network and it operations

Network & IT-operationsLEVERAGING CONNECTIONS IN DATA WITH GRAPH DATABASES

Webinar, September 15, 2016

Alessandro SvenssonSolutions @ Neo Technology

William LyonDeveloper Relations @ Neo Technology

AgendaAbout Neo4j and the Property Graph ModelHow Networks are Naturally GraphsNetwork Graphs (demo)Security Graphs (demo)Wrap up

The Property Graph Model

Databases have evolved in order to handle large networks of connected data

RELATIONAL DATABASES

The internet is a graph

Huge networks of connected

data

This is data modelled as graph!

A Graph Is

NODE

NODE

NODE

RELATIONSHIP

RELATIONSHIP

RELATIONSHIP

WITH

PERSON

CHECKING ACCOUNT

BANK

A Graph IsH

AS

HA

S

HAS

HOTEL

ROOM

BOOKING

A Graph Is

KNOWS

KN

OW

S

KNOWS

WO

RK

S_AT

WORKS_AT

WORKS_AT

COMPANY

STANFORD

STU

DIE

D_A

T

KNOWS

NEO

COLUMBIA

STU

DIE

D_A

T

STUDIED_AT

STUDIED_AT

NAME:ANNE

SINCE:2012

A Graph Is

Company

Stanford

Carl

Tom

Columbia

Bob

NeoAnne

WE

NT_

TO

KNOWS

WO

RK

S_A

T

WORKS_AT

KN

OW

S

KNOWS

KNOWS

WE

NT_

TO

WORKS_AT

A Graph Is

A Graph Is

Network GraphsSecurity Graphs

Network Graphs

Networks are Naturally Graphs!What does that mean?

MeshRouterGatew

ay

Router

Router

Router

MeshRouter

Router

Router

MeshRouterGatew

ay

AccessPoint

CPU

CPU CPU

CPU

Mobile

Mobile Mobile

Mobile

Base Station

CPU

CPU

CPU

CPU

Access Point

The Network Operations Center (NOC)

Monitor health of an entire networkVisualize and understand how different components correlateTroubleshoot issuesPerform impact analysisModel outage scenarios

RequirementsFragmented monitoring toolsInability to correlate problems in different network domainsStale or unreliable data in traditional correlation systems Inefficiencies and high support costs

Key Challenges

Main purpose of a NOC:Manage, Control, and Monitor for Reliability and

Performance

Different Types of Workloads

• Real time event correlation/enrichment/root cause

• Real time network analysis & SPOF-detection

Operational Analytical• “What if”—analysis for change

management• Node centrality, usage analysis,

traffic engineering validation• Monitoring strategic transitions

(i.e. ATM->IP, 3G->LTE, NOC->SOC)

Cross Domain Network & Services Topology

“A single coherent, real-time view of customers, services and the network they

depend upon”🏦

��

Optical & Switching layer

Customer Service view

IP-Routing layer

<< Enriched event << PRIORITY 1, PLATINUM CUSTOMER IMPACT,

LOC, interface AX2431

Example Architecture: Cross Domain Event Correlation/Enrichment

>> Raw event >> LOC, interface AX2431

🏦 :DEPENDS_ON

:DEPENDS_ON

:DEPENDS_ON

IF/AX2431

>> Raw event >> LOC, interface AX2431

<< Enriched event << PRIORITY 1, PLATINUM CUSTOMER IMPACT,

LOC, interface AX2431

Router 1 Router 2

Switch B

SDH Node

IFace B1

IFace B4

IFace S7

IFace 15

IFace 22

SDH NodeAX2431

Switch A

IFace A1

IFace A4 Switch CIFace C1

IFace C4 IFace 27

Customer


Fault Mgmnt SystemIBM Netcool, HP TeMIP…

Event CollectorNoSQL store…

(1) Raw events

(2A) Correlated/enriched/prioritized events

(2B) Correlated/enriched/

prioritized events

Cross Domain TopologyServer (Cluster)

Network Inventory

Vendor EMS

Vendor NMS CRM Device Config,

Spreadsheets…

Continuousdata collection

Event StoreNoSQL store…


Send it back here Log / key value store

Change Schedule Conflict Notification

Change Manager

Custom UI

Change Planner

Change Manager

Cross Domain TopologyServer (Cluster)

