Visibility, continuous monitoring, and access privileges are all common methods of securing today’s cloud environments. We’ve established frameworks like cloud security posture management (CSPM), cloud workload protection platforms (CWPP), configuration management databases (CMDB), and more. However, modern cloud environments are far too complex and intertwined for these frameworks to stand on their own.
To understand the complex relationships that exist between your cyber assets, you need one tool that can wholly pick up on all the nuances that the aforementioned tools cannot. Traditional check-the-box scans only cater to one piece of the puzzle and are blind to the relationships that hide risk. This isolated visibility combined with traditional methods of managing asset inventory like lists and spreadsheets make it difficult to understand the complex web that is your cyber asset environment. Graph databases, however, centralize and tie your attack surface together by mapping your entire network topology into a single visualization.
What is a graph database?
Graph databases were built to natively store and illustrate relationships between any number of nodes – in our case, cyber assets – by replacing the traditional approach of static rows and columns with the edges and nodes of a dynamic, visual, and continuously-updated graph. Not only are you able to view the nodes themselves, you can also label them, define them with properties, and attach metadata for a more detailed inventory. Relationship data can also illustrate the direction of the relationship, scale as numbers of nodes grow without sacrificing performance, and allow you to navigate within the environment regardless of direction.
By eliminating the restrictions and rigidity that come with pre-defined rulesets and static information, graph databases become flexible enough to mirror the complexities of the real world – and the dynamic nature of your cyber asset universe. Understanding the relationships between your cyber assets, which encompass anything software-defined, quickly allow you to understand the attack paths that exist in your environment.
Graph databases vs. relational databases
Traditional data models use relational databases, built like spreadsheets with rows and columns, which can be populated into a graph view. Unfortunately, squashing this data into a completely different format can cause information to get lost in translation and create pockets of inaccuracy and inconsistency.
Imagine you are shopping for clothes at a department store, but they can only take one measurement. Their data model may indicate that a 5’10” male would also wear 32/32 pants and a medium shirt. While they may be right in a few cases, the majority of people aren’t proportioned so uniformly!
If the department store leveraged a dynamic graph database to store their sizing data, they could create far more accurate measurements that actually fit each individual consistently. The flexibility and breadth of those data points matter. Plus, as their graph database receives more information, it can automatically adjust accordingly.
Why cyber asset relationships matter
Nearly 7 in 10 organizations admit they have experienced at least one cyber attack that started
through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. In fact, one prominent financial services company experienced a breach because of this exact reason.
Attackers entered the organization’s attack surface via the internet by way of a security group that allowed ingress. The security group allowed access to a cloud instance that was attached to a specific IAM policy, role, and permissions, which eventually granted access to their private S3 bucket. This attack path resulted in a breach of sensitive personally identifiable information (PII) of over 100 million customers.
From a CSPM perspective, this organization had the appropriate safeguards in place – the non-public setting was on, no public ACLs allowed access, and public buckets were blocked at the account level. Unfortunately, CSPM solutions only check at the configuration level and cannot see attack paths that form as a result of the relationships between your cyber assets.
Graph databases simplify problem solving
Working with a graph database empowers security teams with comprehensive information that makes finding solutions more efficient and more attainable. With this information, you can:
- Visualize and navigate through your cyber asset environment and the relationships that exist between assets
- Narrow down hundreds of thousands of alerts into manageable chunks based on priority and severity
- Forecast application usage and costs
- Understand your digital supply chain
A statistic alone does not carry much merit; but, a statistic with context could mean everything. In the same way, isolated information about your cyber assets cannot tell you the whole story. Whether you are analyzing information at the asset level or monitoring your environment at a higher level, graph databases encourage the agility and vigilance of your security team’s actions by making security information accessible and understandable.
See how JupiterOne’s graph database can enrich your security workflows with comprehensive, real-time security data.