Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


How to Improve IT Cyber-Security with Visual Analytics



 By: Justin Wolf
2009-07-02
Article Rating:starstarstarstarstar / 4


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Few disciplines require the comprehension of as much information in so little time as computer security. With billions of data records piling up daily for large organizations, no technique holds as much promise as using computer-generated images to tell the story of what's in the dataa process known as visual analytics. Here, Knowledge Center contributor Justin Wolf explains how to use visual analytics to improve IT cyber-security.

Data visualization has been around for decades, but modern desktop computers finally possess the power to turn raw data into interactive displays for analysis, enabling computer security analysts to use visual analytics techniques to solve daily problems.

Although many other tools exist to assist organizations with computer securityfrom intrusion detection and prevention systems to firewalls and anti-virus applicationsnone of these solve the data overload problem as effectively as visual analytic software. This is because the problem central to data analysis is an effective reduction of false positives and superfluous data, while preserving important information (sometimes called "improving the signal-to-noise ratio").

Visual analytics allows analysts to interactively apply a wide variety of tools to make important data pop out of the abyss and become instantly understandable. In essence, visual analytics reduces the time taken to convert information to knowledge by an order of magnitude or better. This is possible for a variety of reasons:

Reason No. 1: Visual analytics allows computer security professionals to rethink how to recognize risks and protect against cyber threats. In turn, this allows for more effective attack prevention and faster isolation and mitigation of attacks that do occur.

Resource Library:

Reason No. 2: Visual analytics enables key aspects of the digital forensic process, including data collection, discovery, investigation, examination, analysis and reporting. Visual analytics enables sense-making in cyber security and computer forensics in the following three unique ways:

First, computer network intrusion detection system (NIDS) log file data can be loaded and suspicious connections between machines examined. This data can be combined with other log data to develop a more complete understanding of security breach events.

Second, e-mails can be forensically examined to model communications patterns and to summarize e-mail content. And third, directory structures can be displayed and filtered on file modification times to see what activity occurred on what dates. Multiple file systems can be quickly compared to discover identical files that may have been transferred from one machine to another.

Reason No. 3: Visual analytics offers capabilities for information discovery, processing and visualizationtactics which apply across many applications for computer security and forensics, including:

1. Analyzing a computer system after an intrusion to determine how the attacker gained access and what the attacker did.

2. Analyzing the information on seized hardware, especially within the intelligence, military and law enforcement communities.

3. Using computer forensic techniques to analyze the computer systems belonging to defendants in legal cases.

Incorporating visual analytics into an organization's best practices allows computer security professionals to quickly identify threats to their own organizations. By doing so earlier and more comprehensively than their competitors, this leads to significant competitive advantage in the face of increasing threats and daily attacks. As companies rely ever more heavily on computers and digital information, the rapid response enabled through visual analytics becomes even more appealing.

These reasons explain why the United States government has aggressively funded visual analytics programs for national defense, with a heavy emphasis on computer security. The National Visualization and Analytics Center (NVAC) is one such example of this. Traditionally funded through grants from the Department of Homeland Security, this effort has gained significant traction in academic and now commercial circles. Many of the products developed through this and other federal efforts are now reaching the general public, making a huge impact on the ability of companies to discover knowledge from visually analyzing myriad types and vast quantities of data.

Clearly, visual analytics has plenty to offer computer security professionals and the organizations for which they work. Applying visual analytic tools to the computer security domain is usually straightforward and, since working with interactive graphics is engaging, learning the techniques and tactics for visually analyzing computer security data is relatively simple (compared with the other skills these professionals have already developed and cultivated).

As the field continues to mature, we should see huge advances in productivity, reductions in response times, and recognition of organizations embracing this new technology when confronted with increasingly sophisticated malicious threats.

Justin Wolf is Product Manager, Government Solutions for Future Point Systems. Justin has over 20 years of experience in software and network engineering, as both an engineer and manager at companies such as Sega, Sony and Cisco Systems. Justin has a B.S. in Computer Systems and a M.S. in Engineering Management. He can be reached at jjwolf@futurepointsystems.com.





