Six Degrees of Infiltration: Using Graph to Understand your Infrastructure and Optimize Security Decision Making

Sacha Faust - Six Degrees of Infiltration: Using Graph to Understand your Infrastructure and Optimize Security Decision Making Current infrastructures depends on multiple technologies and third party infrastructures that increase security complexity and makes it very difficult to have a clear end to end view of the overall state and possible risks. Existing approaches were good investments but a few challenges were observed * Some duplication - Broad set of dedicated services that collect and visualize similar data. * View of the environment relies on broad set of tribal knowledge * Recurrent questions difficult to quickly answer - “What is my exposure” - “Does this vulnerability affect us and in what way?” - “What priority should we allocate to this issue?“ * Moving target problem - Does infrastructure match expectations at all time? * Transitive risks or lateral movements exploration not possible cross dependencies * Overall state of the infrastructure hard to visualize and validate * Difficult to apply internal context to external intelligence feed The talk will provide insight on a graph solutions explored by Lyft Security Intelligence team to tackle knowledge consolidation and improve decision making. Attendees of this session will be introduced to methodologies and off the shelf tools like Neo4j, we use along with the release our open source graph based security intelligence platform they can use to get started and collaborate.