Chapter 8. Strengthening Cybersecurity

In this chapter, we will describe how graphs can strengthen a cybersecurity system. We will demonstrate how graph analytics can identify root causes of a reported alert, detect bypassing of a firewall, and discover anomalous behavior such as flooding and footprinting. We will also show how graphs can find connections to suspicious IP addresses that may be responsible for attacks. After finishing this chapter, you should be able to:

  • Understand how to apply graph concepts within the cybersecurity space

  • Build graph queries to trace microservices

  • Build graph queries to detect statistical anomalies

The Cost of Cyberattacks

We rely on technology constantly challenged by cyberattacks that aim to damage, disrupt, or maliciously control our IT infrastructure or our sensitive data. According to a Ponemon Institute survey in 2019, 66% of small to medium enterprises had experienced a cyberattack within the past 12 months.1 These cyberattacks have become a daily threat to the functioning of our society. For example, leading up to the US presidential election of 2016, Russian hackers coordinated attacks on members of the Democratic Party to steer the election’s outcome. According to the US National Security Agency (NSA), email accounts of more than 300 people affiliated with Hillary Clinton’s campaign as well as those of other Democratic Party organizations were attacked.2 These attacks led to information leaks that sought to harm Clinton’s election ...

Get Graph-Powered Analytics and Machine Learning with TigerGraph now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.