APPLIED SECURITY VISUALIZATION Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired. Andreas Wuchner, Head of Global IT Security, Novartis Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using todays state-of-the-art data visualization techniques, you can gain a far deeper understanding of whats happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. In Applied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. Youll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with an introduction to a broad set of visualization tools. The books CD also includes DAVIX, a compilation of freely available tools for security visualization. You'll learn how to: Intimately understand the data sources that are essential for effective visualization Choose the most appropriate graphs and techniques for your IT data Transform complex data into crystal-clear visual representations Iterate your graphs to deliver even better insight for taking action Assess threats to your network perimeter, as well as threats imposed by insiders Use visualization to manage risks and compliance mandates more successfully Visually audit both the technical and organizational aspects of information and network security Compare and master todays most useful tools for security visualization Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation. Raffael Marty is chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. An active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcSight, served as IT security consultant for PriceWaterhouseCoopers, and was a member of the IBM Research Global Security Analysis Lab.
Cited By
- Lee J and Lee H (2022). An SSH predictive model using machine learning with web proxy session logs, International Journal of Information Security, 21:2, (311-322), Online publication date: 1-Apr-2022.
- Happa J, Agrafiotis I, Helmhout M, Bashford-Rogers T, Goldsmith M and Creese S (2021). Assessing a Decision Support Tool for SOC Analysts, Digital Threats: Research and Practice, 2:3, (1-35), Online publication date: 30-Sep-2021.
- Lavalle A, Maté A, Trujillo J, Teruel M and Rizzi S (2021). A methodology to automatically translate user requirements into visualizations, Information and Software Technology, 136:C, Online publication date: 1-Aug-2021.
- Ji S, Jeong B and Jeong D (2021). Evaluating visualization approaches to detect abnormal activities in network traffic data, International Journal of Information Security, 20:3, (331-345), Online publication date: 1-Jun-2021.
- Samtani S, Kantarcioglu M and Chen H (2020). Trailblazing the Artificial Intelligence for Cybersecurity Discipline, ACM Transactions on Management Information Systems, 11:4, (1-19), Online publication date: 4-Dec-2020.
- Hassan A and Darmon P Data Reduction in Multifunction OLAP Advances in Databases and Information Systems, (409-424)
- Voronkov A, Iwaya L, Martucci L and Lindskog S (2017). Systematic Literature Review on Usability of Firewall Configuration, ACM Computing Surveys, 50:6, (1-35), Online publication date: 30-Nov-2018.
- Sheng S, Wu C and Dong X Research on Visualization Systems for DDoS Attack Detection 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC), (2986-2991)
- Väisänen T, Noponen S, Latvala O and Kuusijärvi J Combining real-time risk visualization and anomaly detection Proceedings of the 12th European Conference on Software Architecture: Companion Proceedings, (1-7)
- Hanauer T, Hommel W, Metzger S and Pöhn D A Process Framework for Stakeholder-specific Visualization of Security Metrics Proceedings of the 13th International Conference on Availability, Reliability and Security, (1-10)
- Mattina B, Yeung F, Hsu A, Savoy D, Tront J and Raymond D MARCS Proceedings of the 12th Annual Conference on Cyber and Information Security Research, (1-4)
- Muhammad T and Halim Z (2016). Employing artificial neural networks for constructing metadata-based model to automatically select an appropriate data visualization technique, Applied Soft Computing, 49:C, (365-384), Online publication date: 1-Dec-2016.
- Liao Q and Li T (2016). Effective network management via dynamic network anomaly visualization, Networks, 26:6, (461-491), Online publication date: 1-Nov-2016.
- Camacho J, Pérez-Villegas A, García-Teodoro P and Maciá-Fernández G (2016). PCA-based multivariate statistical network monitoring for anomaly detection, Computers and Security, 59:C, (118-137), Online publication date: 1-Jun-2016.
- Guimaraes V, Freitas C, Sadre R, Tarouco L and Granville L (2016). A Survey on Information Visualization for Network and Service Management, IEEE Communications Surveys & Tutorials, 18:1, (285-323), Online publication date: 1-Jan-2016.
