Andréa Piazza - How We Catch Hackers with GraphQL

About Andrea

Hi, I’m Andréa, a Full-Stack Developer at Grapl Inc where I build new features and capabilities across our front and back-ends in order to help our customers catch attackers in their network, keeping their data safe.

When I’m not coding, I enjoy reading, walking in the Bay Area listening to podcasts, and being active. I’m happiest when I’m spending time outdoors or with my family and friends.

How We Catch Hackers with GraphQL

Grapl is taking a graph-based approach to security to build a next generation SIEM for defenders. To help their users find meaning in their data, Grapl has recently transitioned their REST API to GraphQL.

In this talk, Andrea explain why Grapl made the switch to GraphQL, what their experience was as a company that hadn’t used it before, and how they use GraphQL to help their customers explore their data more effectively to catch hackers in their networks.

Have questions for Andréa? Submit them below.

Andréa would love to answer them!

Haven’t signed up for the free conference yet?

Grab your free tickets here: https://graphqlcon.space

Follow Andréa

Twitter: https://twitter.com/azza_314

LinkedIn: https://www.linkedin.com/in/andreampiazza/

3 Likes

I might sound uninformed but I would still like to clear my doubts since I am on this fun learning path.

When you mention hackers with GraphQL, do you marry any cyber security tools/techniques with Graph or is it something that an engineer can achieve with only GrapghQL?

Thanks & looking forward to your note!

Hi Jyotsna!

We use GraphQL as a tool to power our product, Grapl, which helps catch attackers using a graph-based approach to security. Security Analysts can upload attack signatures, which are written using Python. We use the attack signatures to search our DGraph cluster for suspicious attacker behaviors. We then use GraphQL for investigations where the analysts want to pivot off of the suspicious graph for context.

The base knowledge to use our API is just an understanding of what data you want to explore, so anyone with development experience can use our API.

When it comes to using your data to track attacker behaviors, security knowledge is useful to understand what to look for in your data.

Hope this helps!

Thanks,
Andrea Piazza

1 Like

Thank You Andrea! I am now more & more intrigued with your talk & really can’t wait to know more!

1 Like

Thanks for a nice and engaging presentation! :+1: agree that working with graph data need to shift our mindset to think differently and in associations. Since I’m creating something similar for network traffic analysis, I am interested in your users’ experience so far. Were analysts or incident response team members capable of this mindset change?

2 Likes

Hello Andrea -

What tools and libraries did you use to develop your GraphQL API?

Why didn’t you use something like Apollo or Prisma for your GraphQL API?

What are your security concerns using GRAPHQL instead of REST?

Thank you.

1 Like

Hi @cermmik ,

Thanks for watching, your project sounds really interesting and I’m glad to hear that you’re taking a graph-based approach!

The mindset change was certainly a shift from what analysts are used to because they’re trained to think in events.

However, analysts are already building up graphs in their head and thinking in graphs naturally, so once they have the tool in front of them, investigations are intuitive and they’ve enjoyed their experience so far!

With anything, it takes time to adjust, but ultimately, using graphs to express attacker behavior saves time.

Thanks,

Andrea Piazza


Hi @jms494 ,

We used express-graphql with GraphQLHTTP to make our requests. On the front-end, we used fetch to make the request because it was important to us to learn the fundamentals of GraphQL first, keep it simple, and stick to technologies we knew. This is also why we didn’t use a third-party at first.

As far as GraphQL security concerns, it’s sometimes easier to abuse APIs written with GraphQL because they offer such a powerful API. Clients can get access to information they weren’t supposed to. In our case, we DGraph for authorization, and only allow for authenticated requests in our API.

Thanks,

Andrea Piazza

1 Like

hi,

thank you for your presentation - good stuff. it provided valuable insights for project-buildout.

thx.

1 Like

Hi @infomativearchitect!

Thank you for watching, I appreciate the kind feedback and am glad the talk was helpful!

Thanks,

Andrea Piazza