|
| 1 | += Neo4j Network and Security Demo |
| 2 | +include::_graphacademy_llm.adoc[] |
| 3 | +:slug: network-graph |
| 4 | +:author: John Stegeman |
| 5 | +:category: demos |
| 6 | +:tags: |
| 7 | +:neo4j-versions: 5.x |
| 8 | +:page-pagination: |
| 9 | +:page-product: network-graph |
| 10 | + |
| 11 | +== Introduction |
| 12 | + |
| 13 | +Security breaches are rarely caused by a single vulnerability. More often, attackers exploit the complexity of modern environments, where users, systems, and data are deeply interconnected. Permissions overlap, roles evolve, and infrastructure spreads across multiple clouds. This interconnected sprawl creates gaps that are difficult to detect and easy to exploit. |
| 14 | + |
| 15 | +IT infrastructure today operates as a dynamic, layered system where changes in one area can quickly impact others. Users, devices, services, and policies constantly evolve and intersect, creating environments that are harder to trace and secure. A single user might have access to dozens of systems through different identity providers, roles, and permissions. A vulnerability in a shared library might affect multiple apps across departments. A misconfigured network setting could expose critical data without anyone realizing it. |
| 16 | + |
| 17 | +Storing networy and security information in an interconnected graph captures the important relationships between components, enabling use cases such as: |
| 18 | + |
| 19 | +* Identity and access 360 |
| 20 | +* Identity resolution |
| 21 | +* Reputation scoring |
| 22 | +* Threat detection |
| 23 | +* Zero trust |
| 24 | +* Blast radius analysis and containment |
| 25 | +* Adaptive access control |
| 26 | +* Dependency modeling and management |
| 27 | +* Hierarchy management and policy propagation |
| 28 | +* Incident investigation and response |
| 29 | + |
| 30 | +=== The Challenges of Legacy Approaches |
| 31 | + |
| 32 | +Relational databases and traditional security tools were designed for structured records, not relationships. They struggle to model complex connections between users, devices, software, and policies. Answering even simple security questions often means writing long JOIN-heavy queries, building brittle scripts, or exporting data for manual analysis. |
| 33 | + |
| 34 | +This becomes a problem when time is critical. During an incident, teams need to know what’s at risk, not spend hours parsing logs or correlating spreadsheets. And when infrastructure changes, static models fail to keep up, leaving gaps in visibility and delaying response. |
| 35 | + |
| 36 | +Legacy tools were not built to track how systems are interconnected or how access is inherited across layers of identity and permissions. Attempts to model this using traditional structures become unwieldy, especially when dealing with nested groups, shared components, or third-party dependencies. |
| 37 | + |
| 38 | +Multi-level queries often underperform at scale, making it difficult to analyze environments with thousands of assets, identities, and connections. This leads teams to rely on partial views or offline analysis, increasing the risk of blind spots during high-stakes scenarios. Teams need a model that mirrors how infrastructure actually operates: flexible, relational, and constantly changing. Without it, they’re left reacting to incidents instead of anticipating them. |
| 39 | + |
| 40 | +=== What You Will Learn |
| 41 | + |
| 42 | +This demonstration shows how to use Neo4j graph database to trace the impact of network vulnerabilities; in it, you will learn: |
| 43 | + |
| 44 | +* How to set up a Neo4j AuraDB instance with sample data |
| 45 | + |
| 46 | +* Understanding a starter graph data model for modeling a network and identifying the impact of vulnerabilities |
| 47 | + |
| 48 | +* Sample queries for analyzing network vulnerabilities and clusters of suspicious devices. You will see how to use the queries to create a comprehensive interactive dashboard |
| 49 | + |
| 50 | +== Prerequisites |
| 51 | + |
| 52 | +To run these examples, you will need the following: |
| 53 | + |
| 54 | +1. Web browser and Internet access. |
| 55 | +2. A Neo4j https://neo4j.com/product/auradb/[AuraDB] database instance. These examples will run on any tier, including the Free and Professional tiers (including the free trial). You can sign up for AuraDB https://console.neo4j.io/?action=signup&product=aura-db[here]. Following the instructions in this demo will replace the data in your database instance, so be sure to back up any data you do not want to lose; alternatively, you can create a fresh instance to use. |
| 56 | +3. (Optional, but recommended) git client software to download the demo assets. |
| 57 | +4. Optional: a local setup of https://neo4j.com/labs/cypher-workbench/[Cypher Workbench], if you want to experiment with tools for editing the data model. |
| 58 | + |
| 59 | +== Setting Up |
| 60 | +1. Ensure you have a Neo4j AuraDB instance running. If you are new to AuraDB, create an account https://console.neo4j.io/?action=signup&product=aura-db[here], then click Create Instance. You can select any of the instance types: |
| 61 | + |
| 62 | +image::create_aura_instance.png[align="center"] |
| 63 | + |
| 64 | +Be sure to save the credentials to log in to your database instance. Wait for the instance status to reach “RUNNING” before proceeding to the next step. |
| 65 | + |
| 66 | +2. Clone the git repository from https://github.com/neo4j-product-examples/demo-fraud[https://github.com/neo4j-product-examples/demo-network] |
| 67 | +[source, bash] |
| 68 | +---- |
| 69 | +git clone https://github.com/neo4j-product-examples/demo-network.git |
| 70 | +---- |
| 71 | +Alternatively, you can use the “download ZIP” option on GitHub to download a copy. |
| 72 | +[start=3] |
| 73 | +3. Using the “3 dots” menu in the Aura console, select Backup & Restore |
| 74 | + |
| 75 | +image::restore_database.png[align="center"] |
| 76 | +[start=4] |
| 77 | +4. Use either the Browse button or drag-and-drop to find the dump file in the dump directory of the git repository you cloned in step 2. |
| 78 | + |
| 79 | +image::backup_file_network.png[align="center"] |
| 80 | + |
| 81 | +[start=5] |
| 82 | +5. Review the warning about replacing your instance data and proceed when you are ready: |
| 83 | + |
| 84 | +image::confirmation_network.png[align="center"] |
| 85 | +[start=6] |
| 86 | +6. You are ready to run the examples when your database instance reaches the “RUNNING” state. |
| 87 | + |
| 88 | +== The Graph Data Model |
0 commit comments