Graphical Tools Help Security Experts Track Cyber-Attacks in Real Time

NEWS ANALYSIS: Cyber-sleuths use tools that appear to have come straight out of a science fiction movie in their quest to detect attacks in time to raise defensive shields.  

The image on the screen shows a cyber-attack in progress, but it doesn't look like the rows of reports that you usually expect to see as event data flows from intrusion prevention systems, next-generation firewalls and security reporting systems.

Instead, it looks like a fantastic image from something in the world of science fiction. Streams of data flow from the globe representing the Internet. Attack vectors are highlighted in red. You can watch the changes as the attacks progress.

To say that this technology represents a whole new way of looking at data is an understatement. Watching the big data visualizations from Japan's National Institute of Information and Communications Technology (NICT) and its Daedalus Cyber-attack alert system may look like something from a science fiction movie, but it's very real. Perhaps better, it represents one of the new ways researchers and cyber-security experts have found to show attacks in action.

As I had found when I attended a conference in Washington earlier in June, the world of cyber-security has changed. But how much it's changed became far clearer when I talked to some of the leading experts in the field. Perhaps what has changed the most is that new ways have emerged that allow the vast quantity of data to be monitored in real time. This means that you can see an attack as it's in the earliest stages—in time to take preventative action.

"We've managed in the past from rows and columns, then bar and pie charts," explained J.R. Reagan, Federal Chief Innovation Officer for Deloitte & Touche in Arlington, Va. But Reagan noted that this isn't very intuitive when it's happening at breakneck speed: "It's a post-digital problem."

Reagan said that due to the limitations in a person's ability to compare numbers and data in event logs, having other automated tools looking at an event as it happens means that the rapid understanding of the event is possible—especially in real time as things are actually happening.

"Maybe see the attack on a map, put it into more of a 3D spatial look, spider chart or 'bread crumbs' to see where it leads," Reagan suggested. An effective way to visualize such an attack, he said, is seeing random dots clustered around servers showing geography and even IP addresses, such as what's presented in Daedalus.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...