SlideShare una empresa de Scribd logo

Cyber security and attack analysis : how Cisco uses graph analytics

Linkurious
Linkurious

Cyber security and attack analysis : how Cisco uses graph analytics

Software
1 de 29
Descargar para leer sin conexión
SAS founded in 2013 in Paris | http://linkurio.us | @linkurious Cyber security and attack analysis : how Cisco use graph analytics.
Introduction. Software Engineer Engineer (La Belle Assiette) CS at Epitech and Beijing University CMO >5 years in consulting MSc Political sciences and Competitive Intelligence Jean Villedieu Sébastien Heymann Romain Yon Pierrick Paul CEO Gephi Founder Phd in Computer Science and Complex Systems CTO Engineer (Microsoft, Spotify) Machine Learning at Georgia Tech Linkurious is a French startup founded in 2013.
Father Of Father Of Siblings What is a graph ? This is a graph.
Father Of Father Of Siblings This is a node This is a relationship What is a graph ? / Nodes & relationshipsWhat is a graph : nodes and relationships. A graph is a set of nodes linked by relationships.
Some of the domains in which our customers use graphs. People, objects, movies, restaurants, music… Suggest new contacts, help discover new music Antennas, servers, phones, people… Diminish network outages Supplier, roads, warehouses, products… Diminish transportation cost, optimize delivery Supply chains Social networks Communications Differents domains where graphs are important.
Source : http://www.reuters.com/article/2014/06/09/us-cybersecurity-mcafee-csis-idUSKBN0EK0SV20140609 $445 billion The cost of cyber criminality. Cyber crime costs the global economy $445 billion per year.
Some of the latest victims. No company is immuned from cyber criminality.
A data problem. IP logs, network logs, communications logs, web server logs, etc.
The IT systems generate new data constantly. The data is coming from different sources, is incomplete and evolves. Hard to use a structured data model. For big organizations, storing years of raw data means a total volume in high TBs or low PBs. The IT security data is complex. The challenges of working with complex data. Large Unstructured Dynamic
How to make sense of complex data. Can IT security teams answer that challenge?
Graphs are perfect to extract insights from complex data. Graphs help make sense of complex data.
How to use graph analytics to fight back against a cyber attack? A concrete example. Inspired by a real use case demonstrated by Cisco.
In April 2014, a zero-day vulnerability in IE is identified. A zero-day vulnerability. A newly discovered vulnerability in Internet Explorer allows an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is known in the security community. A group of hackers decide to use it before a patch fixes the vulnerability. The identification information is captured by the hackers. They can use it to penetrate the company IT. The hackers send mails to a few people in one company. They are asked to login into a seemingly innocuous website. The vulnerability is known A phishing attack uses it A company is immediately targeted by a phishing attack. The 3 steps of the attack. Computers are compromised
A not so innocent mail. The mail sent by the hackers.
The hackers used the domain inform.bedircati.com + profile.sweeneyphotos.com, web.neonbilisim.com and web.usamultimeters.com. The domain names used in the attack. The domains names used in the attack are identified.
Information about one domain. Information about these domains are publicly available.
Modelling information as a graph. That data can be modeled as a graph.
The graph model reveals the connections in the data. This helps streamline the identification of connections. Domain A is connected to Domain C through a Name Server or a MX Record, Domain B and Host B.
Can we prevent more attacks? How to use the information.
The traditional approach. The 7 sins of looking for connections with tabular tools.
It helps human interpret the data and make smart decisions. Graph analytics? Graph visualization? It helps to analyse large datasets to find interesting data. Combining graph analysis and graph visualization. Combine automatic analysis and human interpretation.
A query to get all the domains connected to the attackers. Step 1 : graph analysis. MATCH (baddomain:Domain_name)-[r*2]-(suspiciousdomains:Domain_name) WHERE baddomain.reputation = 'Very negative reputation' RETURN DISTINCT suspiciousdomains This query is written with Cypher the Neo4j query language. It returns us 25 results.
Step 2 : graph visualization. First, we identify the attackers. The initial domain names identified as rogues. A public registrar. Good domains.
Then we identify the domains they are connected to. Step 2 : graph visualization. In pink are previously unknown domains connected to the known attackers.
Cyber security at Cisco. Cisco uses graphs to prevent cyber attacks. Cisco maintain a list of the compromised domains and IP addresses. Through its data collection program, Cisco has good information on 25 to 30 million Internet domains. Graph analytics enable Cisco to use data collected via its customers to maintain this list up to date. The information is the used to block known malicious domains and thwart cyber attacks. Behind the scenes. Cisco’s Global Security Intelligence Operations (SIO) group operates a 60-node, 1,000-core Hadoop cluster. Every day it receives about 20 TB of new raw log data. To store and anlyse the data, Cisco uses a few graph technologies like GraphLab (a machine learning solution specialized in graph data), Titan (an open-source graph database) and Faunus (an open-source graph analytics engine).
You can do it too! Try Linkurious.
Contact us to discuss your projects at contact@linkurio.us Conclusion
GraphGIst : http://gist.neo4j.org/?40caddf1d7537bce962e Blog post on attack analysis : Sample dataset : https://www.dropbox.com/s/7vburpnl4yik8z1/Attack% 20Analysis.zip Original CIsco article : http://blogs.cisco.com/security/attack-analysis-with-a-fast- graph/ Additional resources.

