SlideShare ist ein Scribd-Unternehmen logo

Cyber security and attack analysis : how Cisco uses graph analytics

Linkurious
Linkurious

Cyber security and attack analysis : how Cisco uses graph analytics

Software
1 von 29
Downloaden Sie, um offline zu lesen
SAS founded in 2013 in Paris | http://linkurio.us | @linkurious Cyber security and attack analysis : how Cisco use graph analytics.
Introduction. Software Engineer Engineer (La Belle Assiette) CS at Epitech and Beijing University CMO >5 years in consulting MSc Political sciences and Competitive Intelligence Jean Villedieu Sébastien Heymann Romain Yon Pierrick Paul CEO Gephi Founder Phd in Computer Science and Complex Systems CTO Engineer (Microsoft, Spotify) Machine Learning at Georgia Tech Linkurious is a French startup founded in 2013.
Father Of Father Of Siblings What is a graph ? This is a graph.
Father Of Father Of Siblings This is a node This is a relationship What is a graph ? / Nodes & relationshipsWhat is a graph : nodes and relationships. A graph is a set of nodes linked by relationships.
Some of the domains in which our customers use graphs. People, objects, movies, restaurants, music… Suggest new contacts, help discover new music Antennas, servers, phones, people… Diminish network outages Supplier, roads, warehouses, products… Diminish transportation cost, optimize delivery Supply chains Social networks Communications Differents domains where graphs are important.
Source : http://www.reuters.com/article/2014/06/09/us-cybersecurity-mcafee-csis-idUSKBN0EK0SV20140609 $445 billion The cost of cyber criminality. Cyber crime costs the global economy $445 billion per year.
Some of the latest victims. No company is immuned from cyber criminality.
A data problem. IP logs, network logs, communications logs, web server logs, etc.
The IT systems generate new data constantly. The data is coming from different sources, is incomplete and evolves. Hard to use a structured data model. For big organizations, storing years of raw data means a total volume in high TBs or low PBs. The IT security data is complex. The challenges of working with complex data. Large Unstructured Dynamic
How to make sense of complex data. Can IT security teams answer that challenge?
Graphs are perfect to extract insights from complex data. Graphs help make sense of complex data.
How to use graph analytics to fight back against a cyber attack? A concrete example. Inspired by a real use case demonstrated by Cisco.
In April 2014, a zero-day vulnerability in IE is identified. A zero-day vulnerability. A newly discovered vulnerability in Internet Explorer allows an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is known in the security community. A group of hackers decide to use it before a patch fixes the vulnerability. The identification information is captured by the hackers. They can use it to penetrate the company IT. The hackers send mails to a few people in one company. They are asked to login into a seemingly innocuous website. The vulnerability is known A phishing attack uses it A company is immediately targeted by a phishing attack. The 3 steps of the attack. Computers are compromised
A not so innocent mail. The mail sent by the hackers.
The hackers used the domain inform.bedircati.com + profile.sweeneyphotos.com, web.neonbilisim.com and web.usamultimeters.com. The domain names used in the attack. The domains names used in the attack are identified.
Information about one domain. Information about these domains are publicly available.
Modelling information as a graph. That data can be modeled as a graph.
The graph model reveals the connections in the data. This helps streamline the identification of connections. Domain A is connected to Domain C through a Name Server or a MX Record, Domain B and Host B.
Can we prevent more attacks? How to use the information.
The traditional approach. The 7 sins of looking for connections with tabular tools.
It helps human interpret the data and make smart decisions. Graph analytics? Graph visualization? It helps to analyse large datasets to find interesting data. Combining graph analysis and graph visualization. Combine automatic analysis and human interpretation.
A query to get all the domains connected to the attackers. Step 1 : graph analysis. MATCH (baddomain:Domain_name)-[r*2]-(suspiciousdomains:Domain_name) WHERE baddomain.reputation = 'Very negative reputation' RETURN DISTINCT suspiciousdomains This query is written with Cypher the Neo4j query language. It returns us 25 results.
Step 2 : graph visualization. First, we identify the attackers. The initial domain names identified as rogues. A public registrar. Good domains.
Then we identify the domains they are connected to. Step 2 : graph visualization. In pink are previously unknown domains connected to the known attackers.
Cyber security at Cisco. Cisco uses graphs to prevent cyber attacks. Cisco maintain a list of the compromised domains and IP addresses. Through its data collection program, Cisco has good information on 25 to 30 million Internet domains. Graph analytics enable Cisco to use data collected via its customers to maintain this list up to date. The information is the used to block known malicious domains and thwart cyber attacks. Behind the scenes. Cisco’s Global Security Intelligence Operations (SIO) group operates a 60-node, 1,000-core Hadoop cluster. Every day it receives about 20 TB of new raw log data. To store and anlyse the data, Cisco uses a few graph technologies like GraphLab (a machine learning solution specialized in graph data), Titan (an open-source graph database) and Faunus (an open-source graph analytics engine).
You can do it too! Try Linkurious.
Contact us to discuss your projects at contact@linkurio.us Conclusion
GraphGIst : http://gist.neo4j.org/?40caddf1d7537bce962e Blog post on attack analysis : Sample dataset : https://www.dropbox.com/s/7vburpnl4yik8z1/Attack% 20Analysis.zip Original CIsco article : http://blogs.cisco.com/security/attack-analysis-with-a-fast- graph/ Additional resources.

