Download - Network and IT Operations
![Page 1: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/1.jpg)
Network & IT-operationsLEVERAGING CONNECTIONS IN DATA WITH GRAPH DATABASES
Webinar, September 15, 2016
![Page 2: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/2.jpg)
Alessandro SvenssonSolutions @ Neo Technology
William LyonDeveloper Relations @ Neo Technology
![Page 3: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/3.jpg)
AgendaAbout Neo4j and the Property Graph ModelHow Networks are Naturally GraphsNetwork Graphs (demo)Security Graphs (demo)Wrap up
![Page 4: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/4.jpg)
The Property Graph Model
![Page 5: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/5.jpg)
Databases have evolved in order to handle large networks of connected data
![Page 6: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/6.jpg)
Databases have evolved in order to handle large networks of connected data
![Page 7: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/7.jpg)
RELATIONAL DATABASES
![Page 8: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/8.jpg)
The internet is a graph
Huge networks of connected
data
![Page 9: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/9.jpg)
![Page 10: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/10.jpg)
This is data modelled as graph!
![Page 11: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/11.jpg)
A Graph Is
NODE
NODE
NODE
RELATIONSHIP
RELATIONSHIP
RELATIONSHIP
![Page 12: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/12.jpg)
WITH
PERSON
CHECKING ACCOUNT
BANK
A Graph IsH
AS
![Page 13: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/13.jpg)
HA
S
HAS
HOTEL
ROOM
BOOKING
A Graph Is
![Page 14: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/14.jpg)
KNOWS
KN
OW
S
KNOWS
WO
RK
S_AT
WORKS_AT
WORKS_AT
COMPANY
STANFORD
STU
DIE
D_A
T
KNOWS
NEO
COLUMBIA
STU
DIE
D_A
T
STUDIED_AT
STUDIED_AT
NAME:ANNE
SINCE:2012
A Graph Is
![Page 15: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/15.jpg)
Company
Stanford
Carl
Tom
Columbia
Bob
NeoAnne
WE
NT_
TO
KNOWS
WO
RK
S_A
T
WORKS_AT
KN
OW
S
KNOWS
KNOWS
WE
NT_
TO
WORKS_AT
A Graph Is
![Page 16: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/16.jpg)
A Graph Is
![Page 17: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/17.jpg)
![Page 18: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/18.jpg)
Network GraphsSecurity Graphs
![Page 19: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/19.jpg)
Network Graphs
![Page 20: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/20.jpg)
Networks are Naturally Graphs!What does that mean?
![Page 21: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/21.jpg)
![Page 22: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/22.jpg)
MeshRouterGatew
ay
Router
Router
Router
MeshRouter
Router
Router
MeshRouterGatew
ay
AccessPoint
CPU
CPU CPU
CPU
Mobile
Mobile Mobile
Mobile
Base Station
CPU
CPU
CPU
CPU
Access Point
![Page 23: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/23.jpg)
The Network Operations Center (NOC)
![Page 24: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/24.jpg)
Monitor health of an entire networkVisualize and understand how different components correlateTroubleshoot issuesPerform impact analysisModel outage scenarios
RequirementsFragmented monitoring toolsInability to correlate problems in different network domainsStale or unreliable data in traditional correlation systems Inefficiencies and high support costs
Key Challenges
Main purpose of a NOC:Manage, Control, and Monitor for Reliability and
Performance
![Page 25: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/25.jpg)
Different Types of Workloads
• Real time event correlation/enrichment/root cause
• Real time network analysis & SPOF-detection
Operational Analytical• “What if”—analysis for change
management• Node centrality, usage analysis,
traffic engineering validation• Monitoring strategic transitions
(i.e. ATM->IP, 3G->LTE, NOC->SOC)
![Page 26: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/26.jpg)
Cross Domain Network & Services Topology
“A single coherent, real-time view of customers, services and the network they
depend upon”🏦
��
Optical & Switching layer
Customer Service view
IP-Routing layer
![Page 27: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/27.jpg)
<< Enriched event << PRIORITY 1, PLATINUM CUSTOMER IMPACT,
LOC, interface AX2431
Example Architecture: Cross Domain Event Correlation/Enrichment
>> Raw event >> LOC, interface AX2431
🏦 :DEPENDS_ON
:DEPENDS_ON
:DEPENDS_ON
IF/AX2431
![Page 28: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/28.jpg)
>> Raw event >> LOC, interface AX2431
<< Enriched event << PRIORITY 1, PLATINUM CUSTOMER IMPACT,
LOC, interface AX2431
Router 1 Router 2
Switch B
SDH Node
IFace B1
IFace B4
IFace S7
IFace 15
IFace 22
SDH NodeAX2431
Switch A
IFace A1
IFace A4 Switch CIFace C1
IFace C4 IFace 27
Customer
Example Architecture: Cross Domain Event Correlation/Enrichment
![Page 29: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/29.jpg)
Fault Mgmnt SystemIBM Netcool, HP TeMIP…
Event CollectorNoSQL store…
(1) Raw events
(2A) Correlated/enriched/prioritized events
(2B) Correlated/enriched/
prioritized events
Cross Domain TopologyServer (Cluster)
Network Inventory
Vendor EMS
Vendor NMS CRM Device Config,
Spreadsheets…
Continuousdata collection
Event StoreNoSQL store…
Example Architecture: Cross Domain Event Correlation/Enrichment
Send it back here Log / key value store
![Page 30: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/30.jpg)
Change Schedule Conflict Notification
Change Manager
Custom UI
Change Planner
Change Manager
Cross Domain TopologyServer (Cluster)
Network Inventory
Vendor EMS
Vendor NMS CRM Device Config,
Spreadsheets…
Continuousdata collection
Example Architecture: Change & Impact Analysis
![Page 31: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/31.jpg)
Why You Should Use Neo4j and Graph Technology in NetworksNative Graph Storage• Fast writes for real time topology• Lightning speed traversals for real-time impact computation
Schema-less Model: Flexibility / Agility• Ease of ingestion / integration of data from multiple sources• Easy to accommodate changes in a very dynamic environment
Standard surfaces / API for integration with other solutions and middleware• Declarative query language (Cypher)• Extendable platform. Server side logic. (Stored Procedures,
UEx)
![Page 32: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/32.jpg)
Demo
“The use of a graph model to show dependencies in an IT network consisting of servers, virtual machines, database servers and application servers.”
