Graphs in Government: MITRE

The use cases for a graph database in government are endless.

Graphs are versatile and dynamic. They are the key to solving the challenges you face in fulfilling your mission.

Using real-world government use cases, this blog series explains how graphs solve a broad range of complex problems that can’t be solved in any other way.

Last week we focused on a case study using Neo4j at IQT, a nonprofit that works with America’s intelligence agencies to identify, invest in and support tech innovations that best match America’s intelligence missions.

Learn how MITRE uses Neo4j to improve cybersecurity.

This week we will showcase a case study on MITRE, a U.S. federally funded, not-for-profit company that used Neo4j to develop CyGraph, a tool for cyber warfare analytics, visualization and knowledge management.

Fighting and Tracing Cybersecurity Threats

In their efforts to stop cyber attacks, analysts track large amounts of detailed cybersecurity information, such as network and endpoint vulnerabilities, firewall configurations and intrusion detection events.

The solutions used to analyze this data typically track data points. But to be successful, analysts need to understand how those data points are related.

To address these challenges, researchers at MITRE Corporation, a U.S. federally funded, not-for-profit company, used Neo4j to develop CyGraph, a tool for cyber warfare analytics, visualization and knowledge management.

CyGraph brings together isolated data and events into an ongoing overall picture for decision support and situational awareness. It prioritizes exposed vulnerabilities, mapped to potential threats, in the context of mission-critical assets. It also correlates intrusion alerts to known vulnerability paths and suggests the best course of action for responding to attacks. For postattack forensics, CyGraph shows vulnerable paths that warrant deeper inspection.

The model schema in the CyGraph architecture is free to evolve with the available data sources and desired analytics. The data model is based on a flexible property-graph formulation implemented in Neo4j. REST web services provide interfaces in CyGraph for data ingestion, analytics and graph visualization.

The Neo4j native graph pattern-matching language supports a library of domain-specific queries as well as flexible ad hoc queries. CyGraph then provides a variety of clients for specialized analytic and visual capabilities, including graph dynamics, layering, grouping, filtering and hierarchical views.

“Graph queries make it possible to focus our analysis on the relevant portions of attack graphs, allowing us to pinpoint vulnerabilities and target responses,” said Steven Noel, a cybersecurity researcher at MITRE.

The use of Neo4j at MITRE provides insight into the mission impact of cyber activities. Graph layers (network infrastructure, cyber defense posture, mission dependencies and so on) define subsets of the overall model space with connections within and across each layer. Analysts also gain visibility into operations for global situational awareness.


As this blog series shows, Neo4j enables government agencies and organizations to perform deep complex queries and analyze their data in new ways.

Graph databases are as versatile as the government agencies that use them. In the coming weeks, we’ll continue showing the innovative ways government agencies are using graph databases to fulfill their missions.

Solutions can’t wait:
Witness how leading government agencies are using Neo4j to overcome their toughest challenges with this white paper, Graphs in Government: Fulfilling Your Mission with Neo4j. Click below to get your free copy.

Read the White Paper