- Hall P, Heath C, Coles-Kemp L and Tanner A Examining the Contribution of Critical Visualisation to Information Security Proceedings of the 2015 New Security Paradigms Workshop, (59-72)
- Ploehn C and Greene K The Authentication Equation Proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 9190, (95-106)
- Turnbull B and Randhawa S (2015). Automated event and social network extraction from digital evidence sources with ontological mapping, Digital Investigation: The International Journal of Digital Forensics & Incident Response, 13:C, (94-106), Online publication date: 1-Jun-2015.
- Goto H and Takada T Anomalous network communication detection system by visual pattern on a client computer Proceedings of the 30th Annual ACM Symposium on Applied Computing, (1263-1269)
- Stange J, Dörk M, Landstorfer J and Wettach R Visual filter Proceedings of the Eleventh Workshop on Visualization for Cyber Security, (41-48)
- Latvala O, Toivonen J, Kuusijärvi J and Evesti A A tool for security metrics modeling and visualization Proceedings of the 2014 European Conference on Software Architecture Workshops, (1-7)
- Karapistoli E, Sarigiannidis P and Economides A SRNET Proceedings of the Tenth Workshop on Visualization for Cyber Security, (49-56)
- Hao L, Healey C and Hutchinson S Flexible web visualization for alert-based network security analytics Proceedings of the Tenth Workshop on Visualization for Cyber Security, (33-40)
- Alsaleh M, Alqahtani A, Alarifi A and Al-Salman A Visualizing PHPIDS log files for better understanding of web server attacks Proceedings of the Tenth Workshop on Visualization for Cyber Security, (1-8)
- Clemente P, Kaba B, Rouzaud-Cornabas J, Alexandre M and Aujay G SPTrack Proceedings of the 8th international conference on Active Media Technology, (596-605)
- Zhao Y, Zhou F and Fan X A real-time visualization framework for IDS alerts Proceedings of the 5th International Symposium on Visual Information Communication and Interaction, (11-17)
- Roveta F, Caviglia G, Di Mario L, Zanero S, Maggi F and Ciuccarelli P BURN Proceedings of the 8th International Symposium on Visualization for Cyber Security, (1-10)
- Horn C and D'Amico A Visual analysis of goal-directed network defense decisions Proceedings of the 8th International Symposium on Visualization for Cyber Security, (1-6)
- Kintzel C, Fuchs J and Mansmann F Monitoring large IP spaces with ClockView Proceedings of the 8th International Symposium on Visualization for Cyber Security, (1-10)
- Boschetti A, Salgarelli L, Muelder C and Ma K TVi Proceedings of the 8th International Symposium on Visualization for Cyber Security, (1-10)
- Marty R Cloud application logging for forensics Proceedings of the 2011 ACM Symposium on Applied Computing, (178-184)
- Shiravi H, Shiravi A and Ghorbani A IDS alert visualization and monitoring through heuristic host selection Proceedings of the 12th international conference on Information and communications security, (445-458)
- Shiravi H, Shiravi A and Ghorbani A IDS Alert Visualization and Monitoring through Heuristic Host Selection Information and Communications Security, (445-458)
- Dionysiou I, Gjermundrød H and Bakken D GUTS Proceedings of the 6th international conference on Security and trust management, (84-99)
- Liao Q, Striegel A and Chawla N Visualizing graph dynamics and similarity for enterprise network security and management Proceedings of the Seventh International Symposium on Visualization for Cyber Security, (34-45)
- Fontugne R, Hirotsu T and Fukuda K A visualization tool for exploring multi-scale network traffic anomalies Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems, (274-281)
- Walker T (2008). Practical management of malicious insider threat – An enterprise CSIRT perspective, Information Security Tech. Report, 13:4, (225-234), Online publication date: 1-Nov-2008.
- Peterson E Dagger: Modeling and visualization for mission impact situation awareness MILCOM 2016 - 2016 IEEE Military Communications Conference, (25-30)
Index Terms
- Applied Security Visualization
Recommendations
Countering Security Information Overload through Alert and Packet Visualization
When given the task of securing a network, security analysts and network administrators typically face large volumes of security data that demand analysis. Selectively mapping elements of these flows to carefully crafted graphical displays can provide ...