Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
1
Modeling Cybersecurity Cases
with Graph Data Models
Gal Bello
Field Engineering, Israel

Neo4j, Inc. All rights reserved 2023
❖ Hello!
❖ Cybersecurity
➢ The Problem, the Graph Solution
➢ Real-life Insights
❖ Graph Data Modeling
➢ Real-Life Modeling Examples
➢ Cybersecurity Graph Modeling
Practice
❖ Q&A
❖ Goodbye!
Agenda

Neo4j, Inc. All rights reserved 2023
Gal Bello
Field Engineering, Israel
@Gal_Bello
Linkedin.com/in/galbello/
What’s the thing you like most about Neo4j?
“Neo4j is not just only one of the most innovative companies around the globe, it also leads a
positive cultural approach to its employees, customers, partners and community members:
Diversity & inclusion, open minded, acceptance & positiveness assumption.”

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
CYBERSECURITY
4

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
5
“Cybersecurity is the practice of defending
computers, servers, mobile devices, electronic
systems, networks, and Data from malicious
attacks.”
“
(Wikipedia)
Cyber
Security
Cybersecurity
What is Cybersecurity?

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
6
“Cybersecurity is the practice of defending
computers, servers, mobile devices, electronic
systems, networks, and Data from malicious
attacks.”
“
(Wikipedia)
Cyber
Security
Cybersecurity
What is Cybersecurity?

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
THE PROBLEM
7

Neo4j, Inc. All rights reserved 2023
Cybersecurity analysts have to capture, store,
analyze and potentially explore vast amounts of
rapidly evolving information.
The Problem:

Neo4j, Inc. All rights reserved 2023
Cybersecurity analysts have to capture, store,
analyze and potentially explore vast amounts of
rapidly evolving information.
The Problem:

Neo4j, Inc. All rights reserved 2023
Cybersecurity analysts have to capture, store,
analyze and potentially explore vast amounts of
rapidly evolving information.
The Problem:

Neo4j, Inc. All rights reserved 2023
Cybersecurity analysts have to capture, store,
analyze and potentially explore vast amounts of
rapidly evolving information.
The Problem:

Neo4j, Inc. All rights reserved 2023
Cybersecurity analysts have to capture, store,
analyze and potentially explore vast amounts of
rapidly evolving information.
The Problem:

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
GRAPH SOLUTION
13

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
WHAT IS A GRAPH?
vs

Neo4j, Inc. All rights reserved 2023
A Graph Is...
...a set of discrete entities, each of which has some set of relationships with the
other entities

Neo4j, Inc. All rights reserved 2023
A Graph Is...
...a set of discrete entities, each of which has some set of relationships with
the other entities
Seven Bridges of Konigsberg problem. Leonhard Euler, 1735

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
WHEN
17

Neo4j, Inc. All rights reserved 2023
It’s Not only What You Know

Neo4j, Inc. All rights reserved 2023
It’s How is it Connected

Neo4j, Inc. All rights reserved 2023
It’s How is it Connected and Shines Out

Neo4j, Inc. All rights reserved 2023
Digitized and Analog
World of Cybersecurity
Constantly Evolving Few and Many Players
“One Step Ahead”
Simple and Complex
Organized in
groups
Synthetic
Identities
Stolen
Identities
Hijacked
Devices

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
Pattern 1 Pattern 2
Detect and Respond (React!)
Raw Data Anomalies
Cybersecurity Prevention
is About
Reacting to
Patterns
(and doing it fast!)

Neo4j, Inc. All rights reserved 2023
INVESTIGATE
Revolving Debt
Number of Accounts
INVESTIGATE
Normal behavior
Cybersecurity – With District Analysis

Neo4j, Inc. All rights reserved 2023
Revolving Debt
Number of Accounts
Normal behavior
Cyber Attackers Pattern
Cybersecurity – With District Analysis

Neo4j, Inc. All rights reserved 2023

Neo4j, Inc. All rights reserved 2023
Graph Database could assist companies secure
their data, by leveraging the connections within the
datasets.
The Solution:

Neo4j, Inc. All rights reserved 2023
Graph Database could assist companies secure
their data, by leveraging the connections within
the datasets.
The Solution:

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
REAL-LIFE INSIGHTS
28

Neo4j, Inc. All rights reserved 2023
Around is
expected to be spent
on CS by 2023
$6T

Neo4j, Inc. All rights reserved 2023
The Cybersecurity
market worth is: $155B

Neo4j, Inc. All rights reserved 2023
of
Cybersecurity marketshare
is for Financial Services
and Insurances
20%

Neo4j, Inc. All rights reserved 2023
Every seconds
there is a hacker attack
39

Neo4j, Inc. All rights reserved 2023
The average cost of a
data breach is
across SMBs
$3.9M

Neo4j, Inc. All rights reserved 2023
of malware is
delivered using email
92%

Neo4j, Inc. All rights reserved 2023
of Cybersecurity
breaches are due to
Human error
39%

Neo4j, Inc. All rights reserved 2023
of
Cyber attacks target
Enterprise companies
57%

Neo4j, Inc. All rights reserved 2023
experienced
phishing & social
engineering attacks
62%

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
GRAPH DATA
MODELING
38

Neo4j, Inc. All rights reserved 2023
Graph Data Modeling is a collaborative effort by different
Stakeholders and Developers.
What is Graph Data Modeling?
The application domain will be analyzed by all stakeholders, developers and participants
to develop a Graph Data Model that will support and answer all “Money” queries.

© 2023 Neo4j, Inc. All rights reserved.
High-Level Approach building a Graph Data Model
1. DOMAIN
Understand the domain you
try to model
5. First Data Model
Build your first data model with all
stakeholders involved and load sample data
2. Sample Data
Get accurate sample data
you understand
4.Identify entities & connections
Find entities & connections that
are part of your data model
3. Q & A from Business
Define Questions & Answers
the Business wants to
understand
Graph Data Model
First Phase
Go to next steps

© 2023 Neo4j, Inc. All rights reserved.
9. Interactive Components
Build dashboards, Bloom
perspectives, Jupyter NBs, or
other interactive components to
demonstrate your graph data.
8. Scalability
If possible, test scalability. If
not make sure your data
model does scale.
7. Refine Data Model
Refine your Data Model
eventually, if it improves
answers
6. Test questions
Test your questions against
your model and data by
writing Cypher queries
Graph Data Model
Second Phase
coming from prev. steps
High-Level Approach building a Graph Data Model

© 2023 Neo4j, Inc. All rights reserved.
42
Recommended Stakeholders: Building a Graph Data Model
● Maintain / Extend graph
● Help to precise data model
objects like Labels,
Relationships, etc.
50%
● Build UIs, Dashboards,
etc.
● Know what is missing today
50%
● Build and operate data
loading (ETL process)
● Provide answers and rating
for results to above questions
95%
● Build the Graph
● Provide questions they want
to ask
95%
● Translate questions into
Cypher queries / scripts
● Add domain knowledge
100%
Domain Experts
95%
Consultants / Developers
100%
95%
75%
95%

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
MODELING EXAMPLE
43

Neo4j, Inc. All rights reserved 2023
Law
Enforcement
Use Case:
Information and Data
Synchronization in
Law Enforcement
Law Enforcement Agencies use
Neo4j to model the information
into graphs to improve efficiency
and make direct and implicit
patterns readily apparent in real
time.
A suspect often appears in several
different databases
Financial records
Convictions
Adresses
Vehicles
Traffic cameras
Arrests
Police Reports
Appears_in
Has
H
a
s
H
a
s
Owns Registered
SUSPECT
Has

Neo4j, Inc. All rights reserved 2023
SSN 2
ACCOUNT
HOLDER 2
ACCOUNT
HOLDER 1
ACCOUNT
HOLDER 3
CREDIT
CARD
BANK
ACCOUNT
BANK
ACCOUNT
BANK
ACCOUNT
ADDRESS
PHONE
NUMBER
PHONE
NUMBER
UNSECURED
LOAN
SSN 2
UNSECURED
LOAN
Banking
Use Case:
Modeling Fraud
Rings as Graphs
Organizing a fraud ring in the real
world is relatively simple. A group of
people share their personal
information to create synthetic
identities. For example with just 2
individuals sharing names and social
security numbers can create 4
different identities. This can be
discovered with connected analysis.

Neo4j, Inc. All rights reserved 2023
Government
• Better Services
• More Consistency
• Saves Time
• Coordinates Efforts
MARRIED_TO
L
I
V
E
S
_
A
T
LIVES_AT
FATHER_OF
ENROLLED_IN
OWNS
OWNS
ID#
PHONE
EMAIL
H
A
S
HAS
HAS
MOTHER_OF
ID#
PHONE
EMAIL

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
BUILDING a
GRAPH DATA MODEL
47

Neo4j, Inc. All rights reserved 2023 01
Employee A
Employee B
Employee C
Employee D
Employee Z

Neo4j, Inc. All rights reserved 2023 01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100

Neo4j, Inc. All rights reserved 2023 01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100

Neo4j, Inc. All rights reserved 2023 01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
BANK
ACCOUNT ADDRESS

Neo4j, Inc. All rights reserved 2023 01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
BANK
ACCOUNT ADDRESS
PROJECT A PROJECT B
Project C
Department 200 Department 300

Neo4j, Inc. All rights reserved 2023 01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
Bank
Account Address
Project C
Documents
Documents

Neo4j, Inc. All rights reserved 2023 01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
Bank
Account Address
Project C
Documents
Documents
PRODUCTION
SERVERS

Neo4j, Inc. All rights reserved 2023 01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
Bank
Account
Address
Project C
Documents
Documents
PRODUCTION
SERVERS
:PUBLISHED_ON
:SAVED_ON
:WORKS_AT
:MANAGES

Neo4j, Inc. All rights reserved 2023
Cybersecurity
01
Employee A
Employee B
Employee C
Employee D
Employee Z
Department 100
Bank
Account
Address
Project C
Documents
Documents
PRODUCTION
SERVERS
:PUBLISHED_ON
:SAVED_ON
:WORKS_AT
:MANAGES
PHISHING
EMAILS
Hacker

Neo4j, Inc. All rights reserved 2023 01
Employee Z
HACKER
Project A
Department 22
Bank
Account
Address
Documents
PRODUCTION
SERVERS
Cybersecurity
PHISHING
EMAIL
PHISHING
EMAIL
PUBLISHED_ON
Employee A
Employee B
Employee C
Department 4
Project B Project C

Neo4j, Inc. All rights reserved 2023
Start Your Graph Journey
neo4j.com/cloud/aura-free/
Learn
neo4j.com/graphacademy/
neo4j.com/developer
udemy.com/course/neo4j-foundations/
Contact Us
Gal.Bello@Neo4j.com
Info@Neo4j.com
Now What

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
QUESTIONS
59

Neo4j, Inc. All rights reserved 2023
Neo4j, Inc. All rights reserved 2023
60
Thank you!
Gal Bello