Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights

Neo4j, Inc. All rights reserved 2023
1
Modeling Cybersecurity Cases
with Graph Data Models
Gal Bello
Field Engineering, Israel

❖ Hello!
❖ Cybersecurity
➢ The Problem, the Graph Solution
➢ Real-life Insights
❖ Graph Data Modeling
➢ Real-Life Modeling Examples
➢ Cybersecurity Graph Modeling
Practice
❖ Q&A
❖ Goodbye!
Agenda

Gal Bello
Field Engineering, Israel
@Gal_Bello
Linkedin.com/in/galbello/
What’s the thing you like most about Neo4j?
“Neo4j is not just only one of the most innovative companies around the globe, it also leads a
positive cultural approach to its employees, customers, partners and community members:
Diversity & inclusion, open minded, acceptance & positiveness assumption.”

CYBERSECURITY
4

5
“Cybersecurity is the practice of defending
computers, servers, mobile devices, electronic
systems, networks, and Data from malicious
attacks.”
“
(Wikipedia)
Cyber
Security
Cybersecurity
What is Cybersecurity?

6
“Cybersecurity is the practice of defending
computers, servers, mobile devices, electronic
systems, networks, and Data from malicious
attacks.”
“
(Wikipedia)
Cyber
Security
Cybersecurity
What is Cybersecurity?

THE PROBLEM
7

Cybersecurity analysts have to capture, store,
analyze and potentially explore vast amounts of
rapidly evolving information.
The Problem:

GRAPH SOLUTION
13

WHAT IS A GRAPH?
vs

A Graph Is...
...a set of discrete entities, each of which has some set of relationships with the
other entities

A Graph Is...
...a set of discrete entities, each of which has some set of relationships with
the other entities
Seven Bridges of Konigsberg problem. Leonhard Euler, 1735

WHEN
17

It’s Not only What You Know

It’s How is it Connected

It’s How is it Connected and Shines Out

Digitized and Analog
World of Cybersecurity
Constantly Evolving Few and Many Players
“One Step Ahead”
Simple and Complex
Organized in
groups
Synthetic
Identities
Stolen
Identities
Hijacked
Devices

Pattern 1 Pattern 2
Detect and Respond (React!)
Raw Data Anomalies
Cybersecurity Prevention
is About
Reacting to
Patterns
(and doing it fast!)

INVESTIGATE
Revolving Debt
Number of Accounts
INVESTIGATE
Normal behavior
Cybersecurity – With District Analysis

Revolving Debt
Number of Accounts
Normal behavior
Cyber Attackers Pattern
Cybersecurity – With District Analysis

Graph Database could assist companies secure
their data, by leveraging the connections within the
datasets.
The Solution:

Graph Database could assist companies secure
their data, by leveraging the connections within
the datasets.
The Solution:

REAL-LIFE INSIGHTS
28

Around is
expected to be spent
on CS by 2023
$6T

The Cybersecurity
market worth is: $155B

of
Cybersecurity marketshare
is for Financial Services
and Insurances
20%

Every seconds
there is a hacker attack
39

The average cost of a
data breach is
across SMBs
$3.9M

of malware is
delivered using email
92%

of Cybersecurity
breaches are due to
Human error
39%

of
Cyber attacks target
Enterprise companies
57%

experienced
phishing & social
engineering attacks
62%

GRAPH DATA
MODELING
38

Graph Data Modeling is a collaborative effort by different
Stakeholders and Developers.
What is Graph Data Modeling?
The application domain will be analyzed by all stakeholders, developers and participants
to develop a Graph Data Model that will support and answer all “Money” queries.

