SlideShare ist ein Scribd-Unternehmen logo

Security - Situational awareness

Raffael Marty
Raffael Marty

This presentation gives a very short introduction to security situational awareness. It shows what the state of the art in security visualization is and where there are challenges to be solved. The presentation also features a visualization maturity scale that is published here for the first time. This presentation was given

TechnologieBildung
1 von 27
Downloaden Sie, um offline zu lesen
Situational Awareness raffael marty - pixlcloud december 2011
Is this useful for Situational Awareness? pixlcloud | creating big data stories copyright (c) 2011
Overview Network Security Sit Awareness Today Where we should be Challenges Resources pixlcloud | creating big data stories copyright © 2011
Raffael Marty • SaaS business expert pixlcloud • Data visualization practitioner • Security data analyst IBM Research Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 pixlcloud | creating big data stories copyright (c) 2011
Cyber Security Network Security Information Security Data Collection Authentication Authorization Forensics / IR Accounting Reporting Neglected!!! BCM / DR Alerting OS Security Situational Awareness Policies and Procedures ... Reactive Pro-Active pixlcloud | creating big data stories copyright (c) 2011
Situational Awareness “Situational Awareness is the ability to identify, process, and comprehend the critical elements of information about what is happening to the team with regards to the mission. More simply, it’s knowing what is going on around you.” ‣ find air force viz images IWViz - IDS Situational Awareness pixlcloud | creating big data stories copyright © 2011
Sit Awareness Is Visualization ‣ Visualization - because machine centered approaches have failed ‣ Leverage human cognitive capabilities ‣Pattern recognition ‣Pre-attentive processing ‣Context memory pixlcloud | creating big data stories copyright © 2011
Today pixlcloud | creating big data stories copyright (c) 2011
Data Sources for Sit Awareness 1.1.1.1 10.0.0.2 ‣Flow records 9.4.242.10 ‣ Firewalls 1.1.1.1 10.0.0.2 9.4.242.10 ‣ IDS/IPSs 1.1.1.1 10.0.0.2 9.4.242.10 ‣ What about: PCAP, DNS, BGP, OS, Proxies, User behavior ?? ‣ Context information - Hosts, Users, ... pixlcloud | creating big data stories copyright © 2011
Todays Visualization Tools ‣ Based on specific data source ‣ Hard to use ‣ Limited interactivity ‣ Not real-time ‣ Slow ‣ Ugly ‣ Gephi ‣ PicViz ‣ R ‣ Treemap 4.1 ‣ Matlab ‣ Google Earth ‣ Mondrian pixlcloud | creating big data stories copyright © 2011
Take the Blinders Off! pixlcloud | creating big data stories copyright © 2011
Visualization Maturity ‣ Data Collection Contextual Data iterations ‣ Data Analysis Data Sources (Data Store) Structured Data Visual Representation ‣ Context Integration parsing visualization feature selection ‣ Visualization files database filtering aggregation cleansing ‣ Visual Analytics ‣ Collaboration ‣ Dissemination pixlcloud | creating big data stories copyright © 2011
Security Visualization Dichotomy Security Visualization ‣ security data ‣ types of data ‣ networking protocols ‣ perception ‣ routing protocols (the Internet) ‣ optics ‣ security impact ‣ color theory ‣ security policy ‣ depth cue theory ‣ jargon ‣ interaction theory ‣ use-cases ‣ types of graphs ‣ are the end-users ‣ human computer interaction pixlcloud | creating big data stories copyright © 2011
Landscape Changes Threat Landscape Technology • from disruptive to disastrous • Big Data • from audacious to “low and slow” • NoSQL • from fame to financial gain • Column-based data stores • from manual to automated • Map Reduce (hadoop) • from indiscriminate to targeted • Cloud • from infrastructure to applications • on demand computing We have technology to attack the threats! BUT we don’t know what to do with it! pixlcloud | creating big data stories copyright © 2011
The Public Sector ‣ Currently using a lot of Excel ‣ Big data technologies (e.g., Datameer, Karmasphere, Cloudera) ‣ Incremental improvements to SIEM tools (e.g., ArcSight, etc.) ‣ Using non security / network tools (e.g., Advizor, Cognos) ‣ Working with blacklists and whitelists ‣ Not understanding the data intrinsically pixlcloud | creating big data stories copyright © 2011
The Government Everything is different from Industry Scale Data sources e.g., DISA has 5 million e.g., ASIM CIDS live hosts Types of attacks Adversaries I have no example .... e.g., Nation states pixlcloud | creating big data stories copyright © 2011
We Need pixlcloud | creating big data stories copyright (c) 2011
What we Need ‣ Leverage advanced technologies (big data, etc.) ‣ Build for the actual users, not programmers! ‣ End to end tools, not yet another library ‣ Interactive, not static! ‣ Multiple data sources at once ‣ Leverage context, not just event data ‣ Decouple data from the tools ‣ Crowd intelligence pixlcloud | creating big data stories copyright © 2011
Make it This Simple! pixlcloud | creating big data stories copyright © 2011
Challenges pixlcloud | creating big data stories copyright (c) 2011
Maturity Challenge Companies and products are stuck on the left hand side! pixlcloud | creating big data stories copyright © 2011
1 Data Challenges ‣ No data - no insights - no sit awareness ‣ We don’t even have / collect the data ‣ It is too hard to collect data ‣ We don’t understand our data! ‣ Data silos ‣ Large amounts of semi-structured data ‣Parsing data is extremely hard pixlcloud | creating big data stories copyright © 2011
Tool Challenges ‣ Same old - all over Overview first ‣Does your SIEM support visual analytics? ‣ Missing: Brushing, Interactivity ‣ Help the user understand the data! Zoom and Filter ‣ Highly scalable visualization systems are hard to build! ‣ What algorithms are useful? (e.g., clustering) Details on demand ‣ Visualization expertise is missing ‣ Visualization AND security is an interdisciplinary problem pixlcloud | creating big data stories copyright © 2011
Visualization Challenges ‣ Skilled people are missing ‣ What are we even trying to look for? ‣ Anomaly detection is not working ‣ Academia is disconnected ‣Use-cases and problems ‣State of the art in industry ‣ Visualization is always an afterthought pixlcloud | creating big data stories copyright © 2011
Myths ‣Real-time ‣Do we really need real-time? ‣Hadoop ‣Not everything that is big data needs to use Hadoop! ‣Know your technologies! ‣Cloud ‣Will we ever put security relevant data into the cloud? pixlcloud | creating big data stories copyright © 2011
Resources ‣ SecViz: http://secviz.org and @secviz ‣ CERT - NetSA: http://www.cert.org/netsa/ ‣Mainly a collection of papers and links to some tools (SiLK) ‣ VizSec Conference: http://www.vizsec.org ‣ Applied Security Visualization R. Marty, 2008 pixlcloud | creating big data stories copyright © 2011
pixlcloud buy now creating big data stories @raffaelmarty copyright (c) by r. marty - december 2011