Recomendados

Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
Dr David Probert
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
Hussein Al-Sanabani
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
Suchita Rawat
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 

Recomendados

Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
Dr David Probert
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
Hussein Al-Sanabani
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
Suchita Rawat
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Big Data Analytics
Big Data AnalyticsBig Data Analytics
Big Data Analytics
Global Business Solutions SME
 
DLP
DLPDLP
DLP
saurabh.sood
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
April Mardock CISSP
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
Symantec
 
Introduction to Data Analytics
Introduction to Data AnalyticsIntroduction to Data Analytics
Introduction to Data Analytics
Utkarsh Sharma
 
Big data
Big dataBig data
Big data
Pooja Shah
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
Resilient Systems
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
Safwan Talab
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
Role of Machine Learning Techniques in COVID-19 Prediction and Detection
Role of Machine Learning Techniques in COVID-19 Prediction and DetectionRole of Machine Learning Techniques in COVID-19 Prediction and Detection
Role of Machine Learning Techniques in COVID-19 Prediction and Detection
IRJET Journal
 
Introduction to data analytics
Introduction to data analyticsIntroduction to data analytics
Introduction to data analytics
Umasree Raghunath
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Roberto Ellis
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Nicholas Davis
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
dj1arry
 
Introduction to the graph technologies landscape
Introduction to the graph technologies landscapeIntroduction to the graph technologies landscape
Introduction to the graph technologies landscape
Linkurious
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
Neo4j
 

Más contenido relacionado

La actualidad más candente

New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
Resilient Systems
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
Safwan Talab
 

La actualidad más candente (20)

Big Data Analytics
Big Data AnalyticsBig Data Analytics
Big Data Analytics
 
DLP
DLPDLP
DLP
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
Introduction to Data Analytics
Introduction to Data AnalyticsIntroduction to Data Analytics
Introduction to Data Analytics
 
Big data
Big dataBig data
Big data
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Role of Machine Learning Techniques in COVID-19 Prediction and Detection
Role of Machine Learning Techniques in COVID-19 Prediction and DetectionRole of Machine Learning Techniques in COVID-19 Prediction and Detection
Role of Machine Learning Techniques in COVID-19 Prediction and Detection
 
Introduction to data analytics
Introduction to data analyticsIntroduction to data analytics
Introduction to data analytics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 

Destacado

Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Brent Guglielmino
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]
Jamie Jackson
 
Qr codes + ipads
Qr codes + ipadsQr codes + ipads
Qr codes + ipads
techiesue
 
An overview of mobile html + java script frameworks
An overview of mobile html + java script frameworksAn overview of mobile html + java script frameworks
An overview of mobile html + java script frameworks
Sasha dos Santos
 
Content curation
Content curationContent curation
Content curation
techiesue
 
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
Avery Ching
 

Destacado (20)