Empfohlen

Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Kai Wähner
 
[DevDay2019] How AI is changing the future of Software Testing? - By Vui Nguy...
[DevDay2019] How AI is changing the future of Software Testing? - By Vui Nguy...[DevDay2019] How AI is changing the future of Software Testing? - By Vui Nguy...
[DevDay2019] How AI is changing the future of Software Testing? - By Vui Nguy...
DevDay.org
 
Fraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business AuthorityFraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business Authority
Neo4j
 
International Data Spaces: Data Sovereignty for Business Model Innovation
International Data Spaces: Data Sovereignty for Business Model InnovationInternational Data Spaces: Data Sovereignty for Business Model Innovation
International Data Spaces: Data Sovereignty for Business Model Innovation
Boris Otto
 
Data Warehousing by Example
Data Warehousing by ExampleData Warehousing by Example
Data Warehousing by Example
Ranjan Ganguli
 
Data Products and teams
Data Products and teamsData Products and teams
Data Products and teams
Dr. Jimmy Schwarzkopf
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Data Observability Best Pracices
Data Observability Best PracicesData Observability Best Pracices
Data Observability Best Pracices
Andy Petrella
 

Empfohlen

Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Kai Wähner
 
[DevDay2019] How AI is changing the future of Software Testing? - By Vui Nguy...
[DevDay2019] How AI is changing the future of Software Testing? - By Vui Nguy...[DevDay2019] How AI is changing the future of Software Testing? - By Vui Nguy...
[DevDay2019] How AI is changing the future of Software Testing? - By Vui Nguy...
DevDay.org
 
Fraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business AuthorityFraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business Authority
Neo4j
 
International Data Spaces: Data Sovereignty for Business Model Innovation
International Data Spaces: Data Sovereignty for Business Model InnovationInternational Data Spaces: Data Sovereignty for Business Model Innovation
International Data Spaces: Data Sovereignty for Business Model Innovation
Boris Otto
 
Data Warehousing by Example
Data Warehousing by ExampleData Warehousing by Example
Data Warehousing by Example
Ranjan Ganguli
 
Data Products and teams
Data Products and teamsData Products and teams
Data Products and teams
Dr. Jimmy Schwarzkopf
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Data Observability Best Pracices
Data Observability Best PracicesData Observability Best Pracices
Data Observability Best Pracices
Andy Petrella
 
Deloitte Automotive IT Strategy Teaser Slides
Deloitte Automotive IT Strategy Teaser SlidesDeloitte Automotive IT Strategy Teaser Slides
Deloitte Automotive IT Strategy Teaser Slides
Deloitte Deutschland
 
Valuing the data asset
Valuing the data assetValuing the data asset
Valuing the data asset
Bala Iyer
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Data Reconciliation
Data ReconciliationData Reconciliation
Data Reconciliation
Dhaval Dalal
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data Warehouse
Snowflake Computing
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
jpelletier123
 
PPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdfPPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdf
Vinod Kashyap
 
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
DATAVERSITY
 
Embedding Data & Analytics With Looker
Embedding Data & Analytics With LookerEmbedding Data & Analytics With Looker
Embedding Data & Analytics With Looker
Looker
 
