Neo4j > Case Studies > Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph

Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph

Neo4j Logo
 Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph - IoT ONE Case Study
Technology Category
  • Application Infrastructure & Middleware - Data Visualization
  • Infrastructure as a Service (IaaS) - Cloud Databases
Applicable Industries
  • Equipment & Machinery
  • National Security & Defense
Applicable Functions
  • Product Research & Development
Use Cases
  • Cybersecurity
  • Intrusion Detection Systems
  • Cybersecurity Services
  • System Integration
The Customer

MITRE Corporation

About The Customer
The MITRE Corporation is a not-for-profit organization that operates federally funded research and development centers in the United States. Founded in 1958, MITRE works on projects in diverse fields such as national defense, energy, aviation, healthcare, and cybersecurity. The organization manages seven national research and development laboratories, including the Center for National Security, to address issues of cybersecurity. With over 8,000 employees, MITRE operates both public-private partnerships and an independent research program. The organization's work is primarily focused on providing support to government agencies.
The Challenge
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
The Solution
To overcome these challenges, the MITRE team developed CyGraph, a tool that consolidates cybersecurity information into knowledge, using the Neo4j graph database. CyGraph brings together isolated data and events into an ongoing big picture for decision support and situational awareness. The model schema in CyGraph is free to evolve with the available data sources and desired analytics, rather than being fixed at design time. This dynamically evolving tool provides context for reacting appropriately to attacks and protecting mission-critical network assets. It also incorporates mission dependencies, showing how objectives, tasks, and information all depend on other cyber assets. CyGraph prioritizes exposed vulnerabilities in mission-critical assets, correlates intrusion alerts to known vulnerability paths, suggests courses of action, and shows vulnerable paths that warrant deeper inspection for post-attack forensics.
Operational Impact
  • With the implementation of CyGraph, MITRE now provides services with specialized analytic and visual capabilities that are more scalable, flexible, and comprehensive. CyGraph's comprehensive knowledge base tells a much more complete story than that of basic attack graphs or mission dependency models. It includes potential attack-pattern relationships that fill in gaps between known vulnerabilities and threat indicators. A key design feature of CyGraph is its ability to leverage existing tools and data sources to populate its knowledge base. It uses various security standards and tools such as Topological Vulnerability Analysis, MITRE’s Cyber Command System, and Crown Jewels Analysis. CyGraph also has the ability to visualize unpredictable patterns, allowing users to obtain analytic results and comprehend the semantics of their environment. It is used by multiple government agencies to help them achieve their mission, with use cases including detecting malicious network activity, modeling and simulation of cyberattacks, tracking Bitcoin transactions, and navigating through CAPEC.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.

Thank you for your message!
We will contact you soon.