© 2023 Neo4j, Inc. All rights reserved.
High-Level Approach building a Graph Data Model
1. DOMAIN
Understand the domain you
try to model
5. First Data Model
Build your ﬁrst data model with all
stakeholders involved and load sample data
2. Sample Data
Get accurate sample data
you understand
4.Identify entities & connections
Find entities & connections that
are part of your data model
3. Q & A from Business
Deﬁne Questions & Answers
the Business wants to
understand
Graph Data Model
First Phase
Go to next steps

9. Interactive Components
Build dashboards, Bloom
perspectives, Jupyter NBs, or
other interactive components to
demonstrate your graph data.
8. Scalability
If possible, test scalability. If
not make sure your data
model does scale.
7. Reﬁne Data Model
Reﬁne your Data Model
eventually, if it improves
answers
6. Test questions
Test your questions against
your model and data by
writing Cypher queries
Graph Data Model
Second Phase
coming from prev. steps
High-Level Approach building a Graph Data Model

42
Recommended Stakeholders: Building a Graph Data Model
● Maintain / Extend graph
● Help to precise data model
objects like Labels,
Relationships, etc.
50%
● Build UIs, Dashboards,
etc.
● Know what is missing today
50%
● Build and operate data
loading (ETL process)
● Provide answers and rating
for results to above questions
95%
● Build the Graph
● Provide questions they want
to ask
95%
● Translate questions into
Cypher queries / scripts
● Add domain knowledge
100%
Domain Experts
95%
Consultants / Developers
100%
95%
75%
95%

MODELING EXAMPLE
43

Law
Enforcement
Use Case:
Information and Data
Synchronization in
Law Enforcement
Law Enforcement Agencies use
Neo4j to model the information
into graphs to improve efficiency
and make direct and implicit
patterns readily apparent in real
time.
A suspect often appears in several
different databases
Financial records
Convictions
Adresses
Vehicles
Traffic cameras
Arrests
Police Reports
Appears_in
Has
H
a
s
H
a
s
Owns Registered
SUSPECT
Has

SSN 2
ACCOUNT
HOLDER 2
ACCOUNT
HOLDER 1
ACCOUNT
HOLDER 3
CREDIT
CARD
BANK
ACCOUNT
BANK
ACCOUNT
BANK
ACCOUNT
ADDRESS
PHONE
NUMBER
PHONE
NUMBER
UNSECURED
LOAN
SSN 2
UNSECURED
LOAN
Banking
Use Case:
Modeling Fraud
Rings as Graphs
Organizing a fraud ring in the real
world is relatively simple. A group of
people share their personal
information to create synthetic
identities. For example with just 2
individuals sharing names and social
security numbers can create 4
diﬀerent identities. This can be
discovered with connected analysis.

Government
• Better Services
• More Consistency
• Saves Time
• Coordinates Eﬀorts
MARRIED_TO
L
I
V
E
S
_
A
T
LIVES_AT
FATHER_OF
ENROLLED_IN
OWNS
OWNS
ID#
PHONE
EMAIL
H
A
S
HAS
HAS
MOTHER_OF
ID#
PHONE
EMAIL

BUILDING a
GRAPH DATA MODEL
47

Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100

Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
BANK
ACCOUNT ADDRESS

Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
BANK
ACCOUNT ADDRESS
PROJECT A PROJECT B
Project C
Department 200 Department 300

Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
Bank
Account Address
Project C
Documents
Documents

Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
Bank
Account Address
Project C
Documents
Documents
PRODUCTION
SERVERS

Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
Bank
Account
Address
Project C
Documents
Documents
PRODUCTION
SERVERS
:PUBLISHED_ON
:SAVED_ON
:WORKS_AT
:MANAGES

Cybersecurity
01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
Bank
Account
Address
Project C
Documents
Documents
PRODUCTION
SERVERS
:PUBLISHED_ON
:SAVED_ON
:WORKS_AT
:MANAGES
PHISHING
EMAILS
Hacker

Employee Z
HACKER
Project A
Department 22
Bank
Account
Address
Documents
PRODUCTION
SERVERS
Cybersecurity
PHISHING
EMAIL
PHISHING
EMAIL
PUBLISHED_ON
Employee A
Employee B
Employee C
Department 4
Project B Project C

Start Your Graph Journey
neo4j.com/cloud/aura-free/
Learn
neo4j.com/graphacademy/
neo4j.com/developer
udemy.com/course/neo4j-foundations/
Contact Us
Gal.Bello@Neo4j.com
Info@Neo4j.com
Now What

QUESTIONS
59

60
Thank you!
Gal Bello

Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights

Similar to Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights (20)

More from Neo4j

More from Neo4j (20)

Recently uploaded

Recently uploaded (20)

Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights