Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI. learn more
Multi-domain attacks are on the verge of becoming a digital epidemic, as nation states and well-funded cybercrime attack groups seek to exploit large gaps in the defenses of digital assets. Enterprises must address growing and often unknown gaps between corporate assets, apps, systems, data, identities, and endpoints.
The rapidly increasing pace of attacks is driving a graph database arms race among major cybersecurity providers. microsoftSecurity Breach Management Platform (MSEM) ignite in 2024 This reflects how quickly the arms race is maturing and why containing it requires more advanced platforms.
In addition to Microsoft’s MSEM, key players in the graph database arms race to counter multidomain threats include: cloud strike And that threat graph, Cisco SecureX, SentinelOne’s Purple AI, Palo Alto Networks Cortex XDR and Trend Micro Vision OneAlongside providers like Neo4j, tiger graph and amazon neptune A company that provides basic graph database technology.
“Three years ago, there were 567 password-related attacks per second. Today, that number has skyrocketed to 7,000 per second. “This represents a significant increase in sophistication and underscores the urgency of a proactive, integrated security strategy,” said Microsoft’s Corporate Vice President of Security, Compliance, Identity, Management, and Privacy. Vasu Thakkar told VentureBeat. Recent interviews.
Microsoft commits to security vision at Ignite 2024
As organizations everywhere experience multi-domain intrusion attempts and struggle with undiscovered breaches, Microsoft is doubling down on security and pivoting its strategy to MSEM’s graph-based defenses. “The sophistication, scale, and speed of modern attacks requires a generational shift in security,” Sakkal told VentureBeat. We provide defenders with the tools to:
Cristian Rodriguez, CrowdStrike’s Americas CTO, reiterated the importance of graph technology in a recent interview with VentureBeat. “Graph databases allow us to map adversary behavior across domains and identify subtle connections and patterns that attackers exploit. Visualizing these relationships allows defenders to develop complex cross-domain attacks. It gives you the contextual insight you need to anticipate and thwart strategies,” said Rodriguez.
Key announcements for Ignite 2024 include:
- Microsoft Security Exposure Management Platform (MSEM). At the core of Microsoft’s strategy, MSEM leverages graph technology to dynamically map relationships across digital assets, including devices, identities, and data. MSEM support for graph databases allows security teams to identify high-risk attack paths and prioritize proactive remediation efforts.
- Zero day quest. Microsoft is offering $4 million in bounties to discover vulnerabilities in its AI and cloud platforms. The initiative aims to bring together researchers, engineers, and AI red teams to proactively address critical risks.
- Windows Resilience Initiative. Focused on Zero Trust principles, this effort aims to improve system reliability and resiliency by protecting credentials, implementing Zero Trust DNS protocols, and hardening Windows 11 against emerging threats.
- Security co-pilot enhancements. Microsoft claims that Security Copilot’s generative AI capabilities enhance SOC operations by automating threat detection, streamlining incident triage, and reducing average time to resolution by 30%. These updates integrate with Entra, Intune, Purview, and Defender to provide actionable insights and help security teams more efficiently and accurately address threats.
- Updates to Microsoft Purview. Purview’s advanced data security posture management (DSPM) tools tackle the AI risks generated by discovering, protecting, and managing sensitive data in real-time. Features include detecting prompt injections, mitigating data misuse, preventing oversharing in AI apps, and more. The tool also strengthens compliance with AI governance standards and aligns enterprise security with evolving regulations.
Why now? The role of graph databases in cybersecurity
John Lambert, corporate vice president of security research at Microsoft, emphasized the critical importance of graph-based thinking in cybersecurity, explaining to VentureBeat: As long as this is true, the attacker wins. ”
He added that Microsoft’s approach to exposure management includes creating a comprehensive graph of digital assets and overlaying vulnerabilities, threat intelligence and attack vectors. “It’s about giving defenders a complete map of their environment so they can prioritize the most significant risks while understanding the potential explosive radius of a breach,” Lambert added.
Graph databases are gaining momentum as an architectural strategy for cybersecurity platforms. They excel at visualizing and analyzing interconnected data, which is critical to identifying attack vectors in real time.
The main advantages of graph databases are:
- Relationship context: Map relationships between assets and vulnerabilities.
- Fast queries: Traverse billions of nodes in milliseconds.
- Threat detection: Identify high-risk attack vectors and reduce false positives.
- Knowledge discovery: Gain insight into interconnected risks using graph AI.
- Behavior analysis: Graphs detect subtle attack patterns across domains.
- Scalability: Seamlessly integrate new data points into existing threat models.
