SlideShare uma empresa Scribd logo

Cyber security and attack analysis : how Cisco uses graph analytics

Linkurious
Linkurious

Cyber security and attack analysis : how Cisco uses graph analytics

Software
1 de 29
Baixar para ler offline
SAS founded in 2013 in Paris | http://linkurio.us | @linkurious Cyber security and attack analysis : how Cisco use graph analytics.
Introduction. Software Engineer Engineer (La Belle Assiette) CS at Epitech and Beijing University CMO >5 years in consulting MSc Political sciences and Competitive Intelligence Jean Villedieu Sébastien Heymann Romain Yon Pierrick Paul CEO Gephi Founder Phd in Computer Science and Complex Systems CTO Engineer (Microsoft, Spotify) Machine Learning at Georgia Tech Linkurious is a French startup founded in 2013.
Father Of Father Of Siblings What is a graph ? This is a graph.
Father Of Father Of Siblings This is a node This is a relationship What is a graph ? / Nodes & relationshipsWhat is a graph : nodes and relationships. A graph is a set of nodes linked by relationships.
Some of the domains in which our customers use graphs. People, objects, movies, restaurants, music… Suggest new contacts, help discover new music Antennas, servers, phones, people… Diminish network outages Supplier, roads, warehouses, products… Diminish transportation cost, optimize delivery Supply chains Social networks Communications Differents domains where graphs are important.
Source : http://www.reuters.com/article/2014/06/09/us-cybersecurity-mcafee-csis-idUSKBN0EK0SV20140609 $445 billion The cost of cyber criminality. Cyber crime costs the global economy $445 billion per year.
Some of the latest victims. No company is immuned from cyber criminality.
A data problem. IP logs, network logs, communications logs, web server logs, etc.
The IT systems generate new data constantly. The data is coming from different sources, is incomplete and evolves. Hard to use a structured data model. For big organizations, storing years of raw data means a total volume in high TBs or low PBs. The IT security data is complex. The challenges of working with complex data. Large Unstructured Dynamic
How to make sense of complex data. Can IT security teams answer that challenge?
Graphs are perfect to extract insights from complex data. Graphs help make sense of complex data.
How to use graph analytics to fight back against a cyber attack? A concrete example. Inspired by a real use case demonstrated by Cisco.
In April 2014, a zero-day vulnerability in IE is identified. A zero-day vulnerability. A newly discovered vulnerability in Internet Explorer allows an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is known in the security community. A group of hackers decide to use it before a patch fixes the vulnerability. The identification information is captured by the hackers. They can use it to penetrate the company IT. The hackers send mails to a few people in one company. They are asked to login into a seemingly innocuous website. The vulnerability is known A phishing attack uses it A company is immediately targeted by a phishing attack. The 3 steps of the attack. Computers are compromised
A not so innocent mail. The mail sent by the hackers.
The hackers used the domain inform.bedircati.com + profile.sweeneyphotos.com, web.neonbilisim.com and web.usamultimeters.com. The domain names used in the attack. The domains names used in the attack are identified.
Information about one domain. Information about these domains are publicly available.
Modelling information as a graph. That data can be modeled as a graph.
The graph model reveals the connections in the data. This helps streamline the identification of connections. Domain A is connected to Domain C through a Name Server or a MX Record, Domain B and Host B.
Can we prevent more attacks? How to use the information.
The traditional approach. The 7 sins of looking for connections with tabular tools.
It helps human interpret the data and make smart decisions. Graph analytics? Graph visualization? It helps to analyse large datasets to find interesting data. Combining graph analysis and graph visualization. Combine automatic analysis and human interpretation.
A query to get all the domains connected to the attackers. Step 1 : graph analysis. MATCH (baddomain:Domain_name)-[r*2]-(suspiciousdomains:Domain_name) WHERE baddomain.reputation = 'Very negative reputation' RETURN DISTINCT suspiciousdomains This query is written with Cypher the Neo4j query language. It returns us 25 results.
Step 2 : graph visualization. First, we identify the attackers. The initial domain names identified as rogues. A public registrar. Good domains.
Then we identify the domains they are connected to. Step 2 : graph visualization. In pink are previously unknown domains connected to the known attackers.
Cyber security at Cisco. Cisco uses graphs to prevent cyber attacks. Cisco maintain a list of the compromised domains and IP addresses. Through its data collection program, Cisco has good information on 25 to 30 million Internet domains. Graph analytics enable Cisco to use data collected via its customers to maintain this list up to date. The information is the used to block known malicious domains and thwart cyber attacks. Behind the scenes. Cisco’s Global Security Intelligence Operations (SIO) group operates a 60-node, 1,000-core Hadoop cluster. Every day it receives about 20 TB of new raw log data. To store and anlyse the data, Cisco uses a few graph technologies like GraphLab (a machine learning solution specialized in graph data), Titan (an open-source graph database) and Faunus (an open-source graph analytics engine).
You can do it too! Try Linkurious.
Contact us to discuss your projects at contact@linkurio.us Conclusion
GraphGIst : http://gist.neo4j.org/?40caddf1d7537bce962e Blog post on attack analysis : Sample dataset : https://www.dropbox.com/s/7vburpnl4yik8z1/Attack% 20Analysis.zip Original CIsco article : http://blogs.cisco.com/security/attack-analysis-with-a-fast- graph/ Additional resources.

