Security graphs help companies visually depict their environment and write effective policies. AI helps make the graphs more accurate and useful.
Security graphs have been around for more than a decade, but as with so many other aspects of cybersecurity, artificial intelligence (AI) capabilities are making them more useful. AI helps organizations create security graphs that paint a more complete picture of their environment and make smarter policy decisions.
What security graphs are and why they’re essential
At its core, a security graph is a type of data structure that represents security relationships between different resources in an organization’s environment. Context and labels that add detail can be attached to each resource and relationship, which are the nodes and edges of the graphs, respectively. From that data structure, teams can create a conceptual map of their networks.
“What’s going on in our environments has been invisible to us for a long time, because we didn’t have the data,” says John Kindervag, chief evangelist at Illumio and the creator of Zero Trust. “And then we didn’t know how to display the data.”
With the map in hand, it’s now possible to fully grasp the relationship between any two points in a transaction, which makes it far easier to understand what security controls each requires and better align policy with transaction flows.
That’s a big change from the linear policies of the past, where traffic would hit, say, a firewall and be matched against a series of policies or rules, one after the other. The rules lacked any context associated with each transaction, which could lead to contradictory policies or rules that had no effect or even an adverse effect.
“Does this meet rule 1? Nope. Does it meet rule 2? Nope. But it meets rule 46, so we’re going to enforce that rule, except that may be a bad thing, because it doesn’t have any context at all other than sequence,” Kindervag says.
How AI makes security graphs more valuable
AI enables the development of better security graphs and more effective interaction with them.
The more information and context a security graph includes, the more useful it becomes. AI and machine learning (ML) models can help create more complete graphs, working with data about the environment from flow logs, resource inventories, and the like, says Raghu Nandakumara, vice president, Industry Strategy at Illumio.
AI models can also fill in missing details, making inferences based on what the models know from other deployments. A model may be able to tell from flow logs that a given node is a web server, for example. “It’s using AI to further annotate; to fill in the gaps and add additional context; or to refine, update, or correct context,” Nandakumara says.
AI and ML models can also help companies interpret security graphs to develop effective policies. “Essentially, they help find the unexpected and prioritize which events and relationships are worth investigating more than others,” he says. A basic example is identifying traffic patterns that may be normal at some times of day but not others and developing policies accordingly.
Tools such as the Illumio Platform employ security graphs to help companies create effective policies and automatically detect and eliminate many potential threats, enabling security teams to focus on the most critical risks.
Learn how Illumio can help you create effective security graphs that play a crucial role in containing threats. Visit us here.