GraphTour 2020 - Danish Business Authority: First line of Defence
GraphTour 2020 - Danish Business Authority: First line of DefenceGraphTour 2020 - Danish Business Authority: First line of Defence
GraphTour 2020 - Danish Business Authority: First line of Defence
Neo4j
 
Haystack 2019 - Query relaxation - a rewriting technique between search and r...
Haystack 2019 - Query relaxation - a rewriting technique between search and r...Haystack 2019 - Query relaxation - a rewriting technique between search and r...
Haystack 2019 - Query relaxation - a rewriting technique between search and r...
OpenSource Connections
 
Data Quality
Data QualityData Quality
Data Quality
Vijaya K
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service Intelligence
Georg Knon
 
Streaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache KafkaStreaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache Kafka
confluent
 
Monthly Business Review Powerpoint Presentation Slides
Monthly Business Review Powerpoint Presentation SlidesMonthly Business Review Powerpoint Presentation Slides
Monthly Business Review Powerpoint Presentation Slides
SlideTeam
 
Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)
James Serra
 
Training Series - Intro to Neo4j
Training Series - Intro to Neo4jTraining Series - Intro to Neo4j
Training Series - Intro to Neo4j
Neo4j
 
Curso 5 Eses
Curso 5 EsesCurso 5 Eses
Curso 5 Eses
Javier Monroy
 
Introduction to the graph technologies landscape
Introduction to the graph technologies landscapeIntroduction to the graph technologies landscape
Introduction to the graph technologies landscape
Linkurious
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
Neo4j
 

Weitere ähnliche Inhalte

Was ist angesagt?

Valuing the data asset
Valuing the data assetValuing the data asset
Valuing the data asset
Bala Iyer
 
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
DATAVERSITY
 
Haystack 2019 - Query relaxation - a rewriting technique between search and r...
Haystack 2019 - Query relaxation - a rewriting technique between search and r...Haystack 2019 - Query relaxation - a rewriting technique between search and r...
Haystack 2019 - Query relaxation - a rewriting technique between search and r...
OpenSource Connections
 

Was ist angesagt? (20)

Deloitte Automotive IT Strategy Teaser Slides
Deloitte Automotive IT Strategy Teaser SlidesDeloitte Automotive IT Strategy Teaser Slides
Deloitte Automotive IT Strategy Teaser Slides
 
Valuing the data asset
Valuing the data assetValuing the data asset
Valuing the data asset
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
 
Data Reconciliation
Data ReconciliationData Reconciliation
Data Reconciliation
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data Warehouse
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
PPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdfPPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdf
 
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
 
Embedding Data & Analytics With Looker
Embedding Data & Analytics With LookerEmbedding Data & Analytics With Looker
Embedding Data & Analytics With Looker
 
GraphTour 2020 - Danish Business Authority: First line of Defence
GraphTour 2020 - Danish Business Authority: First line of DefenceGraphTour 2020 - Danish Business Authority: First line of Defence
GraphTour 2020 - Danish Business Authority: First line of Defence
 
Haystack 2019 - Query relaxation - a rewriting technique between search and r...
Haystack 2019 - Query relaxation - a rewriting technique between search and r...Haystack 2019 - Query relaxation - a rewriting technique between search and r...
Haystack 2019 - Query relaxation - a rewriting technique between search and r...
 
Data Quality
Data QualityData Quality
Data Quality
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service Intelligence
 
Streaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache KafkaStreaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache Kafka
 
Monthly Business Review Powerpoint Presentation Slides
Monthly Business Review Powerpoint Presentation SlidesMonthly Business Review Powerpoint Presentation Slides
Monthly Business Review Powerpoint Presentation Slides
 
Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)
 
Training Series - Intro to Neo4j
Training Series - Intro to Neo4jTraining Series - Intro to Neo4j
Training Series - Intro to Neo4j
 
Curso 5 Eses
Curso 5 EsesCurso 5 Eses
Curso 5 Eses
 

Andere mochten auch

Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Brent Guglielmino
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]
Jamie Jackson
 
Qr codes + ipads
Qr codes + ipadsQr codes + ipads
Qr codes + ipads
techiesue
 
An overview of mobile html + java script frameworks
An overview of mobile html + java script frameworksAn overview of mobile html + java script frameworks
An overview of mobile html + java script frameworks
Sasha dos Santos
 
Content curation
Content curationContent curation
Content curation
techiesue
 
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
Avery Ching
 

Andere mochten auch (20)

Introduction to the graph technologies landscape
Introduction to the graph technologies landscapeIntroduction to the graph technologies landscape
Introduction to the graph technologies landscape
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
 
How to identify reshipping scams with Neo4j
How to identify reshipping scams with Neo4jHow to identify reshipping scams with Neo4j
How to identify reshipping scams with Neo4j
 
Using graph technologies to fight fraud
Using graph technologies to fight fraudUsing graph technologies to fight fraud
Using graph technologies to fight fraud
 
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
 
Cyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseCyber Criminals And Cyber Defense
Cyber Criminals And Cyber Defense
 
Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]
 
Qr codes + ipads
Qr codes + ipadsQr codes + ipads
Qr codes + ipads
 
An overview of mobile html + java script frameworks
An overview of mobile html + java script frameworksAn overview of mobile html + java script frameworks
An overview of mobile html + java script frameworks
 
Content curation
Content curationContent curation
Content curation
 
Serious Games + Computer Science = Serious CS
Serious Games + Computer Science = Serious CSSerious Games + Computer Science = Serious CS
Serious Games + Computer Science = Serious CS
 
Cell Phone Jammer , Intro
Cell Phone Jammer , IntroCell Phone Jammer , Intro
Cell Phone Jammer , Intro
 
How to apply graphs to network management
How to apply graphs to network managementHow to apply graphs to network management
How to apply graphs to network management
 
Dossier presentation bmr_associés
Dossier presentation bmr_associésDossier presentation bmr_associés
Dossier presentation bmr_associés
 
Introduction to OpenCV
Introduction to OpenCVIntroduction to OpenCV
Introduction to OpenCV
 
New opportunities for connected data : Neo4j the graph database
New opportunities for connected data : Neo4j the graph databaseNew opportunities for connected data : Neo4j the graph database
New opportunities for connected data : Neo4j the graph database
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
12th CBSE Computer Science Project
12th CBSE Computer Science Project 12th CBSE Computer Science Project
12th CBSE Computer Science Project
 
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
2014.02.13 (Strata) Graph Analysis with One Trillion Edges on Apache Giraph
 

Ähnlich wie Cyber security and attack analysis : how Cisco uses graph analytics

OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
AngelGomezRomero
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
PECB
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
ijtsrd
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Pixel Crayons
 
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data MiningCollusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
dbpublications
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
Tiffany Sandoval
 

Ähnlich wie Cyber security and attack analysis : how Cisco uses graph analytics (20)

OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Secureview 3
Secureview 3Secureview 3
Secureview 3
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 
IRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing Websites
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data MiningCollusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
Collusion Attack: A Kernel-Based Privacy Preserving Techniques in Data Mining
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 

Mehr von Linkurious

Graph-based Product Lifecycle Management
Graph-based Product Lifecycle ManagementGraph-based Product Lifecycle Management
Graph-based Product Lifecycle Management
Linkurious
 
Detecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and LinkuriousDetecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and Linkurious
Linkurious
 

Mehr von Linkurious (20)

Using graph technology for multi-INT investigations
Using graph technology for multi-INT investigationsUsing graph technology for multi-INT investigations
Using graph technology for multi-INT investigations
 
Webinar: What's new in Linkurious Enterprise 2.8
Webinar: What's new in Linkurious Enterprise 2.8Webinar: What's new in Linkurious Enterprise 2.8
Webinar: What's new in Linkurious Enterprise 2.8
 
Graph-based intelligence analysis
Graph-based intelligence analysis Graph-based intelligence analysis
Graph-based intelligence analysis
 
What's new in Linkurious Enterprise 2.7
What's new in Linkurious Enterprise 2.7What's new in Linkurious Enterprise 2.7
What's new in Linkurious Enterprise 2.7
 
How to visualize Cosmos DB graph data
How to visualize Cosmos DB graph dataHow to visualize Cosmos DB graph data
How to visualize Cosmos DB graph data
 
GraphTech Ecosystem - part 3: Graph Visualization
GraphTech Ecosystem - part 3: Graph VisualizationGraphTech Ecosystem - part 3: Graph Visualization
GraphTech Ecosystem - part 3: Graph Visualization
 
