SlideShare uma empresa Scribd logo

Security Research2.0 - FIT 2008

Raffael Marty
Raffael Marty

Security Visualization Dichotomy and what's wrong with the field today. More on security visualization at http://secviz.org

TecnologiaEducação
1 de 51
Baixar para ler offline
Security Research 2.0 Raffael Marty, GCIA, CISSP Chief Security Strategist @ Splunk> FIT-IT Visual Computing, Austria - September ‘08
Agenda • Security Visualization Today - The SecViz Dichotomy - The Failure - The Way Forward • My Focus Areas • The Future 2
Agenda • Security Visualization Today - The SecViz Dichotomy - The Failure Goal: - The Way Forward Provoke thought and stir up more questions than offering • My Focus Areas answers. • The Future 2
• Chief Security Strategist @ Splunk> • Looked at logs/IT data for over 10 years - IBM Research - Conference boards / committees • Presenting around the world on SecViz • Passion for Visualization Applied Security Visualization - http://secviz.org Paperback: 552 pages Publisher: Addison Wesley (August, 2008) - http://afterglow.sourceforge.net ISBN: 0321510100
Raffael Marty • Chief Security Strategist @ Splunk> • Looked at logs/IT data for over 10 years - IBM Research - Conference boards / committees • Presenting around the world on SecViz • Passion for Visualization Applied Security Visualization - http://secviz.org Paperback: 552 pages Publisher: Addison Wesley (August, 2008) - http://afterglow.sourceforge.net ISBN: 0321510100
Security Visualization Today
The 1st Dichotomy 5
The 1st Dichotomy two domains Security & Visualization 5
The 1st Dichotomy Security Visualization 5
The 1st Dichotomy Security Visualization • security data • networking protocols • routing protocols (the Internet) • security impact • security policy • jargon • use-cases • are the end-users 5
The 1st Dichotomy Security Visualization • security data • types of data • networking protocols • perception • routing protocols (the Internet) • optics • security impact • color theory • security policy • depth cue theory • jargon • interaction theory • use-cases • types of graphs • are the end-users • human computer interaction 5
The Failure - New Graphs 6
The Right Thing - Reuse Graphs 7
The Failure - The Wrong Graph 8
The Right Thing - Adequate Graphs 9
The Right Thing - Adequate Graphs 9
The Failure - The Wrong Integration /usr/share/man/man5/launchd.plist.5 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> • Using proprietary data format <plist version="1.0"> <dict> <key>_name</key> • Provide parsers for various data formats <dict> <key>_isColumn</key> <string>YES</string> <key>_isOutlineColumn</key> • does not scale <string>YES</string> <key>_order</key> <string>0</string> </dict> • is probably buggy / incomplete <key>bsd_name</key> <dict> <key>_order</key> <string>62</string> • Use wrong data access paradigm </dict> <key>detachable_drive</key> <dict> • complex configuration <key>_order</key> <string>59</string> </dict> e.g., needs an SSH connection <key>device_manufacturer</key> <dict> <key>_order</key> <string>41</string> </dict> <key>device_model</key> <dict> <key>_order</key> <string>42</string> </dict> <key>device_revision</key> 10
The Right Thing - KISS /usr/share/man/man5/launchd.plist.5 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> • Keep It Simple Stupid <plist version="1.0"> <dict> <key>_name</key> <dict> • Use CSV input <key>_isColumn</key> <string>YES</string> <key>_isOutlineColumn</key> <string>YES</string> • Use files as input <key>_order</key> <string>0</string> </dict> <key>bsd_name</key> # Using node sizes: • Offload to other tools <dict> <key>_order</key> <string>62</string> size.source=1; </dict> • parsers <key>detachable_drive</key> <dict> size.target=200 <key>_order</key> <string>59</string> maxNodeSize=0.2 • data conversions </dict> <key>device_manufacturer</key> <dict> <key>_order</key> <string>41</string> </dict> <key>device_model</key> <dict> <key>_order</key> <string>42</string> </dict> <key>device_revision</key> 11
The Failure - So What? 12
