CyGraph: Cybersecurity Situational Awareness
CyGraph: Cybersecurity Situational Awareness

Steven Noel, CyGraph: Cybersecurity Situational Awareness That’s More Scalable, Flexible & Comprehensive, Cybersecurity Researcher, MITRE, October 15, 2015.

“The Neo4j native graph pattern-matching language supports a library of domain-specific queries as well as flexible ad hoc queries. CyGraph then provides a variety of clients for specialized analytic and visual capabilities, including graph dynamics, layering, grouping/filtering and hierarchical views.”

Leveraging On-Hand Sources to Build a Common Operating Picture for Situational Awareness

“In cybersecurity, each element of a network environment has the potential to impact many other things. Security scanning and monitoring tools give specific readings based on their own specialized focus.”

“But since everything potentially impacts everything else, CyGraph combines these disparate data points into a unified knowledge base for global situational awareness. ”

“A key CyGraph design feature is to leverage existing tools and data sources for populating this knowledge base (e.g., topology maps, vulnerability scans, firewall configurations, sensor logs, packet captures and mission dependencies).

“For example, CyGraph leverages the government off-the-shelf Topological Vulnerability Analysis tool for mapping vulnerability paths from network topology, vulnerability scans and firewall rules. It also leverages MITRE’s Cyber Command System and Crown Jewels Analysis for building mission dependencies. “


Full text online here.