Recomendados

information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Web Security
Web SecurityWeb Security
Web SecurityDipika Bambhaniya
 
PPT steganography
PPT steganographyPPT steganography
PPT steganographyparvez Sharaf
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 

Recomendados

information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Web Security
Web SecurityWeb Security
Web SecurityDipika Bambhaniya
 
PPT steganography
PPT steganographyPPT steganography
PPT steganographyparvez Sharaf
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Computer forensics and steganography
Computer forensics and steganographyComputer forensics and steganography
Computer forensics and steganographyXavier Prathap
 
Cryptography
CryptographyCryptography
Cryptographyjayashri kolekar
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Forensic artifacts in modern linux systems
Forensic artifacts in modern linux systemsForensic artifacts in modern linux systems
Forensic artifacts in modern linux systemsGol D Roger
 
Stegnography
StegnographyStegnography
StegnographySonal Kathel
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security ExplainedHappiest Minds Technologies
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Memory forensics and incident response
Memory forensics and incident responseMemory forensics and incident response
Memory forensics and incident responseLondon School of Cyber Security
 
Mobile device privacy and security
Mobile device privacy and securityMobile device privacy and security
Mobile device privacy and securityImran Khan
 
Information security
Information security Information security
Information security AishaIshaq4
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
System security
System securitySystem security
System securitysommerville-videos
 
Chapter 5
Chapter 5Chapter 5
Chapter 5sivadnolram
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoringElasticsearch
 
Introduction to the graph technologies landscape
Introduction to the graph technologies landscapeIntroduction to the graph technologies landscape
Introduction to the graph technologies landscapeLinkurious
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT OperationsNeo4j
 

Mais conteúdo relacionado

Mais procurados

Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Computer forensics and steganography
Computer forensics and steganographyComputer forensics and steganography
Computer forensics and steganographyXavier Prathap
 
Forensic artifacts in modern linux systems
Forensic artifacts in modern linux systemsForensic artifacts in modern linux systems
Forensic artifacts in modern linux systemsGol D Roger
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Mobile device privacy and security
Mobile device privacy and securityMobile device privacy and security
Mobile device privacy and securityImran Khan
 
Information security
Information security Information security
Information security AishaIshaq4
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoringElasticsearch
 

Mais procurados (20)

Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Computer forensics and steganography
Computer forensics and steganographyComputer forensics and steganography
Computer forensics and steganography
 