Empfohlen

Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls IIIT Hyderabad
 
Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposureabodiford
 
Cyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsCyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsSounil Yu
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 

Empfohlen

Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls IIIT Hyderabad
 
Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposureabodiford
 
Cyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsCyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsSounil Yu
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Protect724manoj
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEOMicheal Axelsen
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4Integral university, India
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principlessluge
 
2.1 security officers
2.1 security officers2.1 security officers
2.1 security officersHighland Training Group Ltd
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSPriyanka Aash
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Fatigue and Situational Awareness
Fatigue and Situational AwarenessFatigue and Situational Awareness
Fatigue and Situational AwarenessAtlantaSafetyCouncil
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational AwarenessMarshall Bowen
 

Weitere ähnliche Inhalte

Was ist angesagt?

social engineering
social engineering social engineering
social engineeringRavi Patel
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Protect724manoj
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEOMicheal Axelsen
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principlessluge
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSPriyanka Aash
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 

Was ist angesagt? (20)

social engineering
social engineering social engineering
social engineering
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines
 
Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Zero Trust
Zero TrustZero Trust
Zero Trust
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principles
 
2.1 security officers
2.1 security officers2.1 security officers
2.1 security officers
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOS
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 

Andere mochten auch

Situational awareness
Situational awarenessSituational awareness
Situational awarenessCasey Roy
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awarenessrcoats7
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational AwarenessBrian Link
 
Situational Awareness and Why It's Important
Situational Awareness and Why It's ImportantSituational Awareness and Why It's Important
Situational Awareness and Why It's ImportantAlien Gear Holsters
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Situational awareness for computer network security
Situational awareness for computer network securitySituational awareness for computer network security
Situational awareness for computer network securitymmubashirkhan
 
Achieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awarenessAchieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awarenessHappiest Minds Technologies
 
20 Things EMS Can Do With Capnography!
20 Things EMS Can Do With Capnography!20 Things EMS Can Do With Capnography!
20 Things EMS Can Do With Capnography!Rommie Duckworth
 
Situational Awareness - Why It's Important
Situational Awareness - Why It's ImportantSituational Awareness - Why It's Important
Situational Awareness - Why It's ImportantAlien Gear Holsters
 
To situation awareness theory
To situation awareness theoryTo situation awareness theory
To situation awareness theoryengineerteju
 
Shared situation awareness
Shared situation awarenessShared situation awareness
Shared situation awarenessAngeliqueD
 
Situational Awareness for Fire and EMS
Situational Awareness for Fire and EMSSituational Awareness for Fire and EMS
Situational Awareness for Fire and EMSRommie Duckworth
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational AwarenessAakash Bhagat
 
Technology Trends in Situation Awareness
Technology Trends in Situation AwarenessTechnology Trends in Situation Awareness
Technology Trends in Situation AwarenessBrandon Greenberg
 

Andere mochten auch (20)

Fatigue and Situational Awareness
Fatigue and Situational AwarenessFatigue and Situational Awareness
Fatigue and Situational Awareness
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Situational awareness
Situational awarenessSituational awareness
Situational awareness
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Situational Awareness and Why It's Important
Situational Awareness and Why It's ImportantSituational Awareness and Why It's Important
Situational Awareness and Why It's Important
 
Situational awareness
Situational awarenessSituational awareness
Situational awareness
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Situational awareness for computer network security
Situational awareness for computer network securitySituational awareness for computer network security
Situational awareness for computer network security
 
ILTA 2014: LexisNexis Software Company Update
ILTA 2014: LexisNexis Software Company UpdateILTA 2014: LexisNexis Software Company Update
ILTA 2014: LexisNexis Software Company Update
 
Achieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awarenessAchieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awareness
 
20 Things EMS Can Do With Capnography!
20 Things EMS Can Do With Capnography!20 Things EMS Can Do With Capnography!
20 Things EMS Can Do With Capnography!
 
Situational Awareness - Why It's Important
Situational Awareness - Why It's ImportantSituational Awareness - Why It's Important
Situational Awareness - Why It's Important
 
To situation awareness theory
To situation awareness theoryTo situation awareness theory
To situation awareness theory
 
Shared situation awareness
Shared situation awarenessShared situation awareness
Shared situation awareness
 
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
 
Situational Awareness for Fire and EMS
Situational Awareness for Fire and EMSSituational Awareness for Fire and EMS
Situational Awareness for Fire and EMS
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Technology Trends in Situation Awareness
Technology Trends in Situation AwarenessTechnology Trends in Situation Awareness
Technology Trends in Situation Awareness
 
Improving our energy at work
Improving our energy at workImproving our energy at work
Improving our energy at work
 

Ähnlich wie Security - Situational awareness

Hitachi Cloud and Solutions
Hitachi Cloud and Solutions Hitachi Cloud and Solutions
Hitachi Cloud and SolutionsHitachi Vantara
 
New Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the CloudNew Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the CloudOnline Tech
 
The Enterprise Trifecta
The Enterprise TrifectaThe Enterprise Trifecta
The Enterprise Trifectasinhabipul
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Datafbeckett1
 
Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10keirdo1
 
DISA: Cloud Computing And SaaS
DISA: Cloud Computing And SaaSDISA: Cloud Computing And SaaS
DISA: Cloud Computing And SaaSGovCloud Network
 
2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud DeploymentOpen Data Center Alliance
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingSam Garforth
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudsallysogeti
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudreshmaroberts
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Move your desktop to the cloud for $1 day
Move your desktop to the cloud for $1 day Move your desktop to the cloud for $1 day
Move your desktop to the cloud for $1 day Desktone
 
Prc open stack conf aug 2012 cox v1
Prc open stack conf aug 2012 cox v1Prc open stack conf aug 2012 cox v1
Prc open stack conf aug 2012 cox v1OpenCity Community
 
AIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC CorporationAIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC CorporationShadrach White
 
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data CenterCloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data Centervsarathy
 