Introduction to the graph technologies landscape
Introduction to the graph technologies landscapeIntroduction to the graph technologies landscape
Introduction to the graph technologies landscape
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
 
How to identify reshipping scams with Neo4j
How to identify reshipping scams with Neo4jHow to identify reshipping scams with Neo4j
How to identify reshipping scams with Neo4j
 
Using graph technologies to fight fraud
Using graph technologies to fight fraudUsing graph technologies to fight fraud
Using graph technologies to fight fraud
 
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
 
Cyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseCyber Criminals And Cyber Defense
Cyber Criminals And Cyber Defense
 
Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]
 
Qr codes + ipads
Qr codes + ipadsQr codes + ipads
Qr codes + ipads
 
An overview of mobile html + java script frameworks
An overview of mobile html + java script frameworksAn overview of mobile html + java script frameworks
An overview of mobile html + java script frameworks
 
Content curation
Content curationContent curation
Content curation
 
Serious Games + Computer Science = Serious CS
Serious Games + Computer Science = Serious CSSerious Games + Computer Science = Serious CS
Serious Games + Computer Science = Serious CS
 
Cell Phone Jammer , Intro
Cell Phone Jammer , IntroCell Phone Jammer , Intro
Cell Phone Jammer , Intro
 
How to apply graphs to network management
How to apply graphs to network managementHow to apply graphs to network management
How to apply graphs to network management
 
Dossier presentation bmr_associés
Dossier presentation bmr_associésDossier presentation bmr_associés
Dossier presentation bmr_associés
 
Introduction to OpenCV
Introduction to OpenCVIntroduction to OpenCV
Introduction to OpenCV
 
New opportunities for connected data : Neo4j the graph database
New opportunities for connected data : Neo4j the graph databaseNew opportunities for connected data : Neo4j the graph database
New opportunities for connected data : Neo4j the graph database
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
12th CBSE Computer Science Project
12th CBSE Computer Science Project 12th CBSE Computer Science Project
12th CBSE Computer Science Project
 
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
 

Similar a Cyber security and attack analysis : how Cisco uses graph analytics

OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
AngelGomezRomero
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
PECB
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
ijtsrd
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Pixel Crayons
 
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data MiningCollusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
dbpublications
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
Tiffany Sandoval
 

Similar a Cyber security and attack analysis : how Cisco uses graph analytics (20)

OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Secureview 3
Secureview 3Secureview 3
Secureview 3
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 
IRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing Websites
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data MiningCollusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 

Más de Linkurious

Graph-based Product Lifecycle Management
Graph-based Product Lifecycle ManagementGraph-based Product Lifecycle Management
Graph-based Product Lifecycle Management
Linkurious
 
Detecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and LinkuriousDetecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and Linkurious
Linkurious
 

Más de Linkurious (20)

Using graph technology for multi-INT investigations
Using graph technology for multi-INT investigationsUsing graph technology for multi-INT investigations
Using graph technology for multi-INT investigations
 
Webinar: What's new in Linkurious Enterprise 2.8
Webinar: What's new in Linkurious Enterprise 2.8Webinar: What's new in Linkurious Enterprise 2.8
Webinar: What's new in Linkurious Enterprise 2.8
 
Graph-based intelligence analysis
Graph-based intelligence analysis Graph-based intelligence analysis
Graph-based intelligence analysis
 
What's new in Linkurious Enterprise 2.7
What's new in Linkurious Enterprise 2.7What's new in Linkurious Enterprise 2.7
What's new in Linkurious Enterprise 2.7
 
How to visualize Cosmos DB graph data
How to visualize Cosmos DB graph dataHow to visualize Cosmos DB graph data
How to visualize Cosmos DB graph data
 
GraphTech Ecosystem - part 3: Graph Visualization
GraphTech Ecosystem - part 3: Graph VisualizationGraphTech Ecosystem - part 3: Graph Visualization
GraphTech Ecosystem - part 3: Graph Visualization
 
Getting started with Cosmos DB + Linkurious Enterprise
Getting started with Cosmos DB + Linkurious EnterpriseGetting started with Cosmos DB + Linkurious Enterprise
Getting started with Cosmos DB + Linkurious Enterprise
 
