Why Building a Digital Twin Graph Will Shore up Your Cybersecurity Defence

Maya Natarajan from graph database leader Neo4j describes how to achieve better cyber resilience management

It’s been a tough few years in cybersecurity. Cyberattacks had already been on the rise for years, with nation-state threat actors and foreign hacking collectives devoting more time and resources to making the life of the CSO as challenging as possible. At the same time, there is a shortfall in talented staff available to fight these threats.

Then COVID-19 struck, forcing many businesses to shut down their physical buildings, which created an unprecedented demand and pressure on digital platforms as businesses shifted to securing work from home at scale.

And cyberattacks skyrocketed, too. The FBI saw an unprecedented 300 percent increase in cybercrime reports in 2020. Between January and April 2020, there was a 238 percent rise in cyberattacks on financial institutions.

Software supply chain attacks, which exploit vulnerabilities in embedded open source libraries, increased 430 percent in 2020 and continued their meteoric rise with a 650 percent increase in 2021.

Are the odds stacked against us?

This is not news to the IT security industry, which is a field characterised by extreme, unmanageable complexity. Something as straightforward as incident analysis

requires pulling together data and logs from many platforms and tools, for example. In parallel, defenders have an even bigger job. They must protect against every possible attack and patch every possible vulnerability, but an attacker needs to find only one opening to land and expand. Defenders have many responsibilities, and attackers just have to be hyper-focused on finding exploits.

To effectively mitigate against cybersecurity risks, we need advanced data solutions that empower us to correlate and analyze connections at real-world scale. The good news is that there is a weapon against cyber-attacks in the form of graph technology.

A key way to see how is to recognise how criminals approach the problem. As John Lambert, Distinguished Engineer and General Manager, Microsoft Threat Intelligence Center, says, “Defenders think in lists, attackers think in graphs—and as long as this is true, attackers win.”

‘Graphs’ are a way of representing reality in terms of nodes and the connections or relationships between them, but graph databases help you map out the flows between assets you want to protect and the vulnerabilities between them.

Graph databases are a strong fit for cybersecurity, as they integrate many data sources, incorporate large data volumes, and easily reveal dependencies. After all, security data comes from many sources—enterprises tend to have an average of 75 security tools deployed. And security tools are just one type of data source, as many applications and services generate log files that are relevant to cybersecurity.

The advantage of graph databases increases with the size and complexity of the data. With a graph database, you gain a unified visualization of the attack surface and the ability to conduct ongoing cyber risk assessment simply by connecting your resources and users with the activities on your system. You can have predictive, preemptive, and proactive threat identification and cyber risk management with clear attack paths and reachability routes. You can protect systems, detect anomalies in real time, respond with confidence to any incidents and recover quickly.

Security practitioners we’ve worked with are reporting that if you model your infrastructure as a graph, you can:

  1. identify your most valuable assets and target security investments
  2. generate alerts for relevant teams about the impact of incidents across systems
  3. more quickly spot suspicious behaviour, reducing mean time to detection and uncovering insider threats
  4. analyse and rationalise identity and access management to enforce the principle of least privilege.

A new development here is the entrance of the digital twin. By modeling your processes in a digital twin, organisations can quickly access a very extra potent security defence.

Digital twins: a new advance

The kind of living simulation mirroring the real world a digital twin embodies allows security experts to run vulnerability tests without disrupting everyday services. Even better, it’s a technology that can also be used to simulate cyberattacks and help with threat detection and smart decision-making should a breach occur. Plus, digital twins can be used to carry out network analysis across connected IT systems to rapidly help the security team better identify vulnerabilities and quarantine them before they spread to other parts of the infrastructure.

All in all, creating and analysing a graph digital twin of your infrastructure is one of the most effective measures you can take for improving your cybersecurity posture. It’s also very helpful for managing the endless, dynamic complexity of cybersecurity vulnerabilities and threats

Even better, when you create a digital twin of your infrastructure, you will find it serves many other purposes. One graph customer is Finland’s Turku City Data, which is using a  Smart City Knowledge Graph to support its digital twin to address key city priorities such as reducing energy usage and finding routes that optimise delivery speed and transportation resources, as well as identify potential vulnerabilities.

The reality is that graphs are the perfect antidote to complexity—and there is no area more complex than the ever-morphing cybersecurity threat.

The smart CSO move is to get a better handle on cybersecurity problems via modelling them as a graph-based digital twin.

About the Author

Maya Natarajan is Sr. Director Product Marketing at graph data platform leader Neo4j. Neo4j is the world’s leading graph data platform. We help organizations – including Comcast, ICIJ, NASA, UBS, and Volvo Cars – capture the rich context of the real world that exists in their data to solve challenges of any size and scale. Our customers transform their industries by curbing financial fraud and cybercrime, optimizing global networks, accelerating breakthrough research, and providing better recommendations. Neo4j delivers real-time transaction processing, advanced AI/ML, intuitive data visualization, and more.

Featured image: ©Komjomo