using the Neo4j graph database. CyGraph brings together isolated data and events into an ongoing big picture for decision support and situational awareness. The model schema in CyGraph is free to evolve with the available data sources and desired analytics, rather than being fixed at design time. This dynamically evolving tool provides context for reacting appropriately to attacks and protecting mission-critical network assets. It also incorporates mission dependencies, showing how objectives, tasks, and information all depend on other cyber assets. CyGraph prioritizes exposed vulnerabilities in mission-critical assets, correlates intrusion alerts to known vulnerability paths, suggests courses of action, and shows vulnerable paths that warrant deeper inspection for post-attack forensics.

Impact #1	With the implementation of CyGraph, MITRE now provides services with specialized analytic and visual capabilities that are more scalable, flexible, and comprehensive. CyGraph's comprehensive knowledge base tells a much more complete story than that of basic attack graphs or mission dependency models. It includes potential attack-pattern relationships that fill in gaps between known vulnerabilities and threat indicators. A key design feature of CyGraph is its ability to leverage existing tools and data sources to populate its knowledge base. It uses various security standards and tools such as Topological Vulnerability Analysis, MITRE’s Cyber Command System, and Crown Jewels Analysis. CyGraph also has the ability to visualize unpredictable patterns, allowing users to obtain analytic results and comprehend the semantics of their environment. It is used by multiple government agencies to help them achieve their mission, with use cases including detecting malicious network activity, modeling and simulation of cyberattacks, tracking Bitcoin transactions, and navigating through CAPEC.

Impact #1

With the implementation of CyGraph, MITRE now provides services with specialized analytic and visual capabilities that are more scalable, flexible, and comprehensive. CyGraph's comprehensive knowledge base tells a much more complete story than that of basic attack graphs or mission dependency models. It includes potential attack-pattern relationships that fill in gaps between known vulnerabilities and threat indicators. A key design feature of CyGraph is its ability to leverage existing tools and data sources to populate its knowledge base. It uses various security standards and tools such as Topological Vulnerability Analysis, MITRE’s Cyber Command System, and Crown Jewels Analysis. CyGraph also has the ability to visualize unpredictable patterns, allowing users to obtain analytic results and comprehend the semantics of their environment. It is used by multiple government agencies to help them achieve their mission, with use cases including detecting malicious network activity, modeling and simulation of cyberattacks, tracking Bitcoin transactions, and navigating through CAPEC.

Download PDF Version

Overview

Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph

Operational Impact