CyGraph is a prototype tool for protection of mission critical assets, improving network security posture, and maintaining situational understanding in the face of cyberattacks. CyGraph captures complex relationships among entities in the cybersecurity domain, along with how mission elements depend on cyberspace assets. This forms the foundation for a common operating picture for cyberattacks, defenses, and mission impacts. Pattern-matching queries traverse the graph of interrelations according to user-specified constraints, yielding focused clusters of high-risk activity from the swarm of complex interrelationships. Signals are extracted from noise, fusing disparate data points into actionable units that can be investigated.

The tool is implemented as a JavaScript client-server web application, providing interactive graph visualization in the browser for navigating the results of graph queries. Analytic queries are expressed in CyGraph Query Language (CyQL), a domain-specific language for expressing graph patterns of interest, which CyGraph translates to the backend native query language. Overall, CyGraph provides a common operating picture of cyberspace, including network traffic patterns, key terrain, alerts, and vulnerabilities, with analytic queries that extract “needle in haystack" patterns of cyber risk focused on mission protection.

To discuss licensing or collaboration activities, please contact MITRE's TTO.