Graph Databases: An Essential Part of Your Cyber Security Armory
By Dominik Tomicevic
Database expert Dominik Tomicevic explains why a deeper understanding of the complex relationships and interdependencies within cyberspace could not only strengthen defensive postures but also enable faster, more effective responses.
I want to offer a different perspective on how to strengthen cybersecurity responses—and I’ll start with a practical example from a company that is innovating in ways others could learn from.
Traditional relational database structures—using rows, tables, and rigid schemas—are commonly applied when mapping how organizations operate and how devices connect. However, this approach doesn’t capture the true complexity of real-world environments. Life is shaped by dynamic relationships: friendships, workgroups, rivalries, and intricate patterns of interaction. These fluid structures are exactly what attackers exploit, and understanding them is key to building effective defenses.
The company I’m highlighting recognized that traditional relational models weren’t up to the task. Instead, they adopted graph technology, a more suitable paradigm for capturing complex, real-time connections.
Graph-based approaches are gaining traction across various fields beyond cybersecurity, from managing product ecosystems and combating fraud to advancing drug discovery. In this case, a Swiss-based vendor, Saporo, identified graph databases as the only viable foundation to support the platform they envisioned.
Founded in 2021, Saporo helps organizations of all sizes and industries stay ahead of cyber attacks by quickly prioritizing and identifying potential risks, specifically in the context of identity and permissions. Saporo’s unique selling proposition revolves around focusing on identity and permissions, while providing contextual alerts that allow users to quickly understand the potential impact of any threat and anticipate future risks.
Understanding an outsider’s perception of the attack surface—the path an attacker might take to compromise your environment—allows for effective prioritization of defenses. This approach compresses the attack surface, reducing the risk of a successful breach.
Companies working with Saporo and its graph-based solutions can direct resources toward the most critical threats and vulnerabilities at any given moment. This results in a more efficient allocation of resources and better risk management. Additionally, by identifying attack paths in advance, Saporo’s team can collaborate with CISOs to ensure quicker, more effective responses to attacks, minimizing impact and strengthening overall defense strategies.
What Saporo and its customers are discovering is that using graphs to optimize planning and defense strategies against attacks not only reduces costs but also strengthens security posture and minimizes the risk of business disruptions. By applying graph technology to the base data model for cybersecurity, Saporo maps a network of relationships involving computers, devices, user accounts, and internal assets—everything that requires protection. This approach offers a comprehensive view of potential entry points and has proven valuable across various sectors, including finance, insurance, healthcare, government, and the public sector.
To achieve this, Saporo determined that an in-memory approach to handling data at high speed was crucial. It quickly realized that the only viable solution would be an open-source graph database, in particular one that was built for streaming, and with seamless interoperability with other key systems.
Graph databases offer the unique ability to compute a vast number of potential attack paths, each consisting of various access chains. This enables users of the Saporo platform to visualize and simulate how an attacker might navigate an environment, providing defenders with a clear list of potential attack vectors and allowing them to proactively mitigate threats before they materialize.
An effective way of dealing with cyber issues
Graph technology provides Saporo with deep insights into an attacker’s mindset, while simultaneously offering defenders a clearer view of potential misconfigurations and vulnerabilities before an attack occurs. Graph-based cybersecurity tools can operate at high scale and speed, taking full advantage of the graph model’s core strengths.
Additionally, the decision to implement the Memgraph graph database in C++ ensures optimized performance. Another key benefit is that graph technology comes with powerful algorithms, such as weighted shortest path, depth-first search, and breadth-first search. For example, by using the weighted shortest path algorithm, Saporo’s team can calculate paths directly without the need to filter or rank them by score. This results in more accurate outcomes by eliminating irrelevant paths during computation.
Another key factor in this case is the use of the Cypher graph-based query language, which functions similarly to SQL for relational databases, making it highly user-friendly. According to Guillaume Eyries, co-founder and Chief Product Officer of Saporo, “The biggest value this [graph-based solution] provides is the ability to process our analysis faster, which improves both the velocity of analysis and the fluidity of the tool from a user experience standpoint.”
Graph technology, when used as the cornerstone of a cybersecurity solution, can also address a common challenge even the most advanced systems encounter: the constant barrage of false positives. By leveraging graphs, unpromising search suggestions can be easily discarded, streamlining the process. According to Eyries, transitioning to graph technology has resulted in significant improvements in both analysis velocity and overall user experience. This shift has enabled the development of a powerful cybersecurity solution that not only meets customer needs but also upholds the brand’s promise of reliably anticipating how attackers might exploit system configuration weaknesses and user access permissions.
While it might sound straightforward, modeling multi-level permissions—or even changes to those permissions—can be complex, especially in a relational database context. What’s being described are relationships between resources and users. In a graph, these connections are captured as nodes and edges, making the relationships easier to visualize and understand. This enables a much faster identification of an attacker’s potential route to assets. The inherent strength of graph technology lies in its ability to compute a vast number of potential paths, providing real-time inputs that simulate how attackers would navigate the environment at scale.
By embracing a graph-based approach, this company is equipping its customers with a dynamic, real-time view of their systems. This method uncovers potential security misconfigurations, vulnerabilities, and attack paths, offering a clearer and more accurate understanding of security posture at any given moment. Since implementing graph technology, Saporo has already experienced a 10% boost in performance compared to its previous technology base, underscoring the substantial benefits of adopting a graph-based model.
A context of dangerous convenience
Ultimately, organizations need to focus on understanding relationships and potential vulnerabilities because that’s how cybercriminals view them from the outside. While the drive to be digital, online, and in the cloud is undeniable, the rapid growth in productivity has been accompanied by an increasing lack of safety.
Currently, cyber technologies, software architectures, and strategies often lag behind cybercriminals. Traditional defenses have struggled to keep pace, but a new approach—one that models the complex relationships and interdependencies within organizations—could significantly enhance overall security. This graph-based approach offers a better way to understand and manage complexity, improving defense strategies and enabling faster, more effective responses.
Dominik Tomicevic, CEO, Memgraph
In 2011, Dominik was one of only four people worldwide to receive the Microsoft Imagine Cup Grant, personally awarded by Bill Gates. In 2016, he founded Memgraph, a venture-backed graph database company specializing in high-performance, real-time connected data processing. In 2017, Forbes recognised Dominik as one of the top 10 Technology CEOs to watch. Today, Memgraph boasts an open-source community of 150,000 members and customers including NASA, Cedars-Sinai, and Capitec Bank.
The author is the CEO of knowledge graph leader Memgraph