Cyber Threat Intelligence powered by RGDB
Use Case : Multi-model Database, RGDB (Relational Graph DataBase)
Background
According to the estimation from the U.S. FBI, the annual amount of damage caused by ransomware attacks has reached almost $1 billion, and Cybersecurity Ventures estimates the world will likely have to pay over $6 trillion by 2021. Now, cyber attacks have emerged as a life- and safety-threatening issue to a large number of people, as the attackers try to hack not only corporate systems for money, but also infrastructures such as power grids and media outlets for political gain. While the patterns of cyber attacks are increasingly getting intelligent and complicated, most existing Cyber Threat Intelligence (CTI) systems that rely on relational databases have been losing its power to swiftly cope with attacks. The reason is because as data increases and cyber crime becomes more and more sophisticated, relying solely on a relational database is not enough for analyzing complex relationships.
Challenge
In 2013, a historical cyber terrorism hit Korea. It infected a total of 32,000 servers in major media outlets, financial institutions, and enterprises with a malicious code, resulting in direct and indirect damage worth KRW 882.3 billion ($ 787.5 million). However, the worse thing was that the systems of Korean public institutions and corporations were helpless to the evolving cyber attacks including Advanced Persistent Threat (APT), modulation, and multiple attacks that might happen in the future.The CTI systems back then was built upon relational databases, which by themselves are not enough to analyze heavily connected data because of their table data structure nature. That is the reason previous systems have failed to offer satisfactory analytic performance and fast visualization of complex attack patterns.
Boiled with other limitations, like the absence of a platform that the public and private sector can share cyber-attack information and the blindness to credibility and importance of this information, old CTI systems became big obstacles to the cyberterrorism strategy for Korea government. Then, one of the Korean government agencies has decided to adopt Multi-model Database(Relational + Graph Database=RGDB) to break through these obstacles.
Solution
This agency embraced a new CTI system based on Relational Graph Database(RGDB) like that of Apache AGE. This system analyzes attack patterns, discovers similarities between attacks, and defines and manages cyber attack groups. No matter how complex the patterns are, they are seen through within a second, and the information about the source and the pattern of the attack comes right into the agency’s hands, enabling him to act preemptively. Furthermore, an intelligent system with Deep Learning algorithms learns that information, and it predicts future attacks and rings the alarm by catching unidentified attack signals.
Benefits
Therefore, the CTI system built on “RGDB” steps forward to the level that had been unreachable for a long time. RGDB such as Apache AGE associates structured and unstructured data to provide more analysis results, and detects attack patterns and the relationships between attacks on the spot, bringing up the true “prevention” against cyber attacks. Thus, RGDB empowers a CTI system to overcome its limitation and enable an intelligent countermeasure against the signs of attacks that are previously known to no one.
