RiskFlow

See the report
Select systems
Run Analysis
See more technical details
Generate management report
Create Tasks
Add a file

Inspiration

We were inspired by the growing complexity of modern infrastructures and the critical need to autonomously manage vulnerabilities. In a time when attackers constantly get faster, we were motivated to keep up from the defense side.

What it does

RiskFlow empowers users to upload CVE data, which is analyzed using an LLM to extract relevant insights. By leveraging optimized queries on a comprehensive graph database, the platform identifies affected systems, calculates advanced risk and impact metrics, including what-if scenarios, and visualizes results. Finally, it generates actionable reports and remediation plans, simplifying and streamlining the entire vulnerability management process.

How we built it

We built RiskFlow using Next.js for a responsive web interface, hosted seamlessly via Vercel for scalability. The platform utilizes Neo4j as a graph database which was provided by Siemens. We leverage the power of the OpenAI API for LLM-based data extraction of the CVE data. By incorporating parallelized queries and optimization techniques, we ensured the system handles large datasets efficiently while delivering interactive visualizations and user-friendly reporting for both engineers and decision-makers.

Challenges we ran into

One of our key challenges was optimizing the graph database queries to significantly improve performance. Initially, processing a query took over 1 minute and 20 seconds, but through parallel execution, strategic indexing, and query restructuring, we reduced this time to just 13 seconds. Another challenge was managing the large data models in the backend, which we meticulously defined to perform complex calculations for risk assessment and impact metrics. These optimizations ensured that RiskFlow could handle large datasets efficiently while delivering rapid, accurate insights.

Accomplishments that we're proud of

We’re proud of creating a tool that not only simplifies a complex process but also provides actionable insights to enhance security. Successfully integrating advanced technologies like graph databases into a seamless workflow and delivering highly visual, actionable outputs for users is a significant achievement. We've added novel metrics for the risk evaluation, such as attack reachability by internet or from previously infected systems as well as an impact analysis inside a network segments by counting critical systems as well as offline systems that are now reachable by attackers.

What we learned

We deepened our understanding of large-scale graph databases, LLM integration, and parallel processing for performance optimisation. Additionally, we gained valuable insights into balancing technical complexity with management communication.

What's next for RiskFlow

Next steps include automating report dissemination via email and instant messaging integrations, expanding and refining our risk and impact metrics. Custom software dependencies to identify vulnerabilities in libraries, advanced strategy of contacting people and escalating the recipients over time, and automatically downloading the latest CVEs are examples of possible future features. A final improvement would be incorporating predictive analytics to proactively identify potential vulnerabilities