Graphistry in the Verizon DBIR

Posted by Leo Meyerovich on April 11, 2018

 

inline_277_https://www.graphistry.com/hs-fs/hubfs/DBIR_Cover.png?width=234&height=300&name=DBIR_Cover.pngToday, Verizon released the 2018 edition of the Data Breach Investigation Report, and the Graphistry team is proud to have been able to contribute to the report. In fact, the cover of the report is a stylized and simplified version of our graph analysis that you can see on page 56 of the report!

This graph was a lot of fun to work on because it was right in our wheelhouse. Not only does it bring together a lot of data from different vendors and incidents, but the visualization turned the data into a new way of understanding the kill chain of attacks. Specifically, we were able visualize kill chains to see how both internal and external attackers pivoted between attack techniques to violate different security properties. It visualizes each attack step to show if it compromised confidentiality, integrity, or availability, and what high-level technique that attacker used (e.g. malware, hacking, etc).

inline_594_https://www.graphistry.com/hs-fs/hubfs/DBIR_detail.png?width=694&height=715&name=DBIR_detail.png

A lot of interesting things start to pop out when you see the data this way. For example, reading from left to right, most attacks from an external attacker begin with a breach of confidentiality via hacking. From there, they most likely pivot to use malware that violates the integrity of the system. On the other hand, social vectors generally begin with integrity violations such as defacement, but if they escalate, it’s because they quickly escalate to hacking other systems for information gain. There is plenty to analyze here, and you can quickly see that stopping any individual step is not enough as there are plenty of alternate routes to an attacker’s goals.

For those of you who have been using Graphistry, this probably isn’t much of a surprise. Doing kill chain analysis of multi-vendor data is one of our specialties. But it also incredibly exciting to see the preeminent security report in the industry using our approach to make sense of their data. Now just imagine what you can do when the visualization is part of an interactive playbook and not a static image!

So if you have a few minutes, dig in and read the report. And if you aren’t using Graphistry already, then request a demo, and we will be happy to show you how we can help you get more out of your security data.

Get a demo