  Reader Comments: How to Improve IT Cyber Security with Visual Analytics
>>> Post your comment now!
Resources for Security Visualization
Interested in more information and a place to discuss, share, and explore security visualization? Check out <a...
Posted At: 07-02-09
By: Anonymous
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Justin Wolf
 


x}r8qվFsvg"u#dK,ؓԩG1EjHʗ왗?[%3nBZ%/-Dh Fvv(I c-Jv1[yD;;?׆P|gQrfq 2 ѩey3MHfw2v-Sۧn> \?g#V;Y|%x_'Щѩ:€dBįwtL҂_d!gBBׄͽ>HbPrN8Cd jI,th mr'QFp'F:t,c>;|p tvur\RJ63Ҧ\SْG]ss\jS/b@RhFbIp't2Xp~?J16|5aO,Ӄqt0N؎MYnݰ뺗ؾxju涱Of..8b#*M ͻy {_2o:v0,2q騖˲fd gML&kS_֭U)j%;ȗ jP=ߋ*www;6;2̙eugF?|JrN}z!> -;p[^ԼZ贏.qwZggaa'H|Aw" DT.恈JLDAa|Ola= { PT㍒~wjFZ՜zsH.=N-bG``%pbQ\:7gSKߺlZ::=l|bPeUz(!1"ؕ3Bz5uKy{#Kl]Z=$O%t:+?ۦ(N[_o#?o!~j[zdP[w8LsJX{$ݣPYd$Yr$;gٞBdu!8糎;=R(Y72i4(> L9X@.@ש!04۫iVV5~X[P#E/PeJr7py@e $zY^5'dayE֕iS]fp.}ױV$y:^q_FnZ`3榣Z.U#h"Yb~ 8ʍ/;1m!S[ö@ 3& :斟ռ?x`贆;mJݟOaΧf۱9z4DAC62^lzK5}b>'ݰä p6Z׃`jc˦MB9;ǽerkmM^ٚ]ӡ44EWPo/TRԝ{Ȣ&5S65uP^!͙]gʠF'(_u˙I]-KC8'*^r_ON/n^ß#>` .z:H(Lq0ѿ{&;2k 5Ղ;[䞅Ҟ+Oi&#@3nť`L)mtѹ+>q^ui'~R4IE֊&XM^u 9bqO]֥P= `yC X{+ ˾xem8Hq+-%X`9H]`}ίe6Kh/0W0Td6 {8`O͑I Ľv/[Q"nx#7~՜Z>PjR(y< pX"@7wr_ i&a+̢Qy1:G ЃX`=r=|/|f:s?RlC48EHhR+mneQ*E]*X[ 3D{2.P +݇Cұ3SEe︵J &}6Gt4_Z#V!0k?xD30`Lzji=$!fWhf'q2,syEpl"zd\s˰2X.rFe9wA5n\? 1CL)i}gl!u׳ӐPVJ@B^N5˗r `kAܣnۨB%w.Bāh<.[P7'3$!UT6m|.WQքc'M=XtyiYWNϐ0Ҁ 0 ~"=l%LzE`t>**2eDX07@@S ∛.ZE^v~V%b5XQH =]{e|h3ʫ<2y '{LR)WJ9B8:Ԓ\.* :;#UFQPx3 h/OPkԁdӨ5?ǟrfoܮ[C.~g^l^Oav"O`ȒG;|VJ's.UBұ)<:`r%*-Ï OGA.C{MtAjߙ,@ ܠI 0TgsiUdw _\l ޯDh}I$`@"sjZEv*d56 0nG]H+zu揘0k-dpMɕ¾_Xv_cW{%h"RkF&FdH}tΈ#6RPj7 8};N`[y ysV9y^%fR+f1nMo*=8Z5A÷Yhϲgf'ت+_L B55)Ubq4q#̨y .Ɠ!skg O=̦w @MfL{]M;k' y*>`2({ ae\LH4@Z{*͐YQa'.S+%,< <7{dӂU8^U&.R.