CUSTOMER STORY
Proactive Cybersecurity: Deep Path Analysis to Reduce Attack Surfaces
Customer
Saporo
Use case
Cybersecurity Risk Detection
Industry
Cybersecurity
Profile
Building with Memgraph
10x
more performant database
2 week
migration
85%
decrease in time for analysis
Challenge
Saporo needed a performant graph database to manage complex, identity and permissions-based attack surfaces.
Solution
Memgraph's in-memory graph database facilitated rapid data analysis and enhanced performance, enabling Saporo to anticipate and mitigate cybersecurity threats effectively.
Reading time: 5min
About Saporo
Saporo is a cybersecurity company focused on strengthening organizations' resistance to identity-driven cyberattacks. It addresses the critical issue of identity as the primary attack point with 90% of cyberattacks exploiting weaknesses in Active Directory or other identity systems. Their solutions are designed to help organizations anticipate and mitigate potential attacks by uncovering all identity attack paths and prioritizing actions to eliminate the most impactful risks.
Impact highlights
Performance gains
Increase in data processing speed, with performance improvements ranging from 10x to 100x compared to previous solutions.
Efficiency in attack surface reduction
Using Memgraph, Saporo streamlined attack path management, reducing the attack surface and improving organizational cyber resilience.
Innovation in risk management
Saporo uses Memgraph's advanced graph algorithms (dynamic algorithms) to develop and implement custom algorithms for risk management.
“Memgraph's greatest benefit to us lies in its capacity to accelerate our analyses, enhancing both the speed of our application and the overall user experience with its intuitive interface.”
Guillaume Eyries, Co-Founder & CPO at Saporo
Key Memgraph Features for Saporo
- Performance and in-memory processingMemgraph is based on C++ architecture and in-memory processing which provides unmatched speed. For more information, check out our Benchgraph.
- Advanced and custom algorithmsSupports custom-written algorithms for identity and permissions management for cybersecurity analysis.
- Deep path analysisEnables exploration and a better understanding of complex relationships within large datasets in real time.
Backstory
Saporo identified a few significant gaps in the market by recognizing the fragmented nature of security analysis—the prevalence of false positives and negatives straining resources. There was a gap between available solutions and actual needs. In response, Saporo aimed to change the cybersecurity approach and focus on identity and permissions.
Their approach emphasizes proactive problem-solving over reactive measures. How? Saporo uses graph theory along with AI to automatically prioritize security risks at scale, based on business and security impact. They use graph database technology to map complex relationships and paths attackers use, making cybersecurity more intuitive and preemptive, especially in environments dealing with sensitive information.
Their approach emphasizes proactive problem-solving over reactive measures. How? Saporo uses graph theory along with AI to automatically prioritize security risks at scale, based on business and security impact. They use graph database technology to map complex relationships and paths attackers use, making cybersecurity more intuitive and preemptive, especially in environments dealing with sensitive information.
Challenge:
Enable fast analysis of complex data relationships to detect potential security threats continuously.
Saporo anticipates how attackers can use the system configuration weaknesses and user access permissions. They help protect platforms like Microsoft Active Directory, Azure, AWS, and Okta.
In this case, permissions are connections that represent relationships between resources and users. When translating those connections into the graph domain, they become nodes and edges forming a graph. From the beginning, Saporo knew that graph technology was the way to go as they had relationship-heavy data. To paraphrase John Lambert, Engineer and General Manager from the Microsoft Threat Center, “Defenders think in lists. Attackers think in graphs”. As long as this is true, attackers win. Cyber attackers see the access points in a hierarchical and not in a flat way. They primarily want to find routes to assets. On the other hand, defenders typically think in terms of lists.
The graph-based approach contrasts with traditional, list-based defenses. It’s faster, computes a high number of paths, and is more effective in identifying and simulating attacker strategies. All before the actual attack even happens.
Okay, so how does Memgraph play into this, and why does Saporo use Memgraph?
