3 days Ago By The graph database arms race: How Microsoft and rivals are revolutionizing cybersecurity
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Multidomain attacks are on the verge of becoming a digital epidemic as nation-states and well-funded cybercrime attack groups look to exploit wide gaps in digital estates’ defenses. Enterprises are having to contend with widening – and often unknown – gaps between enterprise assets, apps, systems, data, identities and endpoints.
The fast-rising pace of attacks is driving a graph database arms race across leading cybersecurity providers. Microsoft ‘s Security Exposure Management Platform (MSEM) at Ignite 2024 reflects how quickly the arms race is maturing and why its containment requires more advanced platforms. In addition to Microsoft’s MSEM, other key players in the graph database arms race for combating multidomain threats include CrowdStrike with its Threat Graph , Cisco’s SecureX , SentinelOne’s Purple AI , Palo Alto Networks’ Cortex XDR and Trend Micro’s Vision One , alongside providers like Neo4j , TigerGraph and Amazon Neptune who supply foundational graph database technology.
“Three years ago, we were seeing 567 password-related attacks per second. Today, that number has skyrocketed to 7,000 per second. This represents a massive escalation in the scale, speed and sophistication of modern cyber threats, underscoring the urgency for proactive and unified security strategies,” Vasu Sakkal, Microsoft’s corporate vice president of security, compliance, identity, management and privacy, told VentureBeat during a recent interview.
Microsoft goes all-in on their security vision at Ignite 2024 With every organization experiencing more multidomain intrusion attempts and suffering from undiscovered breaches, Microsoft is doubling down on security, pivoting its strategy to graph-based defense in MSEM. Sakkal told VentureBeat, “The sophistication, scale, and speed of modern attacks require a generational shift in security. Graph databases and generative AI offer defenders the tools to unify fragmented insights into actionable intelligence.
” Cristian Rodriguez, CrowdStrike’s Americas Field CTO, echoed the importance of graph technology in a recent interview with VentureBeat. “Graph databases allow us to map adversary behavior across domains, identifying the subtle connections and patterns attackers exploit. By visualizing these relationships, defenders gain the contextual insight needed to anticipate and disrupt complex, cross-domain attack strategies,” Rodriguez said.
Key announcements from Ignite 2024 include: Why now? The role of graph databases in cybersecurity John Lambert, corporate vice president for Microsoft Security Research, underscored the critical importance of graph-based thinking in cybersecurity, explaining to VentureBeat, “Defenders think in lists, cyberattackers think in graphs. As long as this is true, attackers win.” He added that Microsoft’s approach to exposure management involves creating a comprehensive graph of the digital estate, overlaying vulnerabilities, threat intelligence and attack paths.
“It’s about giving defenders a complete map of their environment, allowing them to prioritize the most critical risks while understanding the potential blast radius of any compromise,” Lambert added. Graph databases are gathering momentum as an architectural strategy for cybersecurity platforms. They excel at visualizing and analyzing interconnected data, which is critical for identifying attack paths in real time.
Key benefits of graph databases include: The Gartner heat map underscores how graph databases excel in cybersecurity use cases like anomaly detection, monitoring and decision-making, positioning them as essential tools in modern defense strategies. “Emerging Tech: Optimize Threat Detection With Knowledge Graph Databases,” May 2024. Source: Gartner What makes Microsoft’s MSEM platform unique The Microsoft Security Exposure Management Platform (MSEM) differentiates itself from other graph database-driven cybersecurity platforms through its real-time visibility and risk management, which helps security operations center teams stay on top of risks, threats, incidents and breaches.
Sakkal told VentureBeat, “MSEM bridges the gap between detection and action, empowering defenders to anticipate and mitigate threats effectively.” The platform exemplifies Microsoft’s vision of a unified, graph-driven security approach, offering organizations the tools to stay ahead of modern threats with precision and speed. Built on graph-powered insights, MSEM integrates three core capabilities needed to battle back against multi-domain attacks and fragmented security data.
They include: Source: Microsoft Microsoft also announced the following MSEM enhancements at Ignite 2024: Graph databases’ growing role in cybersecurity Graph databases have proven invaluable in tracking and defeating multi-domain attacks. They excel at visualizing and analyzing interconnected data in real time, enabling faster and more accurate threat detection, attack path analysis and risk prioritization. It’s no surprise that graph database technology dominates the roadmaps of leading cybersecurity platform providers.
Cisco’s SecureX Threat Response is one example. The Cisco platform extends the utility of graph databases into network-centric environments, connecting data across endpoints, IoT devices and hybrid networks. Key strengths include an integrated incident response that’s integrated across the Cisco suite of apps and tools and network-centric visibility.
”What we have to do is make sure that we use AI natively for defenses because you cannot go out and fight those AI weaponization attacks from adversaries at a human scale. You have to do it at machine scale,” Jeetu Patel, Cisco’s executive vice president and CPO, told VentureBeat in an interview earlier this year . CrowdStrike’s Threat Graph was introduced at their annual customer event, Fal.
Con in 2022 and is often cited as an example of the power of graph databases in endpoint security. Processing over 2.5 trillion daily events, Threat Graph excels in detecting weak signals and mapping adversary behavior.
Rodriguez emphasized to VentureBeat, “Our graph capabilities ensure precision by focusing on endpoint telemetry, providing defenders with actionable insights faster than ever.” CrowdStrike’s key differentiators include endpoint precision in tracking lateral movements and identifying anomalous behaviors. Threat Graph also supports behavioral analysis used on AI to uncover adversary techniques across workloads.
Palo Alto Networks (Cortex XDR), SentinelOne (Singularity) and Trend Micro are among the notable players leveraging graph databases to enhance their threat detection and real-time anomaly analysis capabilities. Gartner predicted in the recent research note Emerging Tech: Optimize Threat Detection With Knowledge Graph Databases that their widespread adoption will continue due to their ability to support AI-driven insights and reduce noise in security operations. Graph databases will transform enterprise defense Microsoft’s Lambert encapsulated the industry’s trajectory by stating, “May the best attack graph win.
Graph databases are transforming how defenders think about interconnected risks,” underscoring their pivotal role in modern cybersecurity strategies. Multi-domain attacks target the weaknesses between and within complex digital estates. Finding gaps in identity management is an area nation-state attackers concentrate on and mine data to access the core enterprise systems of a company.
Microsoft joins Cisco, CrowdStrike, Palo Alto Networks, SentinelOne and Trend Micro, enabling and continuing to improve graph database technology to identify and act on threats before a breach happens. Stay in the know! Get the latest news in your inbox daily By subscribing, you agree to VentureBeat's Terms of Service. Thanks for subscribing.
Check out more VB newsletters here . An error occured..
