Starbase: Graph-Based Security Analysis for Everyone

•Download as PPTX, PDF•

0 likes•74 views

Starbase collects data from over 70 security and infrastructure services and integrates it into a graph database for analysis. It has three main advantages: depth and breadth of data collection, a uniform data model that classifies entities, and extensibility through custom integrations. Starbase allows querying this unified graph to analyze security-related questions like which code repositories are accessible to outside collaborators or which servers allow public access to port 22.

Technology

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
Starbase: Graph-Based Security
Analysis for Everyone
github.com/JupiterOne/starbase
Adam Pierson,
Senior Software Engineer

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
2
Knowledge of what you have
Knowledge of the relationships
between what you have
Knowledge of what questions to ask
about what you have
Security using
Knowledge
Graphs

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
3
Knowledge of
what you have
Users
1. Austin
2. Adam
3. Bob
…
Groups
1. Admin
2. Reader
3. Writer
…
Databases
1. DB 1
2. DB 2
3. DB 3
…
Servers
1. S1
2. S2
3. S3
…

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
4
Knowledge of
the relationships
between what
you have
Users
1. Austin
2. Adam
3. Bob
…
Groups
1. Admin
2. Reader
3. Writer
…
Databases
1. DB 1
2. DB 2
3. DB 3
…
Servers
1. S1
2. S2
3. S3
…

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
5
Who is Adam?
Which users have MFA disabled?
What code repositories are accessible to
outside collaborators?
What servers allow access to port 22
from the public internet?
Knowledge of
what questions
to ask

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
6
Modeling graphs
for security
User -ASSIGNED-> AccessPolicy
UserGroup -HAS-> User
aws_iam_user -ASSIGNED-> aws_iam_policy
google_group -HAS-> google_user
Entity = A node in a graph that represents a resource
within digital infrastructure
Class
Type
Relationship = An edge between two Entity nodes in a
graph
Type = Specific type that an entity is as defined by
the source (e.g. github_repo)
Class = An abstract, super-type that defines what the
entity is within a general framework of IT and
security operations (e.g. CodeRepo)

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
7
Graph Data
Schemas

$© 2022 Neo4j, Inc. All rights reserved. © 2022 Neo4j, Inc. All rights reserved. 8 Graph data models in practice Who is Adam? MATCH (u:User { email: "adam.pierson@jupiterone.com" }) RETURN u; MATCH (u:github_user { email: "adam.pierson@jupiterone.com" }) RETURN u; MATCH (u:google_user { email: "adam.pierson@jupiterone.com" }) RETURN u; MATCH (u:User { email: "adam.pierson@jupiterone.com", mfaEnabled: false }) RETURN u; Does Adam have MFA disabled?$

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
9
What is
Starbase?
Starbase collects entities and relationships from
services and systems including cloud infrastructure,
SaaS applications, security controls, and more into an
intuitive graph view backed by a Neo4j database
3 Key Advantages
1. Depth and breadth - Deep visibility from a breadth
of external services and systems. Thousands of
entities (vertices) and relationships (edges) are
available out-of-the-box.
2. Uniform data model - The data that Starbase
collects is automatically classified, making it easy to
develop generic queries.
3. Easily extensible - Starbase graph integrations can
be easily developed!

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
10
Depth + breadth
70+ Integrations

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
11
Uniform Graph
Data Model

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
12
Starbase
Architecture

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
13
Configuration
Simple usage…
yarn
yarn neo4j:start
yarn starbase setup
yarn starbase run

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
14
Querying
Results
GitHub Outside
Collaborators

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
15
Querying
Results
GitHub Outside
Collaborators with Admin
credentials

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
16
Querying
Results
Google compute
instances that allow
access to port 22 from the
internet

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
17
Querying
Results
Google compute
instances that allow
access to port 22 from the
internet

© 2022 Neo4j, Inc. All rights reserved.
© 2022 Neo4j, Inc. All rights reserved.
18
Thank you!
github.com/JupiterOne/starbase
adam.pierson@jupiterone.com

Traditional fraud prevention measures focus on discrete data points such as specific accounts, individuals, devices or IP addresses. However, today’s sophisticated fraudsters escape detection by forming fraud rings with individuals paid, lured into or unknowingly fronting these activities. To uncover such fraud rings and the people behind them, it is essential to look beyond individual data points to the connections that link them. Neo4j uncovers difficult-to-detect patterns that far outstrip the power of a relational database. Enterprise organisations use Neo4j to augment their existing fraud detection capabilities to combat a variety of financial crimes including first-party bank fraud, credit card fraud, ecommerce fraud, insurance fraud and money laundering – and all in real time. Learn more how to battle fraud with the power of graph databases during this webinar. We are pleased to invite you to hear Marius Hartmann from Danish Business Authority talking about how they are combining graph analysis with machine learning to prevent fraud. In context of the COVID-19 compensation scheme controls, he will present use cases currently in production and explain why graph is a good fit for government authorities.

