Request a free trialOpen Menu
Security

Threat modeling at Lloyds Bank: Mitigating cybersecurity risks with graph analytics

April 25, 2025
4mins

Back to blog

Even routine cybersecurity tasks, like conducting incident analysis, require consolidating data from multiple sources to get a complete picture. For security teams, this complexity can create blind spots, making it difficult to respond to threats in real-time.

Financial institutions like Lloyds Bank face especially high stakes. Constantly evolving threats from sophisticated attackers risk outpacing traditional tools and siloed systems. For Lloyds, graph analytics has become key to overcoming this challenge as they have shifted towards connected, strategic threat modeling.

In a recent interview, Alexander Wallace, Threat Lab Technology Lead at Lloyds Bank, shared how graph technology evolved from a niche tool to a core part of their cybersecurity strategy.

Why graph analytics is ideal for threat modeling

Cybersecurity teams must understand how a change in one system affects others. That demands a data model built for connections. 

In cybersecurity attacks, attackers adapt quickly. When one technique is blocked, they shift to another, often following a chain of actions that are logically and behaviorally connected. Recognizing these complex patterns and propagation paths is critical to effective defense.

“A graph is uniquely suited to threat modeling because all of those different domains of cybersecurity are really inherently interlinked,” Wallace emphasizes. Without that visibility, organizations risk missing how vulnerabilities propagate through their systems.

“If you try and just complete a checklist, then, frankly, you're not going to be able to defeat the attackers,” says Wallace. It's the relationships between events, systems, and behaviors that reveal the bigger picture—and graph analytics delivers that bigger picture.

How Lloyds Bank applied graph analytics

Before adopting graph technology, Lloyds Bank relied on spreadsheets to manage their threat models. But as Wallace recalls, “We rapidly came to the realization that trying to manage that kind of data in anything other than a bespoke, proper database solution was going to be almost impossible.”

They also ran into duplication issues: key pieces of information repeated across different sheets. “It made sense that actually we should record things once and then just record the relationships multiple times.”

Graph technology allowed the team to centralize and contextualize data, laying the groundwork for better threat detection and incident response.

Connecting the cybersecurity stack with graph

At Lloyds, graph analytics integrates with the broader security ecosystem.

“In our organization, graph technology interacts with a variety of other solutions,” says Wallace. “We have everything from the Security Information and Event Management (SIEM), which is where security alerts happen, through to our Configuration Management Database (CMDB), our centralized database of all of the assets that the organization has.”

Graph-based analysis pulls data from these systems while pushing insights back, supporting the security operations center with contextual intelligence during investigations and response.

From siloed data to contextual decisions

Adopting graph analytics has helped Lloyds Bank move beyond data silos. With a connected security model, their team can:

  • Trace how changes in one system affect others
  • Eliminate data duplication
  • Provide contextual guidance to security operations
  • Visualize and investigate complex attack paths

The future of graph technology in cybersecurity

Looking ahead, Wallace is optimistic about the role graph technology will play in cybersecurity: “I think the future of graph and cybersecurity is bright. There's so much data coming in now more than there ever has been, and it's more connected than it ever has been.”

Tapping deeply into the interconnectedness of cybersecurity data has made the organization rethink their approach.

“There are analyses that you can perform using graphs that unlock huge capabilities within the cybersecurity sphere that we just didn't have access to before that technology,” Wallace notes.

Transforming cybersecurity with Linkurious Enterprise

Solutions like Linkurious Enterprise bring these capabilities to life. Through intuitive visualization and advanced graph analytics, the platform enables cybersecurity teams to explore complex data relationships, detect anomalies, and support faster investigations.

Security professionals can map potential attack paths, understand dependencies, and make better decisions earlier in the threat lifecycle.

For organizations like Lloyds Bank, this approach is already making a difference in how they detect and mitigate cybersecurity risks. Using the power of graph technology, they can better understand the connections between different parts of their security landscape and respond more effectively to potential threats.

Watch the full interview with Alexander Wallace to learn how Lloyds is transforming cybersecurity with graph technology.

Subscribe to our newsletter

A spotlight on graph technology directly in your inbox.

Fresh picks from our blog
20+ OSINT tools to enhance your investigations
Linkurious partners with Synapse AI to deliver AI driven graph solutions for enhanced investigations in Asia
Digital forensics investigations: Analyzing the data behind complex criminal schemes
Linkurious LogoAt Linkurious, we provide the next generation of data visualization and analytics solutions powered by graph technology. We help teams of analysts and investigators swiftly and accurately find insights otherwise hidden in complex connected data so they can make more informed decisions, faster.
Follow us
LinkedInYoutubeBlueSky
Top uses cases
Industry
Technology
Company
Learn
Community
Technology Partners
Discover
Connect
Linkurious SAS © 2013-2025. All rights reserved. Privacy Policy | Cookie policy | Terms of Service
TOP