Network & IT- operations LEVERAGING CONNECTIONS IN DATA WITH GRAPH DATABASES Webinar, September 15, 2016
Network & IT-operationsLEVERAGING CONNECTIONS IN DATA WITH GRAPH DATABASES
Webinar, September 15, 2016
Alessandro SvenssonSolutions @ Neo Technology
William LyonDeveloper Relations @ Neo Technology
AgendaAbout Neo4j and the Property Graph ModelHow Networks are Naturally GraphsNetwork Graphs (demo)Security Graphs (demo)Wrap up
The Property Graph Model
Databases have evolved in order to handle large networks of connected data
Databases have evolved in order to handle large networks of connected data
RELATIONAL DATABASES
The internet is a graph
Huge networks of connected
data
This is data modelled as graph!
A Graph Is
NODE
NODE
NODE
RELATIONSHIP
RELATIONSHIP
RELATIONSHIP
WITH
PERSON
CHECKING ACCOUNT
BANK
A Graph IsH
AS
HA
S
HAS
HOTEL
ROOM
BOOKING
A Graph Is
KNOWS
KN
OW
S
KNOWS
WO
RK
S_AT
WORKS_AT
WORKS_AT
COMPANY
STANFORD
STU
DIE
D_A
T
KNOWS
NEO
COLUMBIA
STU
DIE
D_A
T
STUDIED_AT
STUDIED_AT
NAME:ANNE
SINCE:2012
A Graph Is
Company
Stanford
Carl
Tom
Columbia
Bob
NeoAnne
WE
NT_
TO
KNOWS
WO
RK
S_A
T
WORKS_AT
KN
OW
S
KNOWS
KNOWS
WE
NT_
TO
WORKS_AT
A Graph Is
A Graph Is
Network GraphsSecurity Graphs
Network Graphs
Networks are Naturally Graphs!What does that mean?
MeshRouterGatew
ay
Router
Router
Router
MeshRouter
Router
Router
MeshRouterGatew
ay
AccessPoint
CPU
CPU CPU
CPU
Mobile
Mobile Mobile
Mobile
Base Station
CPU
CPU
CPU
CPU
Access Point
The Network Operations Center (NOC)
Monitor health of an entire networkVisualize and understand how different components correlateTroubleshoot issuesPerform impact analysisModel outage scenarios
RequirementsFragmented monitoring toolsInability to correlate problems in different network domainsStale or unreliable data in traditional correlation systems Inefficiencies and high support costs
Key Challenges
Main purpose of a NOC:Manage, Control, and Monitor for Reliability and
Performance
Different Types of Workloads
• Real time event correlation/enrichment/root cause
• Real time network analysis & SPOF-detection
Operational Analytical• “What if”—analysis for change
management• Node centrality, usage analysis,
traffic engineering validation• Monitoring strategic transitions
(i.e. ATM->IP, 3G->LTE, NOC->SOC)
Cross Domain Network & Services Topology
“A single coherent, real-time view of customers, services and the network they
depend upon”🏦
��
Optical & Switching layer
Customer Service view
IP-Routing layer
<< Enriched event << PRIORITY 1, PLATINUM CUSTOMER IMPACT,
LOC, interface AX2431
Example Architecture: Cross Domain Event Correlation/Enrichment
>> Raw event >> LOC, interface AX2431
🏦 :DEPENDS_ON
:DEPENDS_ON
:DEPENDS_ON
IF/AX2431
>> Raw event >> LOC, interface AX2431
<< Enriched event << PRIORITY 1, PLATINUM CUSTOMER IMPACT,
LOC, interface AX2431
Router 1 Router 2
Switch B
SDH Node
IFace B1
IFace B4
IFace S7
IFace 15
IFace 22
SDH NodeAX2431
Switch A
IFace A1
IFace A4 Switch CIFace C1
IFace C4 IFace 27
Customer
Example Architecture: Cross Domain Event Correlation/Enrichment
Fault Mgmnt SystemIBM Netcool, HP TeMIP…
Event CollectorNoSQL store…
(1) Raw events
(2A) Correlated/enriched/prioritized events
(2B) Correlated/enriched/
prioritized events
Cross Domain TopologyServer (Cluster)
Network Inventory
Vendor EMS
Vendor NMS CRM Device Config,
Spreadsheets…
Continuousdata collection
Event StoreNoSQL store…
Example Architecture: Cross Domain Event Correlation/Enrichment
Send it back here Log / key value store
Change Schedule Conflict Notification
Change Manager
Custom UI
Change Planner
Change Manager
Cross Domain TopologyServer (Cluster)
Network Inventory
Vendor EMS
Vendor NMS CRM Device Config,
Spreadsheets…
Continuousdata collection
Example Architecture: Change & Impact Analysis
Why You Should Use Neo4j and Graph Technology in NetworksNative Graph Storage• Fast writes for real time topology• Lightning speed traversals for real-time impact computation
Schema-less Model: Flexibility / Agility• Ease of ingestion / integration of data from multiple sources• Easy to accommodate changes in a very dynamic environment
Standard surfaces / API for integration with other solutions and middleware• Declarative query language (Cypher)• Extendable platform. Server side logic. (Stored Procedures,
UEx)
Demo
“The use of a graph model to show dependencies in an IT network consisting of servers, virtual machines, database servers and application servers.”