<9  q係rOn_vr >Jj$3RAU U`r\eGa#1 ƈO ʽR#KYdAGɷofC=؆ +^W/o)ɡ$ |֊ D<{11/-1Ήݽ]Z=MПBP`n&s,I@ Dw%]ϝ>ɫl{ޗ٧}Kf}R< *prxޔڝI[ q ߲gUH3 J@cdqQߵ!^Ji{{h6'%F<;k kT9ݎi\ŗ~uϺ9kx#xdGMq>9gO:aո ?>m6<&L°6M<GT5C҃a& :euɉcª9q*D|=x_Ug@ܠ J~8mHsgMw|uk`!fBxO\ r@R`OH5['#YSxZ{Qfp=6"BtX 1uJ _҂DrE$#=.#WYYuԽlpKl}AFNd^s+e{-[7S+d$#=]Я8JIdakf+ftI1?;)}AOg-9˙~@i!^R 7{KA\,6սj]^i)%0 \(<?m[=PRr-tݏmOآ ]kցS9X)yCϔ e5aye% fk*C@$_< Iv(+bdAzǦ5>۴< /.iwNn+GX:[ VHqo5E HY)o8-y }@J^K@-sI^c'`|xR=Na04O3)WiVf tӨJZtwjGڶ%#'8;NlG9ʼS3aZu+KׅNoՓW1kyR̵jПjd @Fb/[0dƛ'q=+]w5oo=ȥ ݕq=W,z] {~2]٣Goqww~=Ң(r]ZD ܎pw5jqRT,z^^RdDqDŷ{twoD: wc4WpL Z;x6d4Yo AAXY w!h7g#91<#P`G ܍1J "iCDHޚ2E3 _5d6 J0\kf>m`! \K598T+9. (9ʻb۰,rjc_:S ML0d]qM #x4ͱ TҘRԵ vM#&@̳̳|QS j ot%+|pX3!&<ޝ,xOe +L֟REpfZѨ s?]+9#iOa.uIAu|<'fa":X}4W]7+ӝ4kG0z4HoT QvH`\9IXޝ&11w-Q(e8=؉93X2Kf QIe".ÃY'zo>SDG|+d(N۱, fL*wlY㎔rt,f>/HZiЕ$,ʰYdRYm!2ҚPiq휂p㔿 kc"P?aDU=zgaP?ZqYl# _p+&+}=)%X(G"ˇ/Yovaz?' <%;ǁ 6=E/WJo,U*brBp'gKcoi•.RNHapTɦ}88!GSzxY0 ]*AP6K'£C<ϰɚE]`agg8Jo/ME4q\s!9؄y=ׅFT"p; _bsO 9\jgAE]ͮr9҉,y#?\b@1AY'L.L,+[f+$,]tLgsJ#Rh#K`WJBQ)Ԃ,D ~yB8$m R28K啕TP~7{ouǻ7/)Ə٥ZăXb{L,ŅӚzqa pC'^ۗH Šbn!Mp,KXBO'aZI"v_ZL&:—@/_kw`$5W,7x&o^뛾oJX"@j[j93\ aN O\Ͳ`t1&R_6n؎{>Iǎ !)5*)$oP B% *P B%7AnAOBJ)@M R)ȄґtezRPL!%(J 5H~#&a0IA"h7G}:O ʦDXz:GSnȜ9C/j ȡ1synιARTRd^"#U p)_Y)LwۯEy/Z{t_}M}[~)1)B>s&AK[ˤ3_rKRJgЄD7h/cO/%XZ3yX ێ#jA->D{c1+Q_N'K'1 {K{r3&( a3LG6K7sgQcLկ_q/V0R3ȉ,!Z$2kC\*u4J=gJ&/ag.%K<4H"T2(FRo0ԍX g8YmEI^u|_?~H1a}>IPۑ#@`_ݐ _Q#]9㥎is3Sm*1bXZ-m"VpLT/vF|O@Simy!yɻ\=00Iš#&|?LÓ[}^$/[Wֵū攜tHAʒ0 尉A\/ZDp,ӛHjP&o`@C~H[y z 4_ʆX~IW= f1C҉f^]H*1HTJߐ(>2zzy~_~_~_~__VRő|8cRx9/rlzLv/): aI{,Ӡ) #(D@IV^+m@Zl6o3Q7 :!wa~R(C *.8%;wXB˼ xq2p.A{ Eq?