Network Inventory

Vendor EMS

Vendor NMS CRM Device Config,

Spreadsheets…

Continuousdata collection

Example Architecture: Change & Impact Analysis

Why You Should Use Neo4j and Graph Technology in NetworksNative Graph Storage• Fast writes for real time topology• Lightning speed traversals for real-time impact computation

Schema-less Model: Flexibility / Agility• Ease of ingestion / integration of data from multiple sources• Easy to accommodate changes in a very dynamic environment

Standard surfaces / API for integration with other solutions and middleware• Declarative query language (Cypher)• Extendable platform. Server side logic. (Stored Procedures,

UEx)

Demo

“The use of a graph model to show dependencies in an IT network consisting of servers, virtual machines, database servers and application servers.”

Network Graphs

Network GraphsSecurity Graphs

Security Graphs

The Complex Nature of Network Security Data

Siloed and unstructured

Data coming from different sources, often

evolving and incomplete

Dynamic

Constant flow of newly generated data

Large

Accumulated storage of raw data means huge

data volumes

Visualize the entire cyber postureIdentify vulnerabilities Prevent attacksDetect attacksInvestigate and reduce zero-day losses

RequirementsFragmented security tools including firewalls, intrusion detection, vulnerability assessment, SIEM systemsInability to visualize cyber postureDifficult to predict intrusion impact Harder to model scenarios

Key Challenges

Main purpose of a Security Operating Center:

Protect, Detect and Investigate for Security and Loss Prevention

Common Security Tools

Security Intelligence

Intrusion Detection System

Security Information and Event Management (SIEM)

Firewall Manager

Vulnerability Scanner

Too Much Information, Too Little Context

Network Infrastructure

• Segmentation• Topology• Sensors

Cyber Threats

• Campaigns• Actors• Incidents• Indicators• TTPs

Cyber Posture

• Configurations• Vulnerabilities• Policy Rules

Mission Dependencies

• Objectives • Activities• Tasks• Information

Network Topology

Firewall Rules

Host Vulnerabilities

XMLCSV

Graphical

Cisco ASACisco IOS

Juniper JUNOSJuniper ScreenOS

FortinetMcAfee

NessusRetinanCirlce

Core ImpactFoundscan

QualmsSAINTnmap

Attack Graph Analysis

Source: https://neo4j.com/blog/big-data-architecture-cyber-attack-graphs/

Network Topology

Firewall Rules

Host Vulnerabilities

XMLCSV

Graphical

Cisco ASACisco IOS

Juniper JUNOSJuniper ScreenOS

FortinetMcAfee

NessusRetinanCirlce

Core ImpactFoundscan

QualmsSAINTnmap

Source: https://neo4j.com/blog/big-data-architecture-cyber-attack-graphs/

Attack Graph Analysis

“The little links between incidents, which on the surface look like random

meaningless threats, are often what causes the largest problems”

— Steve Ragan, CSO Online

Graphs in Telecommunications

Security Operations Centers (SOC)

Neo4j is used to ensure network security and provides organizations to have a complete visibility of their networks, security rules, firewalls and all the vulnerable points in the network.

Neo4j provides real-time query capability, which is required when providing security over huge and highly interconnected networks.

Neo4j is used by telecommunication and cyber security firms for understanding a networks cyber posture, identify vulnerabilities and trace network intrusion.

How Neo4j is used in Network Security

Demo

“Using a public dataset of network traffic commonly used for identifying malicious network requests we will see how to model and import data using Cypher.”

Security Graphs

Who’s using Neo4j?

Government Commercial clients

Who’s Using Neo4j?Institutions

Local Governments

Law Enforcement

Military & Intelligence

Neo4j Adoption by Selected VerticalsSOFTWARE FINANCIAL

SERVICES RETAIL MEDIA & OTHER

SOCIALNETWORKS TELECOM HEALTHC

ARE

Towards Graph Inevitability

“Graph analysis is possibly the single most effective competitive differentiator for

organizations pursuing data-driven operations and decisions after the design of data capture.

“By the end of 2018, 70% of leading organizations will have one or more pilot or proof-of-concept efforts underway utilizing

graph databases.”


“Forrester estimates that over 25% of enterprises will be using graph databases

by 2017.”


Valuable Resources!

neo4j.com/developer neo4j.com/solutions neo4j.com/product

Developers Solutions Product

http://neo4j.com/developer

http://neo4j.com/solutions

http://neo4j.com/product

Thank you!