The document discusses how serverless computing and graph database technologies can help solve cybersecurity challenges, providing an overview of AWS Lambda and various AWS services that can be used to build serverless applications, and explaining how graph databases are better suited than relational databases for modeling relationships and can be used for various cybersecurity use cases like threat detection and fraud prevention.
6. Where are the fault lines…
• Identify:
• Hackers in the basement
• State-enabled actors
• Not limited by geographical boundary
• Lack of visibility and Lack of correlation
• Protect, Detect, Respond & Recover:
• Not prepared to protect or detect sophisticated attacks
• Poorly regulated Infrastructures
• Lack of agility
• Lack of predefined relationships / correlation
• Disruptions from DDoS attacks
• Infrastructure’s weakest link legacy Industrial Control Systems (ICS)
• Operational Technology is different from Information Technology
• Internet of Things (IoT) broadens the attack surface
• Mobile payment systems
Identify Protect Detect Respond Recover
7. Evolution of Serverless Computing
Data Center IaaS PaaS Serverless
Hardware as the unit
of scale.
Abstracts the
physical hosting
environment.
Operating system as
the unit of scale.
Abstracts the
hardware.
Application as the
unit of scale.
Abstracts the
Operating System.
Functions as the unit
of scale.
Abstracts the
language runtime.
Serverless computing, also known as Function as a Service (FaaS), is a cloud computing code execution model in
which the cloud provider fully manages starting and stopping virtual machines as necessary to serve requests, and
requests are billed by an abstract measure of the resources required to satisfy the request, rather than per virtual
machine, per hour.
Examples:
• AWS Lambda introduced in Nov 2014. Supports Node.js, Python and Java. A NoOps platform.
• Google Cloud Functions supports Node.js.
• IBM OpenWhisk announced in 2016. Supports Node.js, Swift, Python, Java, and any language as black box on Docker container.
• Microsoft Azure Functions announced under-development technology in 2016.
Source: https://en.wikipedia.org/wiki/Serverless_computing
10. Serverless computing benefits
• Infrastructure resources such as Compute, Storage, Network are hidden; typically managed by a
service provider; specific resources are virtual and decided at the runtime.
• Serverless computing frees you from the management of virtual servers, operating systems, load
balancers, and the software used to run application code. Eliminates the management of the
server stack and any concerns / planning that have to go into the potential scaling up or down of
the stack.
• Provides significant cost savings if your application traffic is extra bursty. In traditional server
architectures, bursty traffic means that you must build your server to handle maximum burst
rates. But the rest of the time, you are wasting money with idle CPU cycles. Instead of having to
pay for that idleness, a serverless architecture lets you only pay for the CPU cycles you actually
consume and code is only run when needed.
• Reduces attack surface by reducing the amount of code running, reduce entry points available to
untrusted users, and eliminate services requested by relatively few users.
• Reduces the amount of time the infrastructure resources are active, running your business
functions.
11. Lambda Use Cases
• Event triggered transcoding of media files
• Automated Backup for Disaster Recovery
• Security and Compliance
• Operational Monitoring and Dashboards
• Support for IoT protocols as MQTT, CoAP, and STOMP
• Developers will be able to ingest, stream, query, store and analyze sensor
data without writing complex code
Note:
• MQTT: Message Queue Telemetry Transport (http://mqtt.org/faq)
• CoAP: Constrained Application Protocol (http://coap.technology/)
• STOMP: Simple Text Oriented Messaging Protocol (https://stomp.github.io/)
27. Relational Database & Graph Database
Relational Databases
• Tables: Rows & Columns
• Attributes & Relationships
• Pre-defined structure and datatypes
• Pre-computed
• Pre-determined purpose
• Limited context
• Static
RDBMS & SQL Challenges:
• Complex to model and store relationships
• Performance degrades when data volume increases
• Queries get long and complex
• Maintenance is painful
Graph Databases
• Key-Value
• Nodes (Vertex), Edges, (Relationship), Properties