The Right Thing - Help The User Along • Provide use-case aligned displays • Meaningful legends • Interactive exploration • UI design that guides the user through tasks • Do not overload displays 13
The Failure - Unnecessary Ink 14
The Right Thing - Apply Good Visualization Practices • Don't use graphics to decorate a few numbers • Reduce data ink ratio • Visualization principles 15
The 2nd Dichotomy 16
The 2nd Dichotomy two worlds Industry & Academia 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution • don’t think big 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution • don’t think big • no time/money for real research 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution • don’t think big • no time/money for real research • can’t scale 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution • don’t think big • no time/money for real research • can’t scale • work based off of a few customer’s input 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t think big • no time/money for real research • can’t scale • work based off of a few customer’s input 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • no time/money for real research • can’t scale • work based off of a few customer’s input 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • can’t scale • work based off of a few customer’s input 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • work on simulated data • can’t scale • work based off of a few customer’s input 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • work on simulated data • can’t scale • construct their own problems • work based off of a few customer’s input 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • work on simulated data • can’t scale • construct their own problems • work based off of a few • use overly complicated, impractical customer’s input solutions 16
The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • work on simulated data • can’t scale • construct their own problems • work based off of a few • use overly complicated, impractical customer’s input solutions • use graphs / visualization where it is not needed 16
The Way Forward Two disciplines • Building a secviz discipline • Bridging the gap Security Visualization • Learning the “other” discipline Two worlds • More academia / industry collaboration • Build components / widgets / gadgets • (Re-)use existing technologies • Focus on strengths SecViz • Focus on the visualization and interaction aspects 17
• Use-case oriented visualization • Perimeter Threat • Governance Risk Compliance (GRC) • Insider Threat • IT data visualization • SecViz.Org • DAVIX 18
My Focus Areas • Use-case oriented visualization • Perimeter Threat • Governance Risk Compliance (GRC) • Insider Threat • IT data visualization • SecViz.Org • DAVIX 18
Insider Threat Visualization • Huge amounts of data • More and other data sources than for the traditional security use-cases - Insiders often have legitimate access to machines and data. You need to log more than the exceptions - Insider crimes are often executed on the application layer • The questions are not known in advance! - Visualization provokes questions and helps find answers • Dynamic nature of fraud - Problem for static algorithms - Bandits quickly adapt to fixed threshold-based detection systems • Looking for any unusual patterns 19
20
20
SecViz - Security Visualization This is a place to share, discuss, challenge, and learn about security visualization.
V D X Data Analysis and Visualization Linux davix.secviz.org
• Addressing the secviz dichotomy • Better industry - academia collaboration • More and better visualization tools - Use-case driven product development • We need to solve the data semantics problem - Common Event Expression? - Entity extraction? 23
The Future • Addressing the secviz dichotomy • Better industry - academia collaboration • More and better visualization tools - Use-case driven product development • We need to solve the data semantics problem - Common Event Expression? - Entity extraction? 23
Vielen Dank! S E V raffael . marty @ secviz . org C I Z

