-
Notifications
You must be signed in to change notification settings - Fork 18
Motivations
Two secure systems put together do not always amount to a secure system.
In general, we need to have a global overview of the ecosystem. When attacking or defending an environment the knowledge of all aspects is a key point for a successful operation.
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. - Sun Tzu
A global overview is vital for both an attacker and a defender because it allows security analysts and attackers to immediately find attack paths to remediate or abuse the system.
In our experience a limited knowledge or scope not only may create or ignore security holes but can also help suggest infeasible solutions from a product or service point of view. A limited view does not take into account the real vision and necessities of the company or the service stakeholders.
Furthermore, in complex and large environments without a global vision it is not possible to act on the immediate threats; a bottom up approach can be money and time consuming because the focus is on limited aspects where some attacks or paths may not be feasible and/or visible. An overview helps to prioritise vulnerabilities and remediations.
A full understanding of the environment from a high-level perspective enables companies to establish priorities and fulfil security requirements.
While IAM security is very important an attacker may also abuse misconfigurations on the environment like exposed resources (Alteryx, Twilio) or services; a Cloud Security Posture Management (CSPM) can help companies securing their asset defining standard controls (CIS, PCI, NIST, SOC2) and custom ruleset to avoid false positives or increase detection of security issues.
A graph database appeared to be a good fit for the project because the data model allows to create simple entities and focus on the relationships between them. In addition, BloodHound used it with success so it must be good!
Without knowing graphs or graph theory the immediate and intuitive way to represent "how things works" is using circles and arrows (nodes and edges): X is somehow connected to Y. The focus is on the "how" X and Y are connected because they represent the distinctive features of X and Y.
A classic relational database focuses on storing data and not creating a large amount of relationships which are necessary to represent how services and users interact; consequently the performances of a graph database (embedded with the graph theory research) are specifically tuned on the graph navigation.