Introducing our new graph analysis tool

Many cybersecurity analysts want the ability to understand connections in their data, but few have access to the right tools to do it well. With Uplevel’s graph analysis tool, you can quickly uncover hidden relationships and correlated clusters in your security data with minimal effort.

Neo4j and Maltego can be powerful tools for link analysis and graph analysis. However, fully leveraging their power requires analysts to create their own data models. Given the complexity of the data, it can be extremely difficult to build an accurate representation that will return reliable analytical results. A further challenge lies in implementing the model to accommodate the large datasets often required in cybersecurity. With Uplevel, instead of having to create your own graph data model, Uplevel does it for you.

Uplevel’s graph analysis tool is simple to use. Data can be automatically ingested or uploaded from various sources including email servers, SIEMs, security devices, applications, and asset management tools. Uplevel’s tool automatically transforms and normalizes the data into the representative graph structure without requiring further work from the analyst.

Unlike a SIEM that relies on search queries, the Uplevel graph automatically identifies relationships within the data and surfaces correlated clusters of events. Clusters of interest can be pushed to an external ticketing system as a single grouped event. As a result, security events are no longer investigated in isolation and attack progression can be more easily uncovered.

Uplevel’s graph analysis tool can also be used for deeper investigative analysis of a particular security event or incident. Analysts can input data from the security event including malicious and non-malicious technical attributes. Uplevel automatically transforms that data into its representative graph. Users can then upload datasets of interest to uncover connections 1, 2, 3, or n hops away. This allows analysts to understand the full extent of the event and uncover related malicious activity that might otherwise have been missed. After a particular analytical task is complete, users can selectively wipe the data, clearing the database for the next investigation.

With a graph, you can start identifying patterns of activity that could be indicative of a serious incident before it becomes one. The challenge often lies in creating a graph data model that will provide meaningful analytical output. Uplevel’s graph tool is purpose-built for cybersecurity. It automatically does the modeling and link analysis work for you.