In this case, permissions are connections that represent relationships between resources and users. When translating those connections into the graph domain, they become nodes and edges forming a graph. From the beginning, Saporo knew that graph technology was the way to go as they had relationship-heavy data. To paraphrase John Lambert, Engineer and General Manager from the Microsoft Threat Center, “Defenders think in lists. Attackers think in graphs”. As long as this is true, attackers win. Cyber attackers see the access points in a hierarchical and not in a flat way. They primarily want to find routes to assets. On the other hand, defenders typically think in terms of lists.
The graph-based approach contrasts with traditional, list-based defenses. It’s faster, computes a high number of paths, and is more effective in identifying and simulating attacker strategies. All before the actual attack even happens.
Okay, so how does Memgraph play into this, and why does Saporo use Memgraph?
Why Memgraph?
Memgraph's graph database technology provides an advantage for Saporo. Memgraph enables Saporo to effectively tackle its primary challenge: the fast analysis of complex data relationships for continuous risk management. Saporo's mission to secure platforms like Microsoft Active Directory, Azure, AWS, and Okta against sophisticated attackers exploiting system configurations and user permissions needs a solution that mirrors attackers' graph-based thinking.
- Easy migration and Cypher compatibility. Saporo uses their existing knowledge and workflows without the need for extensive retraining or code rewriting when switching to Memgraph.
- High performance which significantly outpaces alternatives.
- Memgraph Advanced Graph Extensions (MAGE) library provides a set of pre-optimized graph algorithms ready for use. Saporo uses it for a deeper, algorithmic understanding of complex permission structures and potential attack paths.
- Option to write custom data science algorithms in C++. All shortest paths (ASP), Depth-first search (DFS), and Breadth-first search (BFS) are already included, fully optimized, and built into the database core.
- Ease of use. Memgraph is easy to get started with. Saporo wanted a product that’s easy to use and without complex database management.
- Availability of Memgraph open-source version and the Community License. This allowed Saporo to evaluate the platform thoroughly before committing to the purchase.
- Memgraph's transparent licensing, operational flexibility, and responsive engineering team provide Saporo with the assurance of a reliable, adaptable solution that aligns with their needs.
“The two main tech drivers when deciding on Memgraph were performance and algorithm support. The fact that Memgraph is written in C++ and is in-memory means that it is much faster than anything that we've seen on the market. In combination with the prebuilt algorithms, it was a no-brainer for us.”
Guillaume Eyries, Co-Founder & CPO at Saporo
Results
The highlight was that the migration from Neo4j to Memgraph took only two weeks, far less than the estimated two months. Of course, compatibility with Cypher was key here.
Post-integration, Saporo observed up to 10x performance improvements in data analysis, crucial for their expanding customer base. By using Memgraph, Saporo can run enhanced analysis and complete previously impossible tasks all by reducing processing and analysis time by 85%.
Memgraph optimization of the Weighted Shortest Path (WSP) and development of All shortest paths (ASP) algorithms directly supported the Saporo core feature of attack path identification leading to improved computational accuracy and performance.
Post-integration, Saporo observed up to 10x performance improvements in data analysis, crucial for their expanding customer base. By using Memgraph, Saporo can run enhanced analysis and complete previously impossible tasks all by reducing processing and analysis time by 85%.
Memgraph optimization of the Weighted Shortest Path (WSP) and development of All shortest paths (ASP) algorithms directly supported the Saporo core feature of attack path identification leading to improved computational accuracy and performance.
“Our experience directly working with Memgraph engineers played a big part in our decision to choose Memgraph. Memgraph’s team was reactive, listened, and wanted to understand the use case before actually jumping in and fixing it. The work was done in a matter of two weeks which was phenomenal - we hadn’t seen anything like this before and were pleasantly surprised.”
Guillaume Eyries, Co-Founder & CPO at Saporo
Find out how Memgraph performs compared to Neo4j
Let’s see how Memgraph fits into your environment