GraphTech Ecosystem - part 2: Graph Analytics
GraphTech Ecosystem - part 2: Graph Analytics GraphTech Ecosystem - part 2: Graph Analytics
GraphTech Ecosystem - part 2: Graph Analytics
 
GraphTech Ecosystem - part 1: Graph Databases
GraphTech Ecosystem - part 1: Graph DatabasesGraphTech Ecosystem - part 1: Graph Databases
GraphTech Ecosystem - part 1: Graph Databases
 
3 types of fraud graph analytics can help defeat
3 types of fraud graph analytics can help defeat3 types of fraud graph analytics can help defeat
3 types of fraud graph analytics can help defeat
 
Graph analytics in Linkurious Enterprise
Graph analytics in Linkurious EnterpriseGraph analytics in Linkurious Enterprise
Graph analytics in Linkurious Enterprise
 
Graph technology and data-journalism: the case of the Paradise Papers
Graph technology and data-journalism: the case of the Paradise PapersGraph technology and data-journalism: the case of the Paradise Papers
Graph technology and data-journalism: the case of the Paradise Papers
 
Visualize the Knowledge Graph and Unleash Your Data
Visualize the Knowledge Graph and Unleash Your DataVisualize the Knowledge Graph and Unleash Your Data
Visualize the Knowledge Graph and Unleash Your Data
 
Graph-based Product Lifecycle Management
Graph-based Product Lifecycle ManagementGraph-based Product Lifecycle Management
Graph-based Product Lifecycle Management
 
Fraudes Financières: Méthodes de Prévention et Détection
Fraudes Financières: Méthodes de Prévention et DétectionFraudes Financières: Méthodes de Prévention et Détection
Fraudes Financières: Méthodes de Prévention et Détection
 
Detecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and LinkuriousDetecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and Linkurious
 
Graph-based Network & IT Management.
Graph-based Network & IT Management.Graph-based Network & IT Management.
Graph-based Network & IT Management.
 
Graph-powered data lineage in Finance
Graph-powered data lineage in FinanceGraph-powered data lineage in Finance
Graph-powered data lineage in Finance
 
Using Linkurious in your Enterprise Architecture projects
Using Linkurious in your Enterprise Architecture projectsUsing Linkurious in your Enterprise Architecture projects
Using Linkurious in your Enterprise Architecture projects
 
Linkurious SDK: Build enterprise-ready graph applications faster
Linkurious SDK: Build enterprise-ready graph applications fasterLinkurious SDK: Build enterprise-ready graph applications faster
Linkurious SDK: Build enterprise-ready graph applications faster
 

Último

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 

Último (20)