^[a3S&wo5L(_FƯTeOW8#H9=q =8IP'1FߊFbH_yޞ35oK=JMP}X,OMG1F(SK7 `0+-J×ZR|m7kx!EVɵ§Xgpe"AuՙͪǣaEo>v7e}^ߩ*}U^oAB\\՛o.9߾ZQ87I{/D}Ϩv2uAҵf'P_DyϟIw+܏&I&A*ᒹoF4¢g ډ KO"!-G;@;_B۬C>XT|>{>ΐ[v5F6oh{ۦ f ?侶o +fb[G˹~/s'fIx!kNkbB/$;1̜$=nZAͼ=V4` n:ư>#/ 3բw6WjzmY֥S疮|V7jzcgvD dsID5VfHHG(&sv 8eY[Ƴ$AIb H? z3ͅ;]ݽ]LE\[:&Eu~ yK}~ OT[߷(,nb1E+lZgj P4I.&`C٩I!^iT1Ոxwo$ת{=L79ƵVx(sx7`Yi{x{"$pz->6_(\ E^1 06$o,SvͦJ*bi" :&M_1xY֘ .Ipa \puܒ:i}v,tH ëHW1!Nl4bżOM>W*)jm"0! ,hu .^Pd+j[޲࠱C sIee joE҂#֗! Yzw)KKZ!"^ 1 `Ȁ|ױs=4gu;ka^ CicZc1`IGN5q S{ ,cc;'6g|ױ'@vỢl2k*]a?q%}"!{! 1Áo8g t$rMb(G2F?\r\Z#)'0Xu6^れF ЄGCOscM[fh@F2\7χ9)9b1$am4btV3={{뷈HKG ?.Q X G5bAwYKi6%_˓?J&zgQt]\P"@H>S|??­!)ы os# m-ܘR6s<``._֛77tv&YFCj`.1jfd o9Xʹܞ|85\oT?DŽ0Ls@q/”0T*$&Ѕ8h,.@"!*8͉X^nz>VSu/{xotZNSʩvoQ{̥,9Kxl^/>M`(f?< vLW6üzo(6翞FytlEom8Gxu EgsF#EEu_oH'^G\˔9jzmn8~(BZg>鞷2bŻ3 dzP!3N)Pj# ݔr~ryplAQr18?'|L\nffJ9?ϴSʡez)埠Sr?KڮI2vRtRӁwRg賓Bȣ)?S(?M);=坔r=9OsB)ȟ.ȗn|H R2~z0^{0^@$B_WP~VJ*P~V{BuJ@)ug \8=b3z)@^/?8 )򬔃zvB%X^๔2ௗ%ߧdnld~n_uu%5L+p-/R}Wc|:,yf>)Indb^ ydcB bye?= }tȄq>p+qLw-x.)ܲ}:aO+XE 4&@dk\B0ۜ j} %K`]#=D_zJ['";Vxd{|.v8)nI3%>=pp+1o Ok|~!Ý(.\Ȭk_lNA6K搟/CAd6fT?pq}o^l<-u&l\af(-rAj]> \hWO{r3n~mz'wk`.gI=Z}_,vDS !PioH ݤpKg'!4%D ̑+z<}K `Aeg8c5c[&Hf6J2VJb9ˎ7rHi=""CRvJNU8`rX er(x-<3 .=M- e 5ˡ{!\PlV1wаG-}?"z%.xmD*+KV7t0PE57v ;Iگ D`9Xc8BR P}gy`{8z10h)70=oN̒Uocƥ 6V{[1gDy`p䣷 ųQ8Sc}#;fT9b0ipc`X]~íd <@T6? 9kC Y5|=~/CI!zF72BiЈ83O=-W c$A|݆oO (fłtYmsgvnk:vԹKً_,b2G#S<ɚ"[S2Q)jkI/?jw=D۱Wx<{K9j((& ]aֳFJ{eqϥT$L&MLJ}|7(69J+ o<'l5r>1n9iaSYD:>Am{Ǧ<˖FА8ڶ2OA=p ӫƥd2֭0k# Ɔ[Vձ]w O 7g}޴mz1$(+nNvGX g7>4'كt4p}ρ XsCQF5fk0>d5o6(NbeRb0yMv:?[ |[ `,֦RC*Fܧ3й?-}b-e[^,c 0,:09GYu.nD}qxdb쇎ԌaB;:Ej Z<)ӘH pZsZ?a> "@L^ cyx &O*IDy{S/|ћ]< W ƕyX6^,zOgxy f'