Methods, systems, and computer-readable storage media for receiving data representative of two or more AAGs, providing an identifier for each element of each of the two or more AAGs, each identifier being unique within a respective AAG, at least one identifier being non-unique between the two or more AAGs, determining an attribute value for each element of each of the two or more AAGs, storing attribute value to element mappings in an attribute dictionary, providing a differenced AAG based on the attribute value to element mappings in the attribute dictionary, determining a set of remedial actions at least partially based on the differenced AAG, and executing one or more remedial actions in the set of remedial actions to reduce a cyber security risk to the enterprise network.