Cryptography
CryptographyCryptography
Cryptography
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Forensic artifacts in modern linux systems
Forensic artifacts in modern linux systemsForensic artifacts in modern linux systems
Forensic artifacts in modern linux systems
 
Stegnography
StegnographyStegnography
Stegnography
 
Database forensics
Database forensicsDatabase forensics
Database forensics
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Incident response process
Incident response processIncident response process
Incident response process
 
Memory forensics and incident response
Memory forensics and incident responseMemory forensics and incident response
Memory forensics and incident response
 
Mobile device privacy and security
Mobile device privacy and securityMobile device privacy and security
Mobile device privacy and security
 
Information security
Information security Information security
Information security
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
System security
System securitySystem security
System security
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
 

Destaque

Introduction to the graph technologies landscape
Introduction to the graph technologies landscapeIntroduction to the graph technologies landscape
Introduction to the graph technologies landscapeLinkurious
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT OperationsNeo4j
 
How to identify reshipping scams with Neo4j
How to identify reshipping scams with Neo4jHow to identify reshipping scams with Neo4j
How to identify reshipping scams with Neo4jLinkurious
 
Using graph technologies to fight fraud
Using graph technologies to fight fraudUsing graph technologies to fight fraud
Using graph technologies to fight fraudLinkurious
 
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Brent Guglielmino
 
Cyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseCyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseKigose
 
Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)ntc thailand
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Jamie Jackson
 
Qr codes + ipads
Qr codes + ipadsQr codes + ipads
Qr codes + ipadstechiesue
 
An overview of mobile html + java script frameworks
An overview of mobile html + java script frameworksAn overview of mobile html + java script frameworks
An overview of mobile html + java script frameworksSasha dos Santos
 
Content curation
Content curationContent curation
Content curationtechiesue
 
Serious Games + Computer Science = Serious CS
Serious Games + Computer Science = Serious CSSerious Games + Computer Science = Serious CS
Serious Games + Computer Science = Serious CSKatrin Becker
 
Cell Phone Jammer , Intro
Cell Phone Jammer , IntroCell Phone Jammer , Intro
Cell Phone Jammer , IntroLakshman Basnet
 
How to apply graphs to network management
How to apply graphs to network managementHow to apply graphs to network management
How to apply graphs to network managementLinkurious
 
Dossier presentation bmr_associés
Dossier presentation bmr_associésDossier presentation bmr_associés
Dossier presentation bmr_associésMarjorie KIENTZLER
 
New opportunities for connected data : Neo4j the graph database
New opportunities for connected data : Neo4j the graph databaseNew opportunities for connected data : Neo4j the graph database
New opportunities for connected data : Neo4j the graph databaseCédric Fauvet
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
12th CBSE Computer Science Project
12th CBSE Computer Science Project 12th CBSE Computer Science Project
12th CBSE Computer Science Project Ashwin Francis
 
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache GiraphAvery Ching
 

Destaque (20)

Introduction to the graph technologies landscape
Introduction to the graph technologies landscapeIntroduction to the graph technologies landscape
Introduction to the graph technologies landscape
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
 
How to identify reshipping scams with Neo4j
How to identify reshipping scams with Neo4jHow to identify reshipping scams with Neo4j
How to identify reshipping scams with Neo4j
 
Using graph technologies to fight fraud
Using graph technologies to fight fraudUsing graph technologies to fight fraud
Using graph technologies to fight fraud
 
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
 
Cyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseCyber Criminals And Cyber Defense
Cyber Criminals And Cyber Defense
 
Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]
 
Qr codes + ipads
Qr codes + ipadsQr codes + ipads
Qr codes + ipads
 
An overview of mobile html + java script frameworks
An overview of mobile html + java script frameworksAn overview of mobile html + java script frameworks
An overview of mobile html + java script frameworks
 