Network Graphs
Network GraphsSecurity Graphs
Security Graphs
The Complex Nature of Network Security Data
Siloed and unstructured
Data coming from different sources, often
evolving and incomplete
Dynamic
Constant flow of newly generated data
Large
Accumulated storage of raw data means huge
data volumes
Visualize the entire cyber postureIdentify vulnerabilities Prevent attacksDetect attacksInvestigate and reduce zero-day losses
RequirementsFragmented security tools including firewalls, intrusion detection, vulnerability assessment, SIEM systemsInability to visualize cyber postureDifficult to predict intrusion impact Harder to model scenarios
Key Challenges
Main purpose of a Security Operating Center:
Protect, Detect and Investigate for Security and Loss Prevention
Common Security Tools
Security Intelligence
Intrusion Detection System
Security Information and Event Management (SIEM)
Firewall Manager
Vulnerability Scanner
Too Much Information, Too Little Context
Network Infrastructure
• Segmentation• Topology• Sensors
Cyber Threats
• Campaigns• Actors• Incidents• Indicators• TTPs
Cyber Posture
• Configurations• Vulnerabilities• Policy Rules
Mission Dependencies
• Objectives • Activities• Tasks• Information
Network Topology
Firewall Rules
Host Vulnerabilities
XMLCSV
Graphical
Cisco ASACisco IOS
Juniper JUNOSJuniper ScreenOS
FortinetMcAfee
NessusRetinanCirlce
Core ImpactFoundscan
QualmsSAINTnmap
Attack Graph Analysis
Source: https://neo4j.com/blog/big-data-architecture-cyber-attack-graphs/
Network Topology
Firewall Rules
Host Vulnerabilities
XMLCSV
Graphical
Cisco ASACisco IOS
Juniper JUNOSJuniper ScreenOS
FortinetMcAfee
NessusRetinanCirlce
Core ImpactFoundscan
QualmsSAINTnmap
Source: https://neo4j.com/blog/big-data-architecture-cyber-attack-graphs/
Attack Graph Analysis
Network Topology
Firewall Rules
Host Vulnerabilities
XMLCSV
Graphical
Cisco ASACisco IOS
Juniper JUNOSJuniper ScreenOS
FortinetMcAfee
NessusRetinanCirlce
Core ImpactFoundscan
QualmsSAINTnmap
Source: https://neo4j.com/blog/big-data-architecture-cyber-attack-graphs/
Attack Graph Analysis
“The little links between incidents, which on the surface look like random
meaningless threats, are often what causes the largest problems”
— Steve Ragan, CSO Online
Graphs in Telecommunications
Security Operations Centers (SOC)
Neo4j is used to ensure network security and provides organizations to have a complete visibility of their networks, security rules, firewalls and all the vulnerable points in the network.
Neo4j provides real-time query capability, which is required when providing security over huge and highly interconnected networks.
Neo4j is used by telecommunication and cyber security firms for understanding a networks cyber posture, identify vulnerabilities and trace network intrusion.
How Neo4j is used in Network Security
Demo
“Using a public dataset of network traffic commonly used for identifying malicious network requests we will see how to model and import data using Cypher.”
Security Graphs
Who’s using Neo4j?
Government Commercial clients
Who’s Using Neo4j?Institutions
Local Governments
Law Enforcement
Military & Intelligence
Neo4j Adoption by Selected VerticalsSOFTWARE FINANCIAL
SERVICES RETAIL MEDIA & OTHER
SOCIALNETWORKS TELECOM HEALTHC
ARE
Towards Graph Inevitability
“Graph analysis is possibly the single most effective competitive differentiator for
organizations pursuing data-driven operations and decisions after the design of data capture.
“By the end of 2018, 70% of leading organizations will have one or more pilot or proof-of-concept efforts underway utilizing
graph databases.”
Towards Graph Inevitability
“Forrester estimates that over 25% of enterprises will be using graph databases
by 2017.”
Towards Graph Inevitability
Valuable Resources!
neo4j.com/developer neo4j.com/solutions neo4j.com/product
Developers Solutions Product
Thank you!