Getting started with Cosmos DB + Linkurious Enterprise
Getting started with Cosmos DB + Linkurious EnterpriseGetting started with Cosmos DB + Linkurious Enterprise
Getting started with Cosmos DB + Linkurious Enterprise
 
GraphTech Ecosystem - part 2: Graph Analytics
GraphTech Ecosystem - part 2: Graph Analytics GraphTech Ecosystem - part 2: Graph Analytics
GraphTech Ecosystem - part 2: Graph Analytics
 
GraphTech Ecosystem - part 1: Graph Databases
GraphTech Ecosystem - part 1: Graph DatabasesGraphTech Ecosystem - part 1: Graph Databases
GraphTech Ecosystem - part 1: Graph Databases
 
3 types of fraud graph analytics can help defeat
3 types of fraud graph analytics can help defeat3 types of fraud graph analytics can help defeat
3 types of fraud graph analytics can help defeat
 
Graph analytics in Linkurious Enterprise
Graph analytics in Linkurious EnterpriseGraph analytics in Linkurious Enterprise
Graph analytics in Linkurious Enterprise
 
Graph technology and data-journalism: the case of the Paradise Papers
Graph technology and data-journalism: the case of the Paradise PapersGraph technology and data-journalism: the case of the Paradise Papers
Graph technology and data-journalism: the case of the Paradise Papers
 
Visualize the Knowledge Graph and Unleash Your Data
Visualize the Knowledge Graph and Unleash Your DataVisualize the Knowledge Graph and Unleash Your Data
Visualize the Knowledge Graph and Unleash Your Data
 
Graph-based Product Lifecycle Management
Graph-based Product Lifecycle ManagementGraph-based Product Lifecycle Management
Graph-based Product Lifecycle Management
 
Fraudes Financières: Méthodes de Prévention et Détection
Fraudes Financières: Méthodes de Prévention et DétectionFraudes Financières: Méthodes de Prévention et Détection
Fraudes Financières: Méthodes de Prévention et Détection
 
Detecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and LinkuriousDetecting eCommerce Fraud with Neo4j and Linkurious
Detecting eCommerce Fraud with Neo4j and Linkurious
 
Graph-based Network & IT Management.
Graph-based Network & IT Management.Graph-based Network & IT Management.
Graph-based Network & IT Management.
 
Graph-powered data lineage in Finance
Graph-powered data lineage in FinanceGraph-powered data lineage in Finance
Graph-powered data lineage in Finance
 
Using Linkurious in your Enterprise Architecture projects
Using Linkurious in your Enterprise Architecture projectsUsing Linkurious in your Enterprise Architecture projects
Using Linkurious in your Enterprise Architecture projects
 
Linkurious SDK: Build enterprise-ready graph applications faster
Linkurious SDK: Build enterprise-ready graph applications fasterLinkurious SDK: Build enterprise-ready graph applications faster
Linkurious SDK: Build enterprise-ready graph applications faster
 

Kürzlich hochgeladen

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 

Kürzlich hochgeladen (20)