Content curation
Content curationContent curation
Content curation
 
Serious Games + Computer Science = Serious CS
Serious Games + Computer Science = Serious CSSerious Games + Computer Science = Serious CS
Serious Games + Computer Science = Serious CS
 
Cell Phone Jammer , Intro
Cell Phone Jammer , IntroCell Phone Jammer , Intro
Cell Phone Jammer , Intro
 
How to apply graphs to network management
How to apply graphs to network managementHow to apply graphs to network management
How to apply graphs to network management
 
Dossier presentation bmr_associés
Dossier presentation bmr_associésDossier presentation bmr_associés
Dossier presentation bmr_associés
 
Introduction to OpenCV
Introduction to OpenCVIntroduction to OpenCV
Introduction to OpenCV
 
New opportunities for connected data : Neo4j the graph database
New opportunities for connected data : Neo4j the graph databaseNew opportunities for connected data : Neo4j the graph database
New opportunities for connected data : Neo4j the graph database
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
12th CBSE Computer Science Project
12th CBSE Computer Science Project 12th CBSE Computer Science Project
12th CBSE Computer Science Project
 
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
 

Semelhante a Cyber security and attack analysis : how Cisco uses graph analytics

OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)Takeshi Takahashi
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBryCunal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
IRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET Journal
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data MiningCollusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Miningdbpublications
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM
 

Semelhante a Cyber security and attack analysis : how Cisco uses graph analytics (20)

OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Secureview 3
Secureview 3Secureview 3
Secureview 3
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 
IRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing Websites
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data MiningCollusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 

Mais de Linkurious

Using graph technology for multi-INT investigations
Using graph technology for multi-INT investigationsUsing graph technology for multi-INT investigations
Using graph technology for multi-INT investigationsLinkurious
 
Webinar: What's new in Linkurious Enterprise 2.8
Webinar: What's new in Linkurious Enterprise 2.8Webinar: What's new in Linkurious Enterprise 2.8
Webinar: What's new in Linkurious Enterprise 2.8Linkurious
 
Graph-based intelligence analysis
Graph-based intelligence analysis Graph-based intelligence analysis
Graph-based intelligence analysis Linkurious
 
What's new in Linkurious Enterprise 2.7
What's new in Linkurious Enterprise 2.7What's new in Linkurious Enterprise 2.7
What's new in Linkurious Enterprise 2.7Linkurious
 
How to visualize Cosmos DB graph data
How to visualize Cosmos DB graph dataHow to visualize Cosmos DB graph data
How to visualize Cosmos DB graph dataLinkurious
 
GraphTech Ecosystem - part 3: Graph Visualization
GraphTech Ecosystem - part 3: Graph VisualizationGraphTech Ecosystem - part 3: Graph Visualization
GraphTech Ecosystem - part 3: Graph VisualizationLinkurious
 
Getting started with Cosmos DB + Linkurious Enterprise
Getting started with Cosmos DB + Linkurious EnterpriseGetting started with Cosmos DB + Linkurious Enterprise
Getting started with Cosmos DB + Linkurious EnterpriseLinkurious
 
GraphTech Ecosystem - part 2: Graph Analytics
GraphTech Ecosystem - part 2: Graph Analytics GraphTech Ecosystem - part 2: Graph Analytics
GraphTech Ecosystem - part 2: Graph AnalyticsLinkurious
 
GraphTech Ecosystem - part 1: Graph Databases
GraphTech Ecosystem - part 1: Graph DatabasesGraphTech Ecosystem - part 1: Graph Databases
GraphTech Ecosystem - part 1: Graph DatabasesLinkurious
 
3 types of fraud graph analytics can help defeat
3 types of fraud graph analytics can help defeat3 types of fraud graph analytics can help defeat
3 types of fraud graph analytics can help defeatLinkurious
 
Graph analytics in Linkurious Enterprise
Graph analytics in Linkurious EnterpriseGraph analytics in Linkurious Enterprise
Graph analytics in Linkurious EnterpriseLinkurious
 