Recomendados

IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008Raffael Marty
 
HTML5 - getting started
HTML5 - getting startedHTML5 - getting started
HTML5 - getting startedTed Drake
 
iOS Keychain 介紹
iOS Keychain 介紹iOS Keychain 介紹
iOS Keychain 介紹ShengWen Chiou
 
Caching techniques in python, europython2010
Caching techniques in python, europython2010Caching techniques in python, europython2010
Caching techniques in python, europython2010Michael Domanski
 
Potential Friend Finder
Potential Friend FinderPotential Friend Finder
Potential Friend FinderRichard Schneeman
 
Embedded d2w
Embedded d2wEmbedded d2w
Embedded d2wWO Community
 
Security Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 PredictionsSecurity Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 PredictionsRaffael Marty
 
Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Source Conference
 

Recomendados

IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008Raffael Marty
 
HTML5 - getting started
HTML5 - getting startedHTML5 - getting started
HTML5 - getting startedTed Drake
 
iOS Keychain 介紹
iOS Keychain 介紹iOS Keychain 介紹
iOS Keychain 介紹ShengWen Chiou
 
Caching techniques in python, europython2010
Caching techniques in python, europython2010Caching techniques in python, europython2010
Caching techniques in python, europython2010Michael Domanski
 
Potential Friend Finder
Potential Friend FinderPotential Friend Finder
Potential Friend FinderRichard Schneeman
 
Embedded d2w
Embedded d2wEmbedded d2w
Embedded d2wWO Community
 
Security Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 PredictionsSecurity Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 PredictionsRaffael Marty
 
Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Source Conference
 
Cyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightRaffael Marty
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityCambridge Intelligence
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
AfterGlow
AfterGlowAfterGlow
AfterGlowRaffael Marty
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
Security Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step BackSecurity Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step BackRaffael Marty
 
Cyber Security Visualization
Cyber Security VisualizationCyber Security Visualization
Cyber Security VisualizationDoug Cogswell
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityRaffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 
Cisco OpenSOC
Cisco OpenSOCCisco OpenSOC
Cisco OpenSOCJames Sirota
 
Designing a Secure Cocoa App
Designing a Secure Cocoa AppDesigning a Secure Cocoa App
Designing a Secure Cocoa AppGraham Lee
 
DataStax: Enabling Search in your Cassandra Application with DataStax Enterprise
DataStax: Enabling Search in your Cassandra Application with DataStax EnterpriseDataStax: Enabling Search in your Cassandra Application with DataStax Enterprise
DataStax: Enabling Search in your Cassandra Application with DataStax EnterpriseDataStax Academy
 
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax
 
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化Taro Matsuzawa
 
Internal training - Eda
Internal training - EdaInternal training - Eda
Internal training - EdaTony Vo
 
Secure pl-sql-coding
Secure pl-sql-codingSecure pl-sql-coding
Secure pl-sql-codingTrần Bình Hậu
 
Scaling MySQL Strategies for Developers
Scaling MySQL Strategies for DevelopersScaling MySQL Strategies for Developers
Scaling MySQL Strategies for DevelopersJonathan Levin
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidMatthew Johnson
 
Rails Tips and Best Practices
Rails Tips and Best PracticesRails Tips and Best Practices
Rails Tips and Best PracticesDavid Keener
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESDrupalCamp Kyiv
 

Mais conteúdo relacionado

Destaque

Cyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightRaffael Marty
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityCambridge Intelligence
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
Security Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step BackSecurity Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step BackRaffael Marty
 
Cyber Security Visualization
Cyber Security VisualizationCyber Security Visualization
Cyber Security VisualizationDoug Cogswell
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityRaffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 

Destaque (11)

Cyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock Insight
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber Security
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
AfterGlow
AfterGlowAfterGlow
AfterGlow
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
 
Security Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step BackSecurity Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step Back
 
Cyber Security Visualization
Cyber Security VisualizationCyber Security Visualization
Cyber Security Visualization
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Cisco OpenSOC
Cisco OpenSOCCisco OpenSOC
Cisco OpenSOC
 

Semelhante a Security Research2.0 - FIT 2008

Designing a Secure Cocoa App
Designing a Secure Cocoa AppDesigning a Secure Cocoa App
Designing a Secure Cocoa AppGraham Lee
 
DataStax: Enabling Search in your Cassandra Application with DataStax Enterprise
DataStax: Enabling Search in your Cassandra Application with DataStax EnterpriseDataStax: Enabling Search in your Cassandra Application with DataStax Enterprise
DataStax: Enabling Search in your Cassandra Application with DataStax EnterpriseDataStax Academy
 
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax
 
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化Taro Matsuzawa
 
Internal training - Eda
Internal training - EdaInternal training - Eda
Internal training - EdaTony Vo
 
