- Author:
- Raffael Marty
APPLIED SECURITY VISUALIZATION Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired. Andreas Wuchner, Head of Global IT Security, Novartis Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using todays state-of-the-art data visualization techniques, you can gain a far deeper understanding of whats happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. In Applied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. Youll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with an introduction to a broad set of visualization tools. The books CD also includes DAVIX, a compilation of freely available tools for security visualization. You'll learn how to: Intimately understand the data sources that are essential for effective visualization Choose the most appropriate graphs and techniques for your IT data Transform complex data into crystal-clear visual representations Iterate your graphs to deliver even better insight for taking action Assess threats to your network perimeter, as well as threats imposed by insiders Use visualization to manage risks and compliance mandates more successfully Visually audit both the technical and organizational aspects of information and network security Compare and master todays most useful tools for security visualization Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation. Raffael Marty is chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. An active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcSight, served as IT security consultant for PriceWaterhouseCoopers, and was a member of the IBM Research Global Security Analysis Lab.
Cited By
- Lee J and Lee H (2022). An SSH predictive model using machine learning with web proxy session logs, International Journal of Information Security, 21:2, (311-322), Online publication date: 1-Apr-2022.
Happa J, Agrafiotis I, Helmhout M, Bashford-Rogers T, Goldsmith M and Creese S (2021). Assessing a Decision Support Tool for SOC Analysts, Digital Threats: Research and Practice, 2:3, (1-35), Online publication date: 30-Sep-2021.- Lavalle A, Maté A, Trujillo J, Teruel M and Rizzi S (2021). A methodology to automatically translate user requirements into visualizations, Information and Software Technology, 136:C, Online publication date: 1-Aug-2021.
- Ji S, Jeong B and Jeong D (2021). Evaluating visualization approaches to detect abnormal activities in network traffic data, International Journal of Information Security, 20:3, (331-345), Online publication date: 1-Jun-2021.
- Samtani S, Kantarcioglu M and Chen H (2020). Trailblazing the Artificial Intelligence for Cybersecurity Discipline, ACM Transactions on Management Information Systems, 11:4, (1-19), Online publication date: 4-Dec-2020.
- Hassan A and Darmon P Data Reduction in Multifunction OLAP Advances in Databases and Information Systems, (409-424)
- Voronkov A, Iwaya L, Martucci L and Lindskog S (2017). Systematic Literature Review on Usability of Firewall Configuration, ACM Computing Surveys, 50:6, (1-35), Online publication date: 30-Nov-2018.
- Sheng S, Wu C and Dong X Research on Visualization Systems for DDoS Attack Detection 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC), (2986-2991)
- Väisänen T, Noponen S, Latvala O and Kuusijärvi J Combining real-time risk visualization and anomaly detection Proceedings of the 12th European Conference on Software Architecture: Companion Proceedings, (1-7)
- Hanauer T, Hommel W, Metzger S and Pöhn D A Process Framework for Stakeholder-specific Visualization of Security Metrics Proceedings of the 13th International Conference on Availability, Reliability and Security, (1-10)
- Mattina B, Yeung F, Hsu A, Savoy D, Tront J and Raymond D MARCS Proceedings of the 12th Annual Conference on Cyber and Information Security Research, (1-4)
- Muhammad T and Halim Z (2016). Employing artificial neural networks for constructing metadata-based model to automatically select an appropriate data visualization technique, Applied Soft Computing, 49:C, (365-384), Online publication date: 1-Dec-2016.
- Liao Q and Li T (2016). Effective network management via dynamic network anomaly visualization, Networks, 26:6, (461-491), Online publication date: 1-Nov-2016.
- Camacho J, Pérez-Villegas A, García-Teodoro P and Maciá-Fernández G (2016). PCA-based multivariate statistical network monitoring for anomaly detection, Computers and Security, 59:C, (118-137), Online publication date: 1-Jun-2016.
- Guimaraes V, Freitas C, Sadre R, Tarouco L and Granville L (2016). A Survey on Information Visualization for Network and Service Management, IEEE Communications Surveys & Tutorials, 18:1, (285-323), Online publication date: 1-Jan-2016.
- Hall P, Heath C, Coles-Kemp L and Tanner A Examining the Contribution of Critical Visualisation to Information Security Proceedings of the 2015 New Security Paradigms Workshop, (59-72)
- Ploehn C and Greene K The Authentication Equation Proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 9190, (95-106)
- Turnbull B and Randhawa S (2015). Automated event and social network extraction from digital evidence sources with ontological mapping, Digital Investigation: The International Journal of Digital Forensics & Incident Response, 13:C, (94-106), Online publication date: 1-Jun-2015.
- Goto H and Takada T Anomalous network communication detection system by visual pattern on a client computer Proceedings of the 30th Annual ACM Symposium on Applied Computing, (1263-1269)
- Stange J, Dörk M, Landstorfer J and Wettach R Visual filter Proceedings of the Eleventh Workshop on Visualization for Cyber Security, (41-48)
- Latvala O, Toivonen J, Kuusijärvi J and Evesti A A tool for security metrics modeling and visualization Proceedings of the 2014 European Conference on Software Architecture Workshops, (1-7)
- Karapistoli E, Sarigiannidis P and Economides A SRNET Proceedings of the Tenth Workshop on Visualization for Cyber Security, (49-56)
- Hao L, Healey C and Hutchinson S Flexible web visualization for alert-based network security analytics Proceedings of the Tenth Workshop on Visualization for Cyber Security, (33-40)
- Alsaleh M, Alqahtani A, Alarifi A and Al-Salman A Visualizing PHPIDS log files for better understanding of web server attacks Proceedings of the Tenth Workshop on Visualization for Cyber Security, (1-8)
- Clemente P, Kaba B, Rouzaud-Cornabas J, Alexandre M and Aujay G SPTrack Proceedings of the 8th international conference on Active Media Technology, (596-605)
- Zhao Y, Zhou F and Fan X A real-time visualization framework for IDS alerts Proceedings of the 5th International Symposium on Visual Information Communication and Interaction, (11-17)
- Roveta F, Caviglia G, Di Mario L, Zanero S, Maggi F and Ciuccarelli P BURN Proceedings of the 8th International Symposium on Visualization for Cyber Security, (1-10)
- Horn C and D'Amico A Visual analysis of goal-directed network defense decisions Proceedings of the 8th International Symposium on Visualization for Cyber Security, (1-6)
- Kintzel C, Fuchs J and Mansmann F Monitoring large IP spaces with ClockView Proceedings of the 8th International Symposium on Visualization for Cyber Security, (1-10)
- Boschetti A, Salgarelli L, Muelder C and Ma K TVi Proceedings of the 8th International Symposium on Visualization for Cyber Security, (1-10)
- Marty R Cloud application logging for forensics Proceedings of the 2011 ACM Symposium on Applied Computing, (178-184)
- Shiravi H, Shiravi A and Ghorbani A IDS alert visualization and monitoring through heuristic host selection Proceedings of the 12th international conference on Information and communications security, (445-458)
- Shiravi H, Shiravi A and Ghorbani A IDS Alert Visualization and Monitoring through Heuristic Host Selection Information and Communications Security, (445-458)
- Dionysiou I, Gjermundrød H and Bakken D GUTS Proceedings of the 6th international conference on Security and trust management, (84-99)
- Liao Q, Striegel A and Chawla N Visualizing graph dynamics and similarity for enterprise network security and management Proceedings of the Seventh International Symposium on Visualization for Cyber Security, (34-45)
- Fontugne R, Hirotsu T and Fukuda K A visualization tool for exploring multi-scale network traffic anomalies Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems, (274-281)
- Walker T (2008). Practical management of malicious insider threat – An enterprise CSIRT perspective, Information Security Tech. Report, 13:4, (225-234), Online publication date: 1-Nov-2008.
- Peterson E Dagger: Modeling and visualization for mission impact situation awareness MILCOM 2016 - 2016 IEEE Military Communications Conference, (25-30)
Index Terms
- Applied Security Visualization
Recommendations
Countering Security Information Overload through Alert and Packet Visualization
When given the task of securing a network, security analysts and network administrators typically face large volumes of security data that demand analysis. Selectively mapping elements of these flows to carefully crafted graphical displays can provide ...
Reviews
Phoram Mehta
This book is an easy-to-follow, comprehensive guide for security practitioners, from a well-respected name in the log collection and event correlation industry. It is a step-by-step guide that takes its readers from introduction, to information visualization, to visual representation of security data and its analysis. The structure and the content of the book are presented in a very clear way, making a seemingly new concept from a security perspective simple to digest. The first four chapters of the book are dedicated to making sure that all relevant concepts of visualization and data representation are covered in enough detail to prepare the reader for effectively performing visual security analysis. Visualization, the core topic of this book and also the first chapter, is a good introduction to the concept and its applications. Chapters 2 and 3 discuss different types of data sources and various forms of data visualizations, respectively. Chapter 4 introduces graphs, and discusses how to process and interpret graphically represented data. Chapter 5 shows how to visually analyze security data, and discusses the three classes: reporting, historical analysis, and real-time monitoring. From here, Marty takes on three of the major areas within enterprise security, where such analysis can be applied and beneficial. Chapter 6 is a collection of use cases discussing perimeter threat analysis. This includes firewall logs, intrusion detection system logs, and email server data. Chapter 7 covers compliance and risk management use cases, and chapter 8 is focused on insider threat monitoring and analysis. The author closes by introducing multiple tools and open-source libraries that can be used for such work. Readers will appreciate that all of the tools discussed in the book are included in the accompanying CD. This book brings a fresh perspective to a not-so-exciting, but still very critical, aspect of the overall security state of an organization. It practically walks its readers through each and every step needed to utilize visualization tools and techniques for creating an effective log monitoring and analysis program. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.