Graph technology and data-journalism: the case of the Paradise Papers
Graph technology and data-journalism: the case of the Paradise PapersGraph technology and data-journalism: the case of the Paradise Papers
Graph technology and data-journalism: the case of the Paradise PapersLinkurious
 
Visualize the Knowledge Graph and Unleash Your Data
Visualize the Knowledge Graph and Unleash Your DataVisualize the Knowledge Graph and Unleash Your Data
Visualize the Knowledge Graph and Unleash Your DataLinkurious
 
Graph-based Product Lifecycle Management
Graph-based Product Lifecycle ManagementGraph-based Product Lifecycle Management
Graph-based Product Lifecycle ManagementLinkurious
 
Fraudes Financières: Méthodes de Prévention et Détection
Fraudes Financières: Méthodes de Prévention et DétectionFraudes Financières: Méthodes de Prévention et Détection
Fraudes Financières: Méthodes de Prévention et DétectionLinkurious
 
Detecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and LinkuriousDetecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and LinkuriousLinkurious
 
Graph-based Network & IT Management.
Graph-based Network & IT Management.Graph-based Network & IT Management.
Graph-based Network & IT Management.Linkurious
 
Graph-powered data lineage in Finance
Graph-powered data lineage in FinanceGraph-powered data lineage in Finance
Graph-powered data lineage in FinanceLinkurious
 
Using Linkurious in your Enterprise Architecture projects
Using Linkurious in your Enterprise Architecture projectsUsing Linkurious in your Enterprise Architecture projects
Using Linkurious in your Enterprise Architecture projectsLinkurious
 
Linkurious SDK: Build enterprise-ready graph applications faster
Linkurious SDK: Build enterprise-ready graph applications fasterLinkurious SDK: Build enterprise-ready graph applications faster
Linkurious SDK: Build enterprise-ready graph applications fasterLinkurious
 

Mais de Linkurious (20)

Using graph technology for multi-INT investigations
Using graph technology for multi-INT investigationsUsing graph technology for multi-INT investigations
Using graph technology for multi-INT investigations
 
Webinar: What's new in Linkurious Enterprise 2.8
Webinar: What's new in Linkurious Enterprise 2.8Webinar: What's new in Linkurious Enterprise 2.8
Webinar: What's new in Linkurious Enterprise 2.8
 
Graph-based intelligence analysis
Graph-based intelligence analysis Graph-based intelligence analysis
Graph-based intelligence analysis
 
What's new in Linkurious Enterprise 2.7
What's new in Linkurious Enterprise 2.7What's new in Linkurious Enterprise 2.7
What's new in Linkurious Enterprise 2.7
 
How to visualize Cosmos DB graph data
How to visualize Cosmos DB graph dataHow to visualize Cosmos DB graph data
How to visualize Cosmos DB graph data
 
GraphTech Ecosystem - part 3: Graph Visualization
GraphTech Ecosystem - part 3: Graph VisualizationGraphTech Ecosystem - part 3: Graph Visualization
GraphTech Ecosystem - part 3: Graph Visualization
 
Getting started with Cosmos DB + Linkurious Enterprise
Getting started with Cosmos DB + Linkurious EnterpriseGetting started with Cosmos DB + Linkurious Enterprise
Getting started with Cosmos DB + Linkurious Enterprise
 
GraphTech Ecosystem - part 2: Graph Analytics
GraphTech Ecosystem - part 2: Graph Analytics GraphTech Ecosystem - part 2: Graph Analytics
GraphTech Ecosystem - part 2: Graph Analytics
 
GraphTech Ecosystem - part 1: Graph Databases
GraphTech Ecosystem - part 1: Graph DatabasesGraphTech Ecosystem - part 1: Graph Databases
GraphTech Ecosystem - part 1: Graph Databases
 