• Real-time
• Dynamic structure
• Highly contextual
• Flexible and scalable
Graph Databases Benefits
• Easy to model and store relationships
• Performance of relationship traversal remains
constant with growth in data size
• Queries are shortened and more readable
• Adding additional properties and relationships can be
done on the fly i.e. no schema migrations
Source: https://neo4j.com/
32. Graph Database Use Case: Network & IT
Operations
Requirements Key Challenges
• Monitor health of an entire
network
• Visualize and understand how each
component correlate
• Troubleshoot issues
• Perform impact analysis
• Model outage scenarios
• Fragmented monitoring tools
• Inability to correlate problems in
different network domains
• Stale or unreliable data in
traditional correlation systems
• Inefficiencies and high support
costs
Network Operations Center (NOC)
Purpose: Manage, Control, and Monitor Network Reliability and Performance
Source: http://www.slideshare.net/neo4j/network-and-it-operations
Security Operations Center (SOC)
Purpose: Detect, Protect, and Investigate for Security and Loss Prevention
Requirements Key Challenges
• Visualize the entire cyber posture
• Identify vulnerabilities
• Prevent attacks
• Detect attacks
• Investigate and reduce zero-day
losses
• Fragmented security tools including
firewalls, intrusion detection,
vulnerability assessment, SIEM
systems
• Inability to visualize cyber postures
• Difficult to predict intrusion impact
• Harder to model scenarios
Common Security Tools:
Many Tools, Lot of Information, Little Context
• Security Intelligence
• Firewall Manager
• Intrusion Detection System
• Vulnerability Scanner
• Security Incident and Event Management (SIEM) system
Network
Infrastructure
• Segmentation
• Topology
• Sensors
Cyber Posture
• Configurations
• Vulnerabilities
• Policy Rules
Cyber Threats
• Campaigns
• Actors
• Incidents
• Tactics, Techniques
& Procedures
Mission
Dependencies
• Objectives
• Activities
• Tasks
• Information
Source: https://neo4j.com/blog/cygraph-cybersecurity-situational-awareness/
42. Comparison of Database Technologies
Relational
Object-Oriented
Object-Relational
Key-Value Document-
oriented
Columnar Graph
Definition
• Relational data model.
• Tables: Rows & Columns
• Unique (primary) key for rows.
Relationships defined thru
Foreign keys. Indexed on
attributes & relations.
• Proposed by E.F. Codd in 1970
• Information is presented in
the form of objects as used
in object-oriented
programming.
• Properties: Encapsulation,
Polymorphism, and
Inheritance.
• Key-Value
• Schema less DB
• Data/Value is opaque
• Stores data in
documents.
• Typically use
JavaScript Object
Notation (JSON)
structure.
• Key Value Collections
• Tables: Rows and
columns
• Number of columns is
not fixed for each
record
• Columns are created
for each row
• Stores data in Graph
models
• Nodes, Edges &
Properties
• Social network
connections
• Traverse relationship
Data
Model
Relational
Vertical scaling
SQL Language
Object-oriented
Object-relational (hybrid
model)
Collection of Key-Values
Multi-structured
Horizontal Scaling
Key-Value
Multi-structured
Horizontal Scaling
Column families
Key Value
Property Graph
Multi-structured
Horizontal Scaling
Example
Oracle, Microsoft SQL Server,
MySQL, IBM DB2, IBM Informix,
SAP Sybase, Teradata
Objectivity/DB, ObjectStore,
JADE, VOD: Versant Object
Database, Apple WebObjects
EOF
Riak, Redis
Amazon Simple DB,
Amazon Dynamo DB
MongoDB, CouchDB Amazon DynamoDB, HP
Enterprise Vertica
Hbase, Cassandra, SAP
HANA
Neo4J, InfiniteGraph,
Giraph, InfoGrid
Strength
• Simple Data Structure
• ACID
• Limit duplication of data
• Transactional processing
• Can store complex data and
relationships
• Ease of coding
• Pointer references
• Flexibility, Scalability &
Superior Performance
• BASE
• Incomplete Data
Tolerant
• Can query on any field
in the document
• Fast Look-ups • Close to Real world
models; Scalability
• Graph Algorithms,
Shortest path etc
Weakness
• Poor representation of real
world entities
• Lack of Flexibility & Scalability
• Difficult to model Complex Data
types
• Performance
• High memory utilization
• Stored data has no
schema
• Query performance
• No Standard Query
Syntax
• Very Low Level API • Not easy to Cluster
• Traverse whole graph
to get answer
ACID: Atomicity, Consistency, Isolation, Durability
BASE: Basically Available, Soft state, Eventual consistency