The Neo4j Data Platform for Today & Tomorrow.pdf

Neo4j

Solving the Asset Management Challenge for Cybersecurity (It’s About Time)

Enterprise Management Associates

Despite the amazing technologies available today in cybersecurity, organizations still struggle with the most fundamental challenge that has been around for decades: understanding all the devices, users, and cloud services they’re responsible for, and whether those assets are secure. These slides—based on the webinar hosted by leading IT research firm EMA and Axonius—explain why solving asset management for cybersecurity is becoming increasingly important, and why something so fundamental has quickly risen to the top of CISOs priority lists.

EY: Why graph technology makes sense for fraud detection and customer 360 pro...

Neo4j

Neo4j Graph Platform Overview, Kurt Freytag, Neo4j

Neo4j

Transforming BT’s Infrastructure Management with Graph Technology

Neo4j

The art of the possible with graph technology_Neo4j GraphSummit Dublin 2023.pptx

Neo4j

Large Language models are amazing but are also black-box models that often fail to capture and accurately represent factual knowledge. Knowledge graphs, by contrast, are structural knowledge models that explicitly represent knowledge and, indeed, allow us to detect implicit relationships. In this talk we will demonstrate how LLMs can be improved by Knowledge Graphs, and how LLM’s can augment Knowledge Graphs. A perfect couple!

Microsoft Azure News - 2018 April

Daniel Toomey

What's hot

The Knowledge Graph Explosion

Neo4j

Neo4j GraphSummit London - The Path To Success With Graph Database and Data S...

Neo4j

Get Started with the Most Advanced Edition Yet of Neo4j Graph Data Science

Neo4j

Neo4j Graph Use Cases, Bruno Ungermann, Neo4j

Neo4j

Neo4j Training Series - Spring Data Neo4j

Neo4j

Modern Data Challenges require Modern Graph Technology

Neo4j

GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...

Neo4j

Pourquoi Leroy Merlin a besoin d'un Knowledge Graph ?

Neo4j

Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...

Neo4j

Neo4j – The Fastest Path to Scalable Real-Time Analytics

Neo4j

Supply Chain Twin Demo - Companion Deck

Neo4j

The path to success with graph database and graph data science_ Neo4j GraphSu...

Neo4j

Knowledge Graphs and Graph Data Science: More Context, Better Predictions (Ne...

Neo4j

The Data Platform for Today’s Intelligent Applications

Neo4j

Easily Identify Sources of Supply Chain Gridlock

Neo4j

Workshop - Neo4j Graph Data Science

Neo4j

SITA WorldTracer - Lost & Found Property

Neo4j

Graphs for Finance - AML with Neo4j Graph Data Science

Neo4j

Neo4j GraphSummit London March 2023 Emil Eifrem Keynote.pptx

Neo4j

Intro to Graphs and Neo4jjexp

What's hot (20)

The Knowledge Graph Explosion

Neo4j GraphSummit London - The Path To Success With Graph Database and Data S...

Get Started with the Most Advanced Edition Yet of Neo4j Graph Data Science

Neo4j Graph Use Cases, Bruno Ungermann, Neo4j

Neo4j Training Series - Spring Data Neo4j

Modern Data Challenges require Modern Graph Technology

GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...

Pourquoi Leroy Merlin a besoin d'un Knowledge Graph ?

Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...

Neo4j – The Fastest Path to Scalable Real-Time Analytics

Supply Chain Twin Demo - Companion Deck

The path to success with graph database and graph data science_ Neo4j GraphSu...

Knowledge Graphs and Graph Data Science: More Context, Better Predictions (Ne...

The Data Platform for Today’s Intelligent Applications

Easily Identify Sources of Supply Chain Gridlock

Workshop - Neo4j Graph Data Science

SITA WorldTracer - Lost & Found Property

Graphs for Finance - AML with Neo4j Graph Data Science

Neo4j GraphSummit London March 2023 Emil Eifrem Keynote.pptx

Intro to Graphs and Neo4j

Similar to Starbase: Graph-Based Security Analysis for Everyone

The perfect couple: Uniting Large Language Models and Knowledge Graphs for En...

