Executing enterprise process abstraction using process aware analytical attack graphs

What is claimed is: 1. A computer-implemented method for enterprise network security using an aggregation graph based on an analytical attack graph (AAG) representative of potential lateral movement within an enterprise network, the method being executed by one or more processors and comprising: receiving a process aware AAG from computer-readable memory, the process aware AAG having been generated from the AAG; processing the process aware AAG to consolidate asset nodes to group nodes at least partially by providing metadata describing an asset node to a set of properties of a group node and pruning the asset node and any child nodes of the asset node from the process aware AAG; providing the aggregation graph by: identifying relationships between group nodes, wherein a relationship between group nodes comprises one of a has joint assets relationship and a has lateral movement relationship, wherein the has lateral movement relationship indicates that execution of a first process represented by a first group enables lateral movement within the enterprise network to at least one asset correlated with a second group that represents a second process, for each relationship, inserting an edge between group nodes, and aggregating one or more of a set of node properties and a set of edge properties for each group node or edge, respectively; storing the aggregation graph to computer-readable memory; and executing one or more remedial actions in the enterprise network in response to analytics executed on the aggregation graph. 2. The computer-implemented method of claim 1 , wherein the has joint assets relationship indicates that two groups are each correlated with an asset. 3. The computer-implemented method of claim 1 , wherein aggregating comprises one or more of sum, maximum, minimum, and average. 4. The computer-implemented method of claim 1 , wherein processing the process aware AAG to consolidate asset nodes to group nodes comprises, for each group node generating a list of assets comprising assets correlated to a respective group node within the process aware AAG. 5. The computer-implemented method of claim 1 , wherein at least one remedial action comprises executing network segmentation to dissociate an asset from at least one process executed within the enterprise network. 6. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for enterprise network security using an aggregation graph based on an analytical attack graph (AAG) representative of potential lateral movement within an enterprise network, the operations comprising: receiving a process aware AAG from computer-readable memory, the process aware AAG having been generated from the AAG; processing the process aware AAG to consolidate asset nodes to group nodes at least partially by providing metadata describing an asset node to a set of properties of a group node and pruning the asset node and any child nodes of the asset node from the process aware AAG; providing the aggregation graph by: identifying relationships between group nodes, wherein a relationship between group nodes comprises one of a has joint assets relationship and a has lateral movement relationship, wherein the has lateral movement relationship indicates that execution of a first process represented by a first group enables lateral movement within the enterprise network to at least one asset correlated with a second group that represents a second process, for each relationship, inserting an edge between group nodes, and aggregating one or more of a set of node properties and a set of edge properties for each group node or edge, respectively; storing the aggregation graph to computer-readable memory; and executing one or more remedial actions in the enterprise network in response to analytics executed on the aggregation graph. 7. The non-transitory computer-readable storage medium of claim 6 , wherein the has joint assets relationship indicates that two groups are each correlated with an asset. 8. The non-transitory computer-readable storage medium of claim 6 , wherein aggregating comprises one or more of sum, maximum, minimum, and average. 9. The non-transitory computer-readable storage medium of claim 6 , wherein processing the process aware AAG to consolidate asset nodes to group nodes comprises, for each group node generating a list of assets comprising assets correlated to a respective group node within the process aware AAG. 10. The non-transitory computer-readable storage medium of claim 6 , wherein at least one remedial action comprises executing network segmentation to dissociate an asset from at least one process executed within the enterprise network. 11. A system, comprising: a computing device; and a computer-readable storage device coupled to the computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations for enterprise network security using an aggregation graph based on an analytical attack graph (AAG) representative of potential lateral movement within an enterprise network, the operations comprising: receiving a process aware AAG from computer-readable memory, the process aware AAG having been generated from the AAG; processing the process aware AAG to consolidate asset nodes to group nodes at least partially by providing metadata describing an asset node to a set of properties of a group node and pruning the asset node and any child nodes of the asset node from the process aware AAG; providing the aggregation graph by: identifying relationships between group nodes, wherein a relationship between group nodes comprises one of a has joint assets relationship and a has lateral movement relationship, wherein the has lateral movement relationship indicates that execution of a first process represented by a first group enables lateral movement within the enterprise network to at least one asset correlated with a second group that represents a second process, for each relationship, inserting an edge between group nodes, and aggregating one or more of a set of node properties and a set of edge properties for each group node or edge, respectively; storing the aggregation graph to computer-readable memory; and executing one or more remedial actions in the enterprise network in response to analytics executed on the aggregation graph. 12. The system of claim 11 , wherein the has joint assets relationship indicates that two groups are each correlated with an asset. 13. The system of claim 11 , wherein aggregating comprises one or more of sum, maximum, minimum, and average. 14. The system of claim 11 , wherein processing the process aware AAG to consolidate asset nodes to group nodes comprises, for each group node generating a list of assets comprising assets correlated to a respective group node within the process aware AAG.