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...Jyothi Satyanathan
 

Ähnlich wie Security - Situational awareness (20)

Hitachi Cloud and Solutions
Hitachi Cloud and Solutions Hitachi Cloud and Solutions
Hitachi Cloud and Solutions
 
16h30 p duff-big-data-final
16h30 p duff-big-data-final16h30 p duff-big-data-final
16h30 p duff-big-data-final
 
Big Data & The Cloud
Big Data & The CloudBig Data & The Cloud
Big Data & The Cloud
 
New Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the CloudNew Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the Cloud
 
The Enterprise Trifecta
The Enterprise TrifectaThe Enterprise Trifecta
The Enterprise Trifecta
 
Big Data on AWS
Big Data on AWSBig Data on AWS
Big Data on AWS
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Data
 
Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10
 
DISA: Cloud Computing And SaaS
DISA: Cloud Computing And SaaSDISA: Cloud Computing And SaaS
DISA: Cloud Computing And SaaS
 
2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud Computing
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Move your desktop to the cloud for $1 day
Move your desktop to the cloud for $1 day Move your desktop to the cloud for $1 day
Move your desktop to the cloud for $1 day
 
Prc open stack conf aug 2012 cox v1
Prc open stack conf aug 2012 cox v1Prc open stack conf aug 2012 cox v1
Prc open stack conf aug 2012 cox v1
 
AIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC CorporationAIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC Corporation
 
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data CenterCloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
 
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
 

Mehr von Raffael Marty

Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at ScaleRaffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big DataRaffael Marty
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data VisualizationRaffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityRaffael Marty
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxRaffael Marty
 

Mehr von Raffael Marty (20)

Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data Visualization
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 