Neo4j

Microsoft Azure News - 2018 April

Daniel Toomey

Security Operations, Engineering, and Intelligence Integration through the po...

Christopher Clark

Security Operations, Engineering, and Intelligence Integration Through the Power of Graph(DB)! The ability to properly categorize and visualize attacks, security tool efficacy, and targeting trends has previously been cumbersome at best and impossible at worst. Through proper schema design a graph database can be used to represent all assets and entities involved in business operations and security both internal and external to your organization. This data can then be used to accurately track and attribute attacks, measure tool and team efficacy/ROI and isolate high risk targets and gaps present in your security posture down to a granular level impossible by other means. The graph database model also allows for incredibly complex queries to be returned in milliseconds to include unknown distance questions, such as "Which Exploits have actors from China used against our Development team in the last twelve months?" or "Which IDS rules are in place to defend from malware used by XXXX group?" or "Display all C2 domains beaconed to over port 80 by malware delivered by Watering Hole attack" By treating things as entities which they are in real life, and forming contextful relationships between them we can begin to make sense of the piles of data and gain insight into our weaknesses. https://github.com/Xen0ph0n/security_graph_demo

Best Practices in Security with PostgreSQL

EDB

We will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover: Best practices for authentication (trust, certificate, MD5, Scram, etc). Advanced approaches, such as password profiles. Deep dive of authorization and data access control for roles, database objects (tables etc), view usage, row level security and data redaction. Auditing, encryption and SQL injection attack prevention.

Best Practices in Security with PostgreSQL

EDB

The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover: - Best practices for authentication (trust, certificate, MD5, Scram, etc). - Advanced approaches, such as password profiles. - Deep dive of authorization and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction. - Auditing, encryption, and SQL injection attack prevention. Note: this session is delivered in German Speaker: Borys Neselovskyi, Sales Engineer, EDB

IRJET- Efficient Geometric Range Search on RTREE Occupying Encrypted Spatial ...

IRJET Journal

Migration to microsoft_azure_with_zscaler

Zscaler

Cloud Storage System like Dropbox

IRJET Journal

IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC

IRJET Journal

IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC

IRJET Journal

Re-Invent 23 recap @ AWS UserGroup meetup

AbhiniveshJain1

IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...

IRJET Journal

IRJET- Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage

IRJET Journal

El camino hacia el éxito con las bases de datos de grafos, la ciencia de dato...

Neo4j

Moving to the cloud azure, office365, and intune - concurrencyConcurrency, Inc.

Introduction to PySpark

Russell Jurney

Predictive analytics and Visualization. Towards Data Driven Insights for Open...

Yathiraj Udupi, Ph.D.

Network Visibility For Openstack Operations

Debojyoti Dutta

Keynote - Cloudy Vision: How Cloud Integration Complicates Security

CloudVillage

The cloud is compelling and in many cases necessary for organizations to effectively operate. Cloud security, on the other hand, is not as clear. Many cloud services need a hook into the on-premises environment in order to synchronize users and groups. Additionally, cloud security controls vary by the provider in availability, capability, and cost. This results in a disjointed view of user authentication, security, and potential configuration issues. This talk explores some common cloud configuration scenarios and associated security issues.

Survey on Lightweight Secured Data Sharing Scheme for Cloud Computing

IRJET Journal

Similar to Starbase: Graph-Based Security Analysis for Everyone (20)

The perfect couple: Uniting Large Language Models and Knowledge Graphs for En...

Microsoft Azure News - 2018 April

Security Operations, Engineering, and Intelligence Integration through the po...

Best Practices in Security with PostgreSQL

IRJET- Efficient Geometric Range Search on RTREE Occupying Encrypted Spatial ...

Migration to microsoft_azure_with_zscaler

Cloud Storage System like Dropbox

IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC

Re-Invent 23 recap @ AWS UserGroup meetup

IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...

IRJET- Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage

El camino hacia el éxito con las bases de datos de grafos, la ciencia de dato...

Moving to the cloud azure, office365, and intune - concurrency

Introduction to PySpark

Predictive analytics and Visualization. Towards Data Driven Insights for Open...

