Threat modeling at Lloyds Bank: Mitigating cybersecurity risks with graph analytics
Even routine cybersecurity tasks, like conducting incident analysis, require consolidating data from multiple sources to get a complete picture. For security teams, this complexity can create blind spots, making it difficult to respond to threats in real-time.
Financial institutions like Lloyds Bank face especially high stakes. Constantly evolving threats from sophisticated attackers risk outpacing traditional tools and siloed systems. For Lloyds, graph analytics has become key to overcoming this challenge as they have shifted towards connected, strategic threat modeling.
In a recent interview, Alexander Wallace, Threat Lab Technology Lead at Lloyds Bank, shared how graph technology evolved from a niche tool to a core part of their cybersecurity strategy.
Cybersecurity teams must understand how a change in one system affects others. That demands a data model built for connections.
In cybersecurity attacks, attackers adapt quickly. When one technique is blocked, they shift to another, often following a chain of actions that are logically and behaviorally connected. Recognizing these complex patterns and propagation paths is critical to effective defense.
“A graph is uniquely suited to threat modeling because all of those different domains of cybersecurity are really inherently interlinked,” Wallace emphasizes. Without that visibility, organizations risk missing how vulnerabilities propagate through their systems.
“If you try and just complete a checklist, then, frankly, you're not going to be able to defeat the attackers,” says Wallace. It's the relationships between events, systems, and behaviors that reveal the bigger picture—and graph analytics delivers that bigger picture.
Before adopting graph technology, Lloyds Bank relied on spreadsheets to manage their threat models. But as Wallace recalls, “We rapidly came to the realization that trying to manage that kind of data in anything other than a bespoke, proper database solution was going to be almost impossible.”
They also ran into duplication issues: key pieces of information repeated across different sheets. “It made sense that actually we should record things once and then just record the relationships multiple times.”
Graph technology allowed the team to centralize and contextualize data, laying the groundwork for better threat detection and incident response.
At Lloyds, graph analytics integrates with the broader security ecosystem.
“In our organization, graph technology interacts with a variety of other solutions,” says Wallace. “We have everything from the Security Information and Event Management (SIEM), which is where security alerts happen, through to our Configuration Management Database (CMDB), our centralized database of all of the assets that the organization has.”
Graph-based analysis pulls data from these systems while pushing insights back, supporting the security operations center with contextual intelligence during investigations and response.
Adopting graph analytics has helped Lloyds Bank move beyond data silos. With a connected security model, their team can:
- Trace how changes in one system affect others
- Eliminate data duplication
- Provide contextual guidance to security operations
- Visualize and investigate complex attack paths
Looking ahead, Wallace is optimistic about the role graph technology will play in cybersecurity: “I think the future of graph and cybersecurity is bright. There's so much data coming in now more than there ever has been, and it's more connected than it ever has been.”
Tapping deeply into the interconnectedness of cybersecurity data has made the organization rethink their approach.
“There are analyses that you can perform using graphs that unlock huge capabilities within the cybersecurity sphere that we just didn't have access to before that technology,” Wallace notes.
Solutions like Linkurious Enterprise bring these capabilities to life. Through intuitive visualization and advanced graph analytics, the platform enables cybersecurity teams to explore complex data relationships, detect anomalies, and support faster investigations.
Security professionals can map potential attack paths, understand dependencies, and make better decisions earlier in the threat lifecycle.
For organizations like Lloyds Bank, this approach is already making a difference in how they detect and mitigate cybersecurity risks. Using the power of graph technology, they can better understand the connections between different parts of their security landscape and respond more effectively to potential threats.
Watch the full interview with Alexander Wallace to learn how Lloyds is transforming cybersecurity with graph technology.
A spotlight on graph technology directly in your inbox.