3 types of fraud graph analytics can help defeat
3 types of fraud graph analytics can help defeat3 types of fraud graph analytics can help defeat
3 types of fraud graph analytics can help defeat
 
Graph analytics in Linkurious Enterprise
Graph analytics in Linkurious EnterpriseGraph analytics in Linkurious Enterprise
Graph analytics in Linkurious Enterprise
 
Graph technology and data-journalism: the case of the Paradise Papers
Graph technology and data-journalism: the case of the Paradise PapersGraph technology and data-journalism: the case of the Paradise Papers
Graph technology and data-journalism: the case of the Paradise Papers
 
Visualize the Knowledge Graph and Unleash Your Data
Visualize the Knowledge Graph and Unleash Your DataVisualize the Knowledge Graph and Unleash Your Data
Visualize the Knowledge Graph and Unleash Your Data
 
Graph-based Product Lifecycle Management
Graph-based Product Lifecycle ManagementGraph-based Product Lifecycle Management
Graph-based Product Lifecycle Management
 
Fraudes Financières: Méthodes de Prévention et Détection
Fraudes Financières: Méthodes de Prévention et DétectionFraudes Financières: Méthodes de Prévention et Détection
Fraudes Financières: Méthodes de Prévention et Détection
 
Detecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and LinkuriousDetecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and Linkurious
 
Graph-based Network & IT Management.
Graph-based Network & IT Management.Graph-based Network & IT Management.
Graph-based Network & IT Management.
 
Graph-powered data lineage in Finance
Graph-powered data lineage in FinanceGraph-powered data lineage in Finance
Graph-powered data lineage in Finance
 
Using Linkurious in your Enterprise Architecture projects
Using Linkurious in your Enterprise Architecture projectsUsing Linkurious in your Enterprise Architecture projects
Using Linkurious in your Enterprise Architecture projects
 
Linkurious SDK: Build enterprise-ready graph applications faster
Linkurious SDK: Build enterprise-ready graph applications fasterLinkurious SDK: Build enterprise-ready graph applications faster
Linkurious SDK: Build enterprise-ready graph applications faster
 