Scaling MySQL Strategies for Developers
Scaling MySQL Strategies for DevelopersScaling MySQL Strategies for Developers
Scaling MySQL Strategies for DevelopersJonathan Levin
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidMatthew Johnson
 
Rails Tips and Best Practices
Rails Tips and Best PracticesRails Tips and Best Practices
Rails Tips and Best PracticesDavid Keener
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESDrupalCamp Kyiv
 
Drupal Security from Drupalcamp Bratislava
Drupal Security from Drupalcamp BratislavaDrupal Security from Drupalcamp Bratislava
Drupal Security from Drupalcamp BratislavaGábor Hojtsy
 
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...Rudy Jahchan
 
Cryptography and encryption and security network
Cryptography and encryption and security networkCryptography and encryption and security network
Cryptography and encryption and security networkNirajKumar620142
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itTim Plummer
 
Doing Drupal security right
Doing Drupal security rightDoing Drupal security right
Doing Drupal security rightGábor Hojtsy
 
Data DevOps: An Overview
Data DevOps: An OverviewData DevOps: An Overview
Data DevOps: An OverviewScott W. Ambler
 
Drupal security
Drupal securityDrupal security
Drupal securityJozef Toth
 

Semelhante a Security Research2.0 - FIT 2008 (20)

Designing a Secure Cocoa App
Designing a Secure Cocoa AppDesigning a Secure Cocoa App
Designing a Secure Cocoa App
 
DataStax: Enabling Search in your Cassandra Application with DataStax Enterprise
DataStax: Enabling Search in your Cassandra Application with DataStax EnterpriseDataStax: Enabling Search in your Cassandra Application with DataStax Enterprise
DataStax: Enabling Search in your Cassandra Application with DataStax Enterprise
 
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
 
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
 
Internal training - Eda
Internal training - EdaInternal training - Eda
Internal training - Eda
 
Secure pl-sql-coding
Secure pl-sql-codingSecure pl-sql-coding
Secure pl-sql-coding
 
Scaling MySQL Strategies for Developers
Scaling MySQL Strategies for DevelopersScaling MySQL Strategies for Developers
Scaling MySQL Strategies for Developers
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue Kid
 
Rails Tips and Best Practices
Rails Tips and Best PracticesRails Tips and Best Practices
Rails Tips and Best Practices
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
 
Drupal Security from Drupalcamp Bratislava
Drupal Security from Drupalcamp BratislavaDrupal Security from Drupalcamp Bratislava
Drupal Security from Drupalcamp Bratislava
 
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
 
Cryptography and encryption and security network
Cryptography and encryption and security networkCryptography and encryption and security network
Cryptography and encryption and security network
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
Rails Security
Rails SecurityRails Security
Rails Security
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
 
Doing Drupal security right
Doing Drupal security rightDoing Drupal security right
Doing Drupal security right
 
Data DevOps: An Overview
Data DevOps: An OverviewData DevOps: An Overview
Data DevOps: An Overview
 
Drupal security
Drupal securityDrupal security
Drupal security
 

Mais de Raffael Marty

Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at ScaleRaffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big DataRaffael Marty
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data VisualizationRaffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxRaffael Marty
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big DataRaffael Marty
 
Supercharging Visualization with Data Mining
Supercharging Visualization with Data MiningSupercharging Visualization with Data Mining
Supercharging Visualization with Data MiningRaffael Marty
 
Visual Analytics and Security Intelligence
Visual Analytics and Security IntelligenceVisual Analytics and Security Intelligence
Visual Analytics and Security IntelligenceRaffael Marty
 

Mais de Raffael Marty (20)

Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data Visualization
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
 
Supercharging Visualization with Data Mining
Supercharging Visualization with Data MiningSupercharging Visualization with Data Mining
Supercharging Visualization with Data Mining
 