%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 

Cyber security and attack analysis : how Cisco uses graph analytics

  • 1. SAS founded in 2013 in Paris | http://linkurio.us | @linkurious Cyber security and attack analysis : how Cisco use graph analytics.
  • 2. Introduction. Software Engineer Engineer (La Belle Assiette) CS at Epitech and Beijing University CMO >5 years in consulting MSc Political sciences and Competitive Intelligence Jean Villedieu Sébastien Heymann Romain Yon Pierrick Paul CEO Gephi Founder Phd in Computer Science and Complex Systems CTO Engineer (Microsoft, Spotify) Machine Learning at Georgia Tech Linkurious is a French startup founded in 2013.
  • 3. Father Of Father Of Siblings What is a graph ? This is a graph.
  • 4. Father Of Father Of Siblings This is a node This is a relationship What is a graph ? / Nodes & relationshipsWhat is a graph : nodes and relationships. A graph is a set of nodes linked by relationships.
  • 5. Some of the domains in which our customers use graphs. People, objects, movies, restaurants, music… Suggest new contacts, help discover new music Antennas, servers, phones, people… Diminish network outages Supplier, roads, warehouses, products… Diminish transportation cost, optimize delivery Supply chains Social networks Communications Differents domains where graphs are important.
  • 6. Source : http://www.reuters.com/article/2014/06/09/us-cybersecurity-mcafee-csis-idUSKBN0EK0SV20140609 $445 billion The cost of cyber criminality. Cyber crime costs the global economy $445 billion per year.
  • 7. Some of the latest victims. No company is immuned from cyber criminality.
  • 8. A data problem. IP logs, network logs, communications logs, web server logs, etc.
  • 9. The IT systems generate new data constantly. The data is coming from different sources, is incomplete and evolves. Hard to use a structured data model. For big organizations, storing years of raw data means a total volume in high TBs or low PBs. The IT security data is complex. The challenges of working with complex data. Large Unstructured Dynamic
  • 10. How to make sense of complex data. Can IT security teams answer that challenge?
  • 11. Graphs are perfect to extract insights from complex data. Graphs help make sense of complex data.
  • 12. How to use graph analytics to fight back against a cyber attack? A concrete example. Inspired by a real use case demonstrated by Cisco.
  • 13. In April 2014, a zero-day vulnerability in IE is identified. A zero-day vulnerability. A newly discovered vulnerability in Internet Explorer allows an unauthenticated, remote attacker to execute arbitrary code.
  • 14. The vulnerability is known in the security community. A group of hackers decide to use it before a patch fixes the vulnerability. The identification information is captured by the hackers. They can use it to penetrate the company IT. The hackers send mails to a few people in one company. They are asked to login into a seemingly innocuous website. The vulnerability is known A phishing attack uses it A company is immediately targeted by a phishing attack. The 3 steps of the attack. Computers are compromised
  • 15. A not so innocent mail. The mail sent by the hackers.
  • 16. The hackers used the domain inform.bedircati.com + profile.sweeneyphotos.com, web.neonbilisim.com and web.usamultimeters.com. The domain names used in the attack. The domains names used in the attack are identified.
  • 17. Information about one domain. Information about these domains are publicly available.
  • 18. Modelling information as a graph. That data can be modeled as a graph.
  • 19. The graph model reveals the connections in the data. This helps streamline the identification of connections. Domain A is connected to Domain C through a Name Server or a MX Record, Domain B and Host B.
  • 20. Can we prevent more attacks? How to use the information.
  • 21. The traditional approach. The 7 sins of looking for connections with tabular tools.
  • 22. It helps human interpret the data and make smart decisions. Graph analytics? Graph visualization? It helps to analyse large datasets to find interesting data. Combining graph analysis and graph visualization. Combine automatic analysis and human interpretation.
  • 23. A query to get all the domains connected to the attackers. Step 1 : graph analysis. MATCH (baddomain:Domain_name)-[r*2]-(suspiciousdomains:Domain_name) WHERE baddomain.reputation = 'Very negative reputation' RETURN DISTINCT suspiciousdomains This query is written with Cypher the Neo4j query language. It returns us 25 results.
  • 24. Step 2 : graph visualization. First, we identify the attackers. The initial domain names identified as rogues. A public registrar. Good domains.
  • 25. Then we identify the domains they are connected to. Step 2 : graph visualization. In pink are previously unknown domains connected to the known attackers.
  • 26. Cyber security at Cisco. Cisco uses graphs to prevent cyber attacks. Cisco maintain a list of the compromised domains and IP addresses. Through its data collection program, Cisco has good information on 25 to 30 million Internet domains. Graph analytics enable Cisco to use data collected via its customers to maintain this list up to date. The information is the used to block known malicious domains and thwart cyber attacks. Behind the scenes. Cisco’s Global Security Intelligence Operations (SIO) group operates a 60-node, 1,000-core Hadoop cluster. Every day it receives about 20 TB of new raw log data. To store and anlyse the data, Cisco uses a few graph technologies like GraphLab (a machine learning solution specialized in graph data), Titan (an open-source graph database) and Faunus (an open-source graph analytics engine).
  • 27. You can do it too! Try Linkurious.
  • 28. Contact us to discuss your projects at contact@linkurio.us Conclusion
  • 29. GraphGIst : http://gist.neo4j.org/?40caddf1d7537bce962e Blog post on attack analysis : Sample dataset : https://www.dropbox.com/s/7vburpnl4yik8z1/Attack% 20Analysis.zip Original CIsco article : http://blogs.cisco.com/security/attack-analysis-with-a-fast- graph/ Additional resources.