Network Visibility For Openstack Operations

Keynote - Cloudy Vision: How Cloud Integration Complicates Security

Survey on Lightweight Secured Data Sharing Scheme for Cloud Computing

More from Neo4j

Atelier - Architecture d’applications de Graphes - GraphSummit Paris

Neo4j

Atelier - Architecture d’applications de Graphes Participez à cet atelier pratique animé par des experts de Neo4j qui vous guideront pour découvrir l’intelligence contextuelle. En utilisant un jeu de données réel, nous construirons étape par étape une solution de graphes ; de la construction du modèle de données de graphes à l’exécution de requêtes et à la visualisation des données. L’approche sera applicable à de multiples cas d’usages et industries.

Atelier - Innover avec l’IA Générative et les graphes de connaissances

Neo4j

Atelier - Innover avec l’IA Générative et les graphes de connaissances Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement. Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris

Neo4j

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris

Neo4j

FLOA - Détection de Fraude - GraphSummit Paris

Neo4j

SOPRA STERIA - GraphRAG : repousser les limitations du RAG via l’utilisation ...

Neo4j

Romain CAMPOURCY – Architecte Solution, Sopra Steria Patrick MEYER – Architecte IA Groupe, Sopra Steria La Génération de Récupération Augmentée (RAG) permet la réponse à des questions d’utilisateur sur un domaine métier à l’aide de grands modèles de langage. Cette technique fonctionne correctement lorsque la documentation est simple mais trouve des limitations dès que les sources sont complexes. Au travers d’un projet que nous avons réalisé, nous vous présenterons l’approche GraphRAG, une nouvelle approche qui utilise une base Neo4j générée pour améliorer la compréhension des documents et la synthèse d’informations. Cette méthode surpasse l’approche RAG en fournissant des réponses plus holistiques et précises.

ADEO - Knowledge Graph pour le e-commerce, entre challenges et opportunités ...

Neo4j

Charles Gouwy, Business Product Leader, Adeo Services (Groupe Leroy Merlin) Alors que leur Knowledge Graph est déjà intégré sur l’ensemble des expériences d’achat de leur plateforme e-commerce depuis plus de 3 ans, nous verrons quelles sont les nouvelles opportunités et challenges qui s’ouvrent encore à eux grâce à leur utilisation d’une base de donnée de graphes et l’émergence de l’IA.

GraphSummit Paris - The art of the possible with Graph Technology

Neo4j

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

GraphAware - Transforming policing with graph-based intelligence analysis

Neo4j

Petr Matuska, Sales & Sales Engineering Lead, GraphAware Western Australia Police Force’s adoption of Neo4j and the GraphAware Hume graph analytics platform marks a significant advancement in data-driven policing. Facing the challenges of growing volumes of valuable data scattered in disconnected silos, the organisation successfully implemented Neo4j database and Hume, consolidating data from various sources into a dynamic knowledge graph. The result was a connected view of intelligence, making it easier for analysts to solve crime faster. The partnership between Neo4j and GraphAware in this project demonstrates the transformative impact of graph technology on law enforcement’s ability to leverage growing volumes of valuable data to prevent crime and protect communities.

GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates

Neo4j

KLARNA - Language Models and Knowledge Graphs: A Systems Approach

Neo4j

INGKA DIGITAL: Linked Metadata by Design

Neo4j

Your enemies use GenAI too - staying ahead of fraud with Neo4j

Neo4j

Delivered by Michael Down at Gartner Data & Analytics Summit London 2024 - Your enemies use GenAI too: Staying ahead of fraud with Neo4j. Fraudsters exploit the latest technologies like generative AI to stay undetected. Static applications can’t adapt quickly enough. Learn why you should build flexible fraud detection apps on Neo4j’s native graph database combined with advanced data science algorithms. Uncover complex fraud patterns in real-time and shut down schemes before they cause damage.

BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx

Neo4j

Delivered by Sreenath Gopalakrishna, Director of Software Engineering at BT, and Dr Jim Webber, Chief Scientist at Neo4j, at Gartner Data & Analytics Summit London 2024 this presentation examines how knowledge graphs and GenAI combine in real-world solutions. BT Group has used the Neo4j Graph Database to enable impressive digital transformation programs over the last 6 years. By re-imagining their operational support systems to adopt self-serve and data lead principles they have substantially reduced the number of applications and complexity of their operations. The result has been a substantial reduction in risk and costs while improving time to value, innovation, and process automation. Future innovation plans include the exploration of uses of EKG + Generative AI.

Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan

Neo4j

More from Neo4j (20)