Network Graphs
![Page 33: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/33.jpg)
Network GraphsSecurity Graphs
![Page 34: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/34.jpg)
Security Graphs
![Page 35: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/35.jpg)
The Complex Nature of Network Security Data
Siloed and unstructured
Data coming from different sources, often
evolving and incomplete
Dynamic
Constant flow of newly generated data
Large
Accumulated storage of raw data means huge
data volumes
![Page 36: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/36.jpg)
![Page 37: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/37.jpg)
Visualize the entire cyber postureIdentify vulnerabilities Prevent attacksDetect attacksInvestigate and reduce zero-day losses
RequirementsFragmented security tools including firewalls, intrusion detection, vulnerability assessment, SIEM systemsInability to visualize cyber postureDifficult to predict intrusion impact Harder to model scenarios
Key Challenges
Main purpose of a Security Operating Center:
Protect, Detect and Investigate for Security and Loss Prevention
![Page 38: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/38.jpg)
Common Security Tools
Security Intelligence
Intrusion Detection System
Security Information and Event Management (SIEM)
Firewall Manager
Vulnerability Scanner
Too Much Information, Too Little Context
![Page 39: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/39.jpg)
Network Infrastructure
• Segmentation• Topology• Sensors
Cyber Threats
• Campaigns• Actors• Incidents• Indicators• TTPs
Cyber Posture
• Configurations• Vulnerabilities• Policy Rules
Mission Dependencies
• Objectives • Activities• Tasks• Information
![Page 40: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/40.jpg)
Network Topology
Firewall Rules
Host Vulnerabilities
XMLCSV
Graphical
Cisco ASACisco IOS
Juniper JUNOSJuniper ScreenOS
FortinetMcAfee
NessusRetinanCirlce
Core ImpactFoundscan
QualmsSAINTnmap
Attack Graph Analysis
Source: https://neo4j.com/blog/big-data-architecture-cyber-attack-graphs/
![Page 41: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/41.jpg)
Network Topology
Firewall Rules
Host Vulnerabilities
XMLCSV
Graphical
Cisco ASACisco IOS
Juniper JUNOSJuniper ScreenOS
FortinetMcAfee
NessusRetinanCirlce
Core ImpactFoundscan
QualmsSAINTnmap
Source: https://neo4j.com/blog/big-data-architecture-cyber-attack-graphs/
Attack Graph Analysis
![Page 42: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/42.jpg)
Network Topology
Firewall Rules
Host Vulnerabilities
XMLCSV
Graphical
Cisco ASACisco IOS
Juniper JUNOSJuniper ScreenOS
FortinetMcAfee
NessusRetinanCirlce
Core ImpactFoundscan
QualmsSAINTnmap
Source: https://neo4j.com/blog/big-data-architecture-cyber-attack-graphs/
Attack Graph Analysis
![Page 43: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/43.jpg)
“The little links between incidents, which on the surface look like random
meaningless threats, are often what causes the largest problems”
— Steve Ragan, CSO Online
![Page 44: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/44.jpg)
![Page 45: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/45.jpg)
Graphs in Telecommunications
Security Operations Centers (SOC)
![Page 46: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/46.jpg)
Neo4j is used to ensure network security and provides organizations to have a complete visibility of their networks, security rules, firewalls and all the vulnerable points in the network.
Neo4j provides real-time query capability, which is required when providing security over huge and highly interconnected networks.
Neo4j is used by telecommunication and cyber security firms for understanding a networks cyber posture, identify vulnerabilities and trace network intrusion.
How Neo4j is used in Network Security
![Page 47: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/47.jpg)
Demo
“Using a public dataset of network traffic commonly used for identifying malicious network requests we will see how to model and import data using Cypher.”
Security Graphs
![Page 48: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/48.jpg)
Who’s using Neo4j?
![Page 49: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/49.jpg)
Government Commercial clients
Who’s Using Neo4j?Institutions
Local Governments
Law Enforcement
Military & Intelligence
![Page 50: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/50.jpg)
Neo4j Adoption by Selected VerticalsSOFTWARE FINANCIAL
SERVICES RETAIL MEDIA & OTHER
SOCIALNETWORKS TELECOM HEALTHC
ARE
![Page 51: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/51.jpg)
Towards Graph Inevitability
![Page 52: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/52.jpg)
“Graph analysis is possibly the single most effective competitive differentiator for
organizations pursuing data-driven operations and decisions after the design of data capture.
“By the end of 2018, 70% of leading organizations will have one or more pilot or proof-of-concept efforts underway utilizing
graph databases.”
Towards Graph Inevitability
![Page 53: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/53.jpg)
“Forrester estimates that over 25% of enterprises will be using graph databases
by 2017.”
Towards Graph Inevitability
![Page 54: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/54.jpg)
Valuable Resources!
neo4j.com/developer neo4j.com/solutions neo4j.com/product
Developers Solutions Product
![Page 55: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/55.jpg)
![Page 56: Network and IT Operations](https://reader036.vdocuments.net/reader036/viewer/2022070408/5871a15e1a28ab044e8b6e85/html5/thumbnails/56.jpg)
Thank you!