Último

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 

Último (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 

Cyber security and attack analysis : how Cisco uses graph analytics

  • 1. SAS founded in 2013 in Paris | http://linkurio.us | @linkurious Cyber security and attack analysis : how Cisco use graph analytics.
  • 2. Introduction. Software Engineer Engineer (La Belle Assiette) CS at Epitech and Beijing University CMO >5 years in consulting MSc Political sciences and Competitive Intelligence Jean Villedieu Sébastien Heymann Romain Yon Pierrick Paul CEO Gephi Founder Phd in Computer Science and Complex Systems CTO Engineer (Microsoft, Spotify) Machine Learning at Georgia Tech Linkurious is a French startup founded in 2013.
  • 3. Father Of Father Of Siblings What is a graph ? This is a graph.
  • 4. Father Of Father Of Siblings This is a node This is a relationship What is a graph ? / Nodes & relationshipsWhat is a graph : nodes and relationships. A graph is a set of nodes linked by relationships.
  • 5. Some of the domains in which our customers use graphs. People, objects, movies, restaurants, music… Suggest new contacts, help discover new music Antennas, servers, phones, people… Diminish network outages Supplier, roads, warehouses, products… Diminish transportation cost, optimize delivery Supply chains Social networks Communications Differents domains where graphs are important.
  • 6. Source : http://www.reuters.com/article/2014/06/09/us-cybersecurity-mcafee-csis-idUSKBN0EK0SV20140609 $445 billion The cost of cyber criminality. Cyber crime costs the global economy $445 billion per year.
  • 7. Some of the latest victims. No company is immuned from cyber criminality.
  • 8. A data problem. IP logs, network logs, communications logs, web server logs, etc.
  • 9. The IT systems generate new data constantly. The data is coming from different sources, is incomplete and evolves. Hard to use a structured data model. For big organizations, storing years of raw data means a total volume in high TBs or low PBs. The IT security data is complex. The challenges of working with complex data. Large Unstructured Dynamic
  • 10. How to make sense of complex data. Can IT security teams answer that challenge?
  • 11. Graphs are perfect to extract insights from complex data. Graphs help make sense of complex data.
  • 12. How to use graph analytics to fight back against a cyber attack? A concrete example. Inspired by a real use case demonstrated by Cisco.
  • 13. In April 2014, a zero-day vulnerability in IE is identified. A zero-day vulnerability. A newly discovered vulnerability in Internet Explorer allows an unauthenticated, remote attacker to execute arbitrary code.
  • 14. The vulnerability is known in the security community. A group of hackers decide to use it before a patch fixes the vulnerability. The identification information is captured by the hackers. They can use it to penetrate the company IT. The hackers send mails to a few people in one company. They are asked to login into a seemingly innocuous website. The vulnerability is known A phishing attack uses it A company is immediately targeted by a phishing attack. The 3 steps of the attack. Computers are compromised
  • 15. A not so innocent mail. The mail sent by the hackers.
  • 16. The hackers used the domain inform.bedircati.com + profile.sweeneyphotos.com, web.neonbilisim.com and web.usamultimeters.com. The domain names used in the attack. The domains names used in the attack are identified.
  • 17. Information about one domain. Information about these domains are publicly available.
  • 18. Modelling information as a graph. That data can be modeled as a graph.
  • 19. The graph model reveals the connections in the data. This helps streamline the identification of connections. Domain A is connected to Domain C through a Name Server or a MX Record, Domain B and Host B.
  • 20. Can we prevent more attacks? How to use the information.
  • 21. The traditional approach. The 7 sins of looking for connections with tabular tools.
  • 22. It helps human interpret the data and make smart decisions. Graph analytics? Graph visualization? It helps to analyse large datasets to find interesting data. Combining graph analysis and graph visualization. Combine automatic analysis and human interpretation.
  • 23. A query to get all the domains connected to the attackers. Step 1 : graph analysis. MATCH (baddomain:Domain_name)-[r*2]-(suspiciousdomains:Domain_name) WHERE baddomain.reputation = 'Very negative reputation' RETURN DISTINCT suspiciousdomains This query is written with Cypher the Neo4j query language. It returns us 25 results.
  • 24. Step 2 : graph visualization. First, we identify the attackers. The initial domain names identified as rogues. A public registrar. Good domains.
  • 25. Then we identify the domains they are connected to. Step 2 : graph visualization. In pink are previously unknown domains connected to the known attackers.
  • 26. Cyber security at Cisco. Cisco uses graphs to prevent cyber attacks. Cisco maintain a list of the compromised domains and IP addresses. Through its data collection program, Cisco has good information on 25 to 30 million Internet domains. Graph analytics enable Cisco to use data collected via its customers to maintain this list up to date. The information is the used to block known malicious domains and thwart cyber attacks. Behind the scenes. Cisco’s Global Security Intelligence Operations (SIO) group operates a 60-node, 1,000-core Hadoop cluster. Every day it receives about 20 TB of new raw log data. To store and anlyse the data, Cisco uses a few graph technologies like GraphLab (a machine learning solution specialized in graph data), Titan (an open-source graph database) and Faunus (an open-source graph analytics engine).
  • 27. You can do it too! Try Linkurious.
  • 28. Contact us to discuss your projects at contact@linkurio.us Conclusion
  • 29. GraphGIst : http://gist.neo4j.org/?40caddf1d7537bce962e Blog post on attack analysis : Sample dataset : https://www.dropbox.com/s/7vburpnl4yik8z1/Attack% 20Analysis.zip Original CIsco article : http://blogs.cisco.com/security/attack-analysis-with-a-fast- graph/ Additional resources.