ManageIT

Introduction

We aimed to create a system that could make valuable insights into the vulnerability "CVE-1900-8033: Critical Remote Code Execution Vulnerability in Docker" and make thos information easily accessible for the management teams as well the it-team, through providing diagrams without the time-consuming burden of navigating a vast digital twin database. By providing a streamlined interface, we hoped to bridge the gap between data complexity and actionable intelligence.

What It Does

Our solution is a comprehensive dashboard that provides critical insights into the potential damages and the associated risks for various parts of the infrastructure from the vulnerability. The dashboard includes visualizations of risk levels, direct and indirect affected assets, which help users quickly identify areas of concern. Additionally, we developed a decision tree to guide the management and It-Team.

How We Built It

We built the solution using a combination of technologies. The core of our implementation revolved around the Neo4j graph database, which provided the foundation for storing and traversing the relationships between assets. We used Cypher queries to extract relevant information and created a cache layer at the backend level to optimize data retrieval times.

On the frontend, we developed our own custom dashboard using React, ensuring an intuitive user interface. For the backend, we used .NET.

Challenges We Ran Into

One of the biggest challenges we faced was understanding and navigating the complex relationships within the database. Graph databases, while powerful, require a different mindset compared to traditional relational databases, and figuring out how to traverse the data effectively was a learning curve.

Another significant challenge was the latency involved in fetching data from the digital twin database and rendering it on the frontend. To address this, we created a caching mechanism that allowed us to store frequently accessed information, reducing the response time and making the dashboard more responsive during real-time crisis situations.

Accomplishments That We're Proud Of

We are proud of our team's ability to step into the cybersecurity space despite having limited prior experience. None of us had deep expertise in cybersecurity, yet we managed to create a solution that not only met the requirements of the challenge but also provided a valuable tool for risk assessment and mitigation.

Moreover, our use of graph databases was a significant accomplishment. We learned to leverage the power of Neo4j to model complex relationships and use these insights to provide value to end users in an intuitive and actionable way.

What We Learned

This experience also taught us the importance of user-centric design, especially when the users are dealing with high-pressure situations. The ability to present data in a clear, accessible format can make all the difference when time is of the essence.

What's Next for ManageIT

Looking ahead, we plan to expand our solution to include the possibility for it-admins and other responsibles to login and view their affected assets with guidance on what to do. We also aim to make our solution more generalizable, allowing it to be integrated into different systems beyond the specific digital twin model we worked with.