Kürzlich hochgeladen (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

Security - Situational awareness

  • 1. Situational Awareness raffael marty - pixlcloud december 2011
  • 2. Is this useful for Situational Awareness? pixlcloud | creating big data stories copyright (c) 2011
  • 3. Overview Network Security Sit Awareness Today Where we should be Challenges Resources pixlcloud | creating big data stories copyright © 2011
  • 4. Raffael Marty • SaaS business expert pixlcloud • Data visualization practitioner • Security data analyst IBM Research Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 pixlcloud | creating big data stories copyright (c) 2011
  • 5. Cyber Security Network Security Information Security Data Collection Authentication Authorization Forensics / IR Accounting Reporting Neglected!!! BCM / DR Alerting OS Security Situational Awareness Policies and Procedures ... Reactive Pro-Active pixlcloud | creating big data stories copyright (c) 2011
  • 6. Situational Awareness “Situational Awareness is the ability to identify, process, and comprehend the critical elements of information about what is happening to the team with regards to the mission. More simply, it’s knowing what is going on around you.” ‣ find air force viz images IWViz - IDS Situational Awareness pixlcloud | creating big data stories copyright © 2011
  • 7. Sit Awareness Is Visualization ‣ Visualization - because machine centered approaches have failed ‣ Leverage human cognitive capabilities ‣Pattern recognition ‣Pre-attentive processing ‣Context memory pixlcloud | creating big data stories copyright © 2011
  • 8. Today pixlcloud | creating big data stories copyright (c) 2011
  • 9. Data Sources for Sit Awareness 1.1.1.1 10.0.0.2 ‣Flow records 9.4.242.10 ‣ Firewalls 1.1.1.1 10.0.0.2 9.4.242.10 ‣ IDS/IPSs 1.1.1.1 10.0.0.2 9.4.242.10 ‣ What about: PCAP, DNS, BGP, OS, Proxies, User behavior ?? ‣ Context information - Hosts, Users, ... pixlcloud | creating big data stories copyright © 2011
  • 10. Todays Visualization Tools ‣ Based on specific data source ‣ Hard to use ‣ Limited interactivity ‣ Not real-time ‣ Slow ‣ Ugly ‣ Gephi ‣ PicViz ‣ R ‣ Treemap 4.1 ‣ Matlab ‣ Google Earth ‣ Mondrian pixlcloud | creating big data stories copyright © 2011
  • 11. Take the Blinders Off! pixlcloud | creating big data stories copyright © 2011
  • 12. Visualization Maturity ‣ Data Collection Contextual Data iterations ‣ Data Analysis Data Sources (Data Store) Structured Data Visual Representation ‣ Context Integration parsing visualization feature selection ‣ Visualization files database filtering aggregation cleansing ‣ Visual Analytics ‣ Collaboration ‣ Dissemination pixlcloud | creating big data stories copyright © 2011
  • 13. Security Visualization Dichotomy Security Visualization ‣ security data ‣ types of data ‣ networking protocols ‣ perception ‣ routing protocols (the Internet) ‣ optics ‣ security impact ‣ color theory ‣ security policy ‣ depth cue theory ‣ jargon ‣ interaction theory ‣ use-cases ‣ types of graphs ‣ are the end-users ‣ human computer interaction pixlcloud | creating big data stories copyright © 2011
  • 14. Landscape Changes Threat Landscape Technology • from disruptive to disastrous • Big Data • from audacious to “low and slow” • NoSQL • from fame to financial gain • Column-based data stores • from manual to automated • Map Reduce (hadoop) • from indiscriminate to targeted • Cloud • from infrastructure to applications • on demand computing We have technology to attack the threats! BUT we don’t know what to do with it! pixlcloud | creating big data stories copyright © 2011
  • 15. The Public Sector ‣ Currently using a lot of Excel ‣ Big data technologies (e.g., Datameer, Karmasphere, Cloudera) ‣ Incremental improvements to SIEM tools (e.g., ArcSight, etc.) ‣ Using non security / network tools (e.g., Advizor, Cognos) ‣ Working with blacklists and whitelists ‣ Not understanding the data intrinsically pixlcloud | creating big data stories copyright © 2011
  • 16. The Government Everything is different from Industry Scale Data sources e.g., DISA has 5 million e.g., ASIM CIDS live hosts Types of attacks Adversaries I have no example .... e.g., Nation states pixlcloud | creating big data stories copyright © 2011
  • 17. We Need pixlcloud | creating big data stories copyright (c) 2011
  • 18. What we Need ‣ Leverage advanced technologies (big data, etc.) ‣ Build for the actual users, not programmers! ‣ End to end tools, not yet another library ‣ Interactive, not static! ‣ Multiple data sources at once ‣ Leverage context, not just event data ‣ Decouple data from the tools ‣ Crowd intelligence pixlcloud | creating big data stories copyright © 2011
  • 19. Make it This Simple! pixlcloud | creating big data stories copyright © 2011
  • 20. Challenges pixlcloud | creating big data stories copyright (c) 2011
  • 21. Maturity Challenge Companies and products are stuck on the left hand side! pixlcloud | creating big data stories copyright © 2011
  • 22. 1 Data Challenges ‣ No data - no insights - no sit awareness ‣ We don’t even have / collect the data ‣ It is too hard to collect data ‣ We don’t understand our data! ‣ Data silos ‣ Large amounts of semi-structured data ‣Parsing data is extremely hard pixlcloud | creating big data stories copyright © 2011
  • 23. Tool Challenges ‣ Same old - all over Overview first ‣Does your SIEM support visual analytics? ‣ Missing: Brushing, Interactivity ‣ Help the user understand the data! Zoom and Filter ‣ Highly scalable visualization systems are hard to build! ‣ What algorithms are useful? (e.g., clustering) Details on demand ‣ Visualization expertise is missing ‣ Visualization AND security is an interdisciplinary problem pixlcloud | creating big data stories copyright © 2011
  • 24. Visualization Challenges ‣ Skilled people are missing ‣ What are we even trying to look for? ‣ Anomaly detection is not working ‣ Academia is disconnected ‣Use-cases and problems ‣State of the art in industry ‣ Visualization is always an afterthought pixlcloud | creating big data stories copyright © 2011
  • 25. Myths ‣Real-time ‣Do we really need real-time? ‣Hadoop ‣Not everything that is big data needs to use Hadoop! ‣Know your technologies! ‣Cloud ‣Will we ever put security relevant data into the cloud? pixlcloud | creating big data stories copyright © 2011
  • 26. Resources ‣ SecViz: http://secviz.org and @secviz ‣ CERT - NetSA: http://www.cert.org/netsa/ ‣Mainly a collection of papers and links to some tools (SiLK) ‣ VizSec Conference: http://www.vizsec.org ‣ Applied Security Visualization R. Marty, 2008 pixlcloud | creating big data stories copyright © 2011
  • 27. pixlcloud buy now creating big data stories @raffaelmarty copyright (c) by r. marty - december 2011