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 

Cyber security and attack analysis : how Cisco uses graph analytics

  • 1. SAS founded in 2013 in Paris | http://linkurio.us | @linkurious Cyber security and attack analysis : how Cisco use graph analytics.
  • 2. Introduction. Software Engineer Engineer (La Belle Assiette) CS at Epitech and Beijing University CMO >5 years in consulting MSc Political sciences and Competitive Intelligence Jean Villedieu Sébastien Heymann Romain Yon Pierrick Paul CEO Gephi Founder Phd in Computer Science and Complex Systems CTO Engineer (Microsoft, Spotify) Machine Learning at Georgia Tech Linkurious is a French startup founded in 2013.
  • 3. Father Of Father Of Siblings What is a graph ? This is a graph.
  • 4. Father Of Father Of Siblings This is a node This is a relationship What is a graph ? / Nodes & relationshipsWhat is a graph : nodes and relationships. A graph is a set of nodes linked by relationships.
  • 5. Some of the domains in which our customers use graphs. People, objects, movies, restaurants, music… Suggest new contacts, help discover new music Antennas, servers, phones, people… Diminish network outages Supplier, roads, warehouses, products… Diminish transportation cost, optimize delivery Supply chains Social networks Communications Differents domains where graphs are important.
  • 6. Source : http://www.reuters.com/article/2014/06/09/us-cybersecurity-mcafee-csis-idUSKBN0EK0SV20140609 $445 billion The cost of cyber criminality. Cyber crime costs the global economy $445 billion per year.
  • 7. Some of the latest victims. No company is immuned from cyber criminality.
  • 8. A data problem. IP logs, network logs, communications logs, web server logs, etc.
  • 9. The IT systems generate new data constantly. The data is coming from different sources, is incomplete and evolves. Hard to use a structured data model. For big organizations, storing years of raw data means a total volume in high TBs or low PBs. The IT security data is complex. The challenges of working with complex data. Large Unstructured Dynamic
  • 10. How to make sense of complex data. Can IT security teams answer that challenge?
  • 11. Graphs are perfect to extract insights from complex data. Graphs help make sense of complex data.
  • 12. How to use graph analytics to fight back against a cyber attack? A concrete example. Inspired by a real use case demonstrated by Cisco.
  • 13. In April 2014, a zero-day vulnerability in IE is identified. A zero-day vulnerability. A newly discovered vulnerability in Internet Explorer allows an unauthenticated, remote attacker to execute arbitrary code.
  • 14. The vulnerability is known in the security community. A group of hackers decide to use it before a patch fixes the vulnerability. The identification information is captured by the hackers. They can use it to penetrate the company IT. The hackers send mails to a few people in one company. They are asked to login into a seemingly innocuous website. The vulnerability is known A phishing attack uses it A company is immediately targeted by a phishing attack. The 3 steps of the attack. Computers are compromised
  • 15. A not so innocent mail. The mail sent by the hackers.
  • 16. The hackers used the domain inform.bedircati.com + profile.sweeneyphotos.com, web.neonbilisim.com and web.usamultimeters.com. The domain names used in the attack. The domains names used in the attack are identified.
  • 17. Information about one domain. Information about these domains are publicly available.
  • 18. Modelling information as a graph. That data can be modeled as a graph.
  • 19. The graph model reveals the connections in the data. This helps streamline the identification of connections. Domain A is connected to Domain C through a Name Server or a MX Record, Domain B and Host B.
  • 20. Can we prevent more attacks? How to use the information.
  • 21. The traditional approach. The 7 sins of looking for connections with tabular tools.
  • 22. It helps human interpret the data and make smart decisions. Graph analytics? Graph visualization? It helps to analyse large datasets to find interesting data. Combining graph analysis and graph visualization. Combine automatic analysis and human interpretation.
  • 23. A query to get all the domains connected to the attackers. Step 1 : graph analysis. MATCH (baddomain:Domain_name)-[r*2]-(suspiciousdomains:Domain_name) WHERE baddomain.reputation = 'Very negative reputation' RETURN DISTINCT suspiciousdomains This query is written with Cypher the Neo4j query language. It returns us 25 results.
  • 24. Step 2 : graph visualization. First, we identify the attackers. The initial domain names identified as rogues. A public registrar. Good domains.
  • 25. Then we identify the domains they are connected to. Step 2 : graph visualization. In pink are previously unknown domains connected to the known attackers.
  • 26. Cyber security at Cisco. Cisco uses graphs to prevent cyber attacks. Cisco maintain a list of the compromised domains and IP addresses. Through its data collection program, Cisco has good information on 25 to 30 million Internet domains. Graph analytics enable Cisco to use data collected via its customers to maintain this list up to date. The information is the used to block known malicious domains and thwart cyber attacks. Behind the scenes. Cisco’s Global Security Intelligence Operations (SIO) group operates a 60-node, 1,000-core Hadoop cluster. Every day it receives about 20 TB of new raw log data. To store and anlyse the data, Cisco uses a few graph technologies like GraphLab (a machine learning solution specialized in graph data), Titan (an open-source graph database) and Faunus (an open-source graph analytics engine).
  • 27. You can do it too! Try Linkurious.
  • 28. Contact us to discuss your projects at contact@linkurio.us Conclusion
  • 29. GraphGIst : http://gist.neo4j.org/?40caddf1d7537bce962e Blog post on attack analysis : Sample dataset : https://www.dropbox.com/s/7vburpnl4yik8z1/Attack% 20Analysis.zip Original CIsco article : http://blogs.cisco.com/security/attack-analysis-with-a-fast- graph/ Additional resources.