- Multidimensional analysis:
Gartner’s heat map highlights how graph databases excel in cybersecurity use cases such as anomaly detection, monitoring, and decision-making, positioning them as essential tools in modern defense strategies.
“Emerging Technologies: Optimizing Threat Detection with Knowledge Graph Databases,” May 2024. Source: Gartner
What’s unique about Microsoft’s MSEM platform?
Microsoft Security Exposure Management Platform (MSEM) differentiates itself from other graph database-driven cybersecurity platforms through real-time visibility and risk management that helps security operations center teams identify risks, threats, incidents, and breaches. We’ll help you stay on top of things.
“MSEM bridges the gap between detection and action, allowing defenders to effectively predict and mitigate threats,” Sakkal told VentureBeat. The platform embodies Microsoft’s vision of a unified, graph-driven security approach, giving organizations the tools to accurately and quickly address the latest threats.
Built on graph-driven insights, MSEM integrates three core capabilities needed to combat multi-domain attacks and fragmented security data. They include:
- Attack surface management. MSEM is designed to provide a dynamic view of an organization’s digital assets and enable identification of assets, interdependencies, and vulnerabilities. Features like automatic discovery of IoT/OT devices and unsecured endpoints ensure visibility while prioritizing high-risk areas. The Device Inventory Dashboard categorizes assets by severity, helping security teams zero in on the most pressing threats.
Source: Microsoft
- Attack path analysis. MSEM uses a graph database to map attack paths from the attacker’s perspective and identify important routes that can be exploited. Powered by AI-driven graph modeling to identify high-risk pathways across hybrid environments such as on-premises, cloud, and IoT systems.
- Integrated exposure insights. Microsoft also designed MSEM to transform technical data into actionable intelligence for both security professionals and business leaders. It supports ransomware protection, SaaS security, and IoT risk management, ensuring targeted and insightful data for security analysts.
Microsoft also announced the following MSEM enhancements at Ignite 2024:
- Third party integration: MSEM extends visibility by connecting with Rapid7, Tenable, and Qualys, making it a powerful tool for hybrid environments.
- Graph modeling powered by AI: Detect hidden vulnerabilities and perform advanced threat path analysis for proactive risk mitigation.
- Historical trends and indicators: This tool tracks exposure changes over time and helps teams confidently adapt to evolving threats.
The growing role of graph databases in cybersecurity
Graph databases have proven invaluable in tracking and thwarting multi-domain attacks. It excels at visualizing and analyzing interconnected data in real-time, enabling faster and more accurate threat detection, attack path analysis, and risk prioritization. It’s no surprise that graph database technology dominates the roadmaps of major cybersecurity platform providers.
Cisco’s SecureX Threat Response is one example. The Cisco platform extends the utility of graph databases to network-centric environments, connecting data across endpoints, IoT devices, and hybrid networks. Key strengths include unified incident response and network-centric visibility integrated across Cisco’s suite of apps and tools. ” from human-sized enemies. You have to do it at machine scale,” Jeetu Patel, Cisco executive vice president and CPO, told VentureBeat in an interview earlier this year.
CrowdStrike’s Threat Graph was featured at our 2022 annual customer event Fal.Con and is often cited as an example of the power of graph databases in endpoint security. Processing over 2.5 trillion events every day, Threat Graph excels at detecting weak signals and mapping adversary behavior. “Our graphing capabilities ensure accuracy by focusing on endpoint telemetry, providing defenders with actionable insights faster than ever before,” Rodriguez emphasized to VentureBeat. I did. CrowdStrike’s key differentiators include endpoint accuracy in tracking lateral movement and identifying anomalous behavior. Threat Graph also supports behavioral analysis used by AI to uncover adversary techniques across workloads.
Palo Alto Networks (Cortex XDR), SentinelOne (Singularity), and Trend Micro are among the notable players leveraging graph databases to power threat detection and real-time anomaly analysis capabilities. Gartner predicted in a recent research note Emerging technology: Optimize threat detection using knowledge graph databases Its widespread adoption is likely to continue as it supports AI-driven insights and reduces noise in security operations.
Graph databases transform enterprise defense
Microsoft’s Lambert summed up the industry’s trajectory by saying: Graph databases are changing the way defenders think about interconnected risks,” highlighting their pivotal role in modern cybersecurity strategies.
Multi-domain attacks target weaknesses between and within complex digital assets. Finding gaps in identity management is an area where nation-state actors focus on mining data to gain access to a company’s core enterprise systems. Microsoft joins Cisco, CrowdStrike, Palo Alto Networks, SentinelOne, and Trend Micro in enabling and continuously improving graph database technology to identify and respond to threats before a breach occurs.