Visual Analytics and Security Intelligence
Visual Analytics and Security IntelligenceVisual Analytics and Security Intelligence
Visual Analytics and Security Intelligence
 

Último

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Security Research2.0 - FIT 2008

  • 1.
  • 2. Security Research 2.0 Raffael Marty, GCIA, CISSP Chief Security Strategist @ Splunk> FIT-IT Visual Computing, Austria - September ‘08
  • 3. Agenda • Security Visualization Today - The SecViz Dichotomy - The Failure - The Way Forward • My Focus Areas • The Future 2
  • 4. Agenda • Security Visualization Today - The SecViz Dichotomy - The Failure Goal: - The Way Forward Provoke thought and stir up more questions than offering • My Focus Areas answers. • The Future 2
  • 5. • Chief Security Strategist @ Splunk> • Looked at logs/IT data for over 10 years - IBM Research - Conference boards / committees • Presenting around the world on SecViz • Passion for Visualization Applied Security Visualization - http://secviz.org Paperback: 552 pages Publisher: Addison Wesley (August, 2008) - http://afterglow.sourceforge.net ISBN: 0321510100
  • 6. Raffael Marty • Chief Security Strategist @ Splunk> • Looked at logs/IT data for over 10 years - IBM Research - Conference boards / committees • Presenting around the world on SecViz • Passion for Visualization Applied Security Visualization - http://secviz.org Paperback: 552 pages Publisher: Addison Wesley (August, 2008) - http://afterglow.sourceforge.net ISBN: 0321510100
  • 7.
  • 10. The 1st Dichotomy two domains Security & Visualization 5
  • 11. The 1st Dichotomy Security Visualization 5
  • 12. The 1st Dichotomy Security Visualization • security data • networking protocols • routing protocols (the Internet) • security impact • security policy • jargon • use-cases • are the end-users 5
  • 13. The 1st Dichotomy Security Visualization • security data • types of data • networking protocols • perception • routing protocols (the Internet) • optics • security impact • color theory • security policy • depth cue theory • jargon • interaction theory • use-cases • types of graphs • are the end-users • human computer interaction 5
  • 14. The Failure - New Graphs 6
  • 15. The Right Thing - Reuse Graphs 7
  • 16. The Failure - The Wrong Graph 8
  • 17. The Right Thing - Adequate Graphs 9
  • 18. The Right Thing - Adequate Graphs 9
  • 19. The Failure - The Wrong Integration /usr/share/man/man5/launchd.plist.5 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> • Using proprietary data format <plist version="1.0"> <dict> <key>_name</key> • Provide parsers for various data formats <dict> <key>_isColumn</key> <string>YES</string> <key>_isOutlineColumn</key> • does not scale <string>YES</string> <key>_order</key> <string>0</string> </dict> • is probably buggy / incomplete <key>bsd_name</key> <dict> <key>_order</key> <string>62</string> • Use wrong data access paradigm </dict> <key>detachable_drive</key> <dict> • complex configuration <key>_order</key> <string>59</string> </dict> e.g., needs an SSH connection <key>device_manufacturer</key> <dict> <key>_order</key> <string>41</string> </dict> <key>device_model</key> <dict> <key>_order</key> <string>42</string> </dict> <key>device_revision</key> 10
  • 20. The Right Thing - KISS /usr/share/man/man5/launchd.plist.5 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> • Keep It Simple Stupid <plist version="1.0"> <dict> <key>_name</key> <dict> • Use CSV input <key>_isColumn</key> <string>YES</string> <key>_isOutlineColumn</key> <string>YES</string> • Use files as input <key>_order</key> <string>0</string> </dict> <key>bsd_name</key> # Using node sizes: • Offload to other tools <dict> <key>_order</key> <string>62</string> size.source=1; </dict> • parsers <key>detachable_drive</key> <dict> size.target=200 <key>_order</key> <string>59</string> maxNodeSize=0.2 • data conversions </dict> <key>device_manufacturer</key> <dict> <key>_order</key> <string>41</string> </dict> <key>device_model</key> <dict> <key>_order</key> <string>42</string> </dict> <key>device_revision</key> 11
  • 21. The Failure - So What? 12
  • 22. The Right Thing - Help The User Along • Provide use-case aligned displays • Meaningful legends • Interactive exploration • UI design that guides the user through tasks • Do not overload displays 13
  • 23. The Failure - Unnecessary Ink 14
  • 24. The Right Thing - Apply Good Visualization Practices • Don't use graphics to decorate a few numbers • Reduce data ink ratio • Visualization principles 15
  • 26. The 2nd Dichotomy two worlds Industry & Academia 16
  • 27. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia 16
  • 28. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact 16
  • 29. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution 16
  • 30. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution • don’t think big 16
  • 31. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution • don’t think big • no time/money for real research 16
  • 32. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution • don’t think big • no time/money for real research • can’t scale 16
  • 33. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • get the 70% solution • don’t think big • no time/money for real research • can’t scale • work based off of a few customer’s input 16
  • 34. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t think big • no time/money for real research • can’t scale • work based off of a few customer’s input 16
  • 35. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • no time/money for real research • can’t scale • work based off of a few customer’s input 16
  • 36. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • can’t scale • work based off of a few customer’s input 16
  • 37. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • work on simulated data • can’t scale • work based off of a few customer’s input 16
  • 38. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • work on simulated data • can’t scale • construct their own problems • work based off of a few customer’s input 16
  • 39. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • work on simulated data • can’t scale • construct their own problems • work based off of a few • use overly complicated, impractical customer’s input solutions 16
  • 40. The 2nd Dichotomy Some comments are based on paper reviews from RAID 2007/08, VizSec 2007/08 Industry Academia • don’t understand the real impact • don’t know what’s been done in industry • get the 70% solution • don’t understand the use-cases • don’t think big • don’t understand the environments / data / domain • no time/money for real research • work on simulated data • can’t scale • construct their own problems • work based off of a few • use overly complicated, impractical customer’s input solutions • use graphs / visualization where it is not needed 16
  • 41. The Way Forward Two disciplines • Building a secviz discipline • Bridging the gap Security Visualization • Learning the “other” discipline Two worlds • More academia / industry collaboration • Build components / widgets / gadgets • (Re-)use existing technologies • Focus on strengths SecViz • Focus on the visualization and interaction aspects 17
  • 42. • Use-case oriented visualization • Perimeter Threat • Governance Risk Compliance (GRC) • Insider Threat • IT data visualization • SecViz.Org • DAVIX 18
  • 43. My Focus Areas • Use-case oriented visualization • Perimeter Threat • Governance Risk Compliance (GRC) • Insider Threat • IT data visualization • SecViz.Org • DAVIX 18
  • 44. Insider Threat Visualization • Huge amounts of data • More and other data sources than for the traditional security use-cases - Insiders often have legitimate access to machines and data. You need to log more than the exceptions - Insider crimes are often executed on the application layer • The questions are not known in advance! - Visualization provokes questions and helps find answers • Dynamic nature of fraud - Problem for static algorithms - Bandits quickly adapt to fixed threshold-based detection systems • Looking for any unusual patterns 19
  • 45. 20
  • 46. 20
  • 47. SecViz - Security Visualization This is a place to share, discuss, challenge, and learn about security visualization.
  • 48. V D X Data Analysis and Visualization Linux davix.secviz.org
  • 49. • Addressing the secviz dichotomy • Better industry - academia collaboration • More and better visualization tools - Use-case driven product development • We need to solve the data semantics problem - Common Event Expression? - Entity extraction? 23
  • 50. The Future • Addressing the secviz dichotomy • Better industry - academia collaboration • More and better visualization tools - Use-case driven product development • We need to solve the data semantics problem - Common Event Expression? - Entity extraction? 23
  • 51. Vielen Dank! S E V raffael . marty @ secviz . org C I Z