Your SlideShare is downloading. ×
0
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Security - Situational awareness
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security - Situational awareness

14,608

Published on

This presentation gives a very short introduction to security situational awareness. It shows what the state of the art in security visualization is and where there are challenges to be solved. The …

This presentation gives a very short introduction to security situational awareness. It shows what the state of the art in security visualization is and where there are challenges to be solved. The presentation also features a visualization maturity scale that is published here for the first time.
This presentation was given

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
14,608
On Slideshare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
191
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SituationalAwarenessraffael marty - pixlcloud december 2011
  • 2. Is this useful for Situational Awareness?pixlcloud | creating big data stories copyright (c) 2011
  • 3. Overview Network Security Sit Awareness Today Where we should be Challenges Resourcespixlcloud | creating big data stories copyright © 2011
  • 4. Raffael Marty • SaaS business expert pixlcloud • Data visualization practitioner • Security data analyst IBM Research Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100pixlcloud | creating big data stories copyright (c) 2011
  • 5. Cyber Security Network Security Information Security Data Collection Authentication Authorization Forensics / IR Accounting Reporting Neglected!!! BCM / DR Alerting OS Security Situational Awareness Policies and Procedures ... Reactive Pro-Activepixlcloud | creating big data stories copyright (c) 2011
  • 6. Situational Awareness “Situational Awareness is the ability to identify, process, and comprehend the critical elements of information about what is happening to the team with regards to the mission. More simply, it’s knowing what is going on around you.” ‣ find air force viz images IWViz - IDS Situational Awarenesspixlcloud | creating big data stories copyright © 2011
  • 7. Sit Awareness Is Visualization ‣ Visualization - because machine centered approaches have failed ‣ Leverage human cognitive capabilities ‣Pattern recognition ‣Pre-attentive processing ‣Context memorypixlcloud | creating big data stories copyright © 2011
  • 8. Todaypixlcloud | creating big data stories copyright (c) 2011
  • 9. Data Sources for Sit Awareness 1.1.1.1 10.0.0.2 ‣Flow records 9.4.242.10 ‣ Firewalls 1.1.1.1 10.0.0.2 9.4.242.10 ‣ IDS/IPSs 1.1.1.1 10.0.0.2 9.4.242.10 ‣ What about: PCAP, DNS, BGP, OS, Proxies, User behavior ?? ‣ Context information - Hosts, Users, ...pixlcloud | creating big data stories copyright © 2011
  • 10. Todays Visualization Tools ‣ Based on specific data source ‣ Hard to use ‣ Limited interactivity ‣ Not real-time ‣ Slow ‣ Ugly ‣ Gephi ‣ PicViz ‣ R ‣ Treemap 4.1 ‣ Matlab ‣ Google Earth ‣ Mondrianpixlcloud | creating big data stories copyright © 2011
  • 11. Take the Blinders Off!pixlcloud | creating big data stories copyright © 2011
  • 12. Visualization Maturity ‣ Data Collection Contextual Data iterations ‣ Data Analysis Data Sources (Data Store) Structured Data Visual Representation ‣ Context Integration parsing visualization feature selection ‣ Visualization files database filtering aggregation cleansing ‣ Visual Analytics ‣ Collaboration ‣ Disseminationpixlcloud | creating big data stories copyright © 2011
  • 13. Security Visualization Dichotomy Security Visualization ‣ security data ‣ types of data ‣ networking protocols ‣ perception ‣ routing protocols (the Internet) ‣ optics ‣ security impact ‣ color theory ‣ security policy ‣ depth cue theory ‣ jargon ‣ interaction theory ‣ use-cases ‣ types of graphs ‣ are the end-users ‣ human computer interactionpixlcloud | creating big data stories copyright © 2011
  • 14. Landscape Changes Threat Landscape Technology • from disruptive to disastrous • Big Data • from audacious to “low and slow” • NoSQL • from fame to financial gain • Column-based data stores • from manual to automated • Map Reduce (hadoop) • from indiscriminate to targeted • Cloud • from infrastructure to applications • on demand computing We have technology to attack the threats! BUT we don’t know what to do with it!pixlcloud | creating big data stories copyright © 2011
  • 15. The Public Sector ‣ Currently using a lot of Excel ‣ Big data technologies (e.g., Datameer, Karmasphere, Cloudera) ‣ Incremental improvements to SIEM tools (e.g., ArcSight, etc.) ‣ Using non security / network tools (e.g., Advizor, Cognos) ‣ Working with blacklists and whitelists ‣ Not understanding the data intrinsicallypixlcloud | creating big data stories copyright © 2011
  • 16. The Government Everything is different from Industry Scale Data sources e.g., DISA has 5 million e.g., ASIM CIDS live hosts Types of attacks Adversaries I have no example .... e.g., Nation statespixlcloud | creating big data stories copyright © 2011
  • 17. We Needpixlcloud | creating big data stories copyright (c) 2011
  • 18. What we Need ‣ Leverage advanced technologies (big data, etc.) ‣ Build for the actual users, not programmers! ‣ End to end tools, not yet another library ‣ Interactive, not static! ‣ Multiple data sources at once ‣ Leverage context, not just event data ‣ Decouple data from the tools ‣ Crowd intelligencepixlcloud | creating big data stories copyright © 2011
  • 19. Make it This Simple!pixlcloud | creating big data stories copyright © 2011
  • 20. Challengespixlcloud | creating big data stories copyright (c) 2011
  • 21. Maturity Challenge Companies and products are stuck on the left hand side!pixlcloud | creating big data stories copyright © 2011
  • 22. 1 Data Challenges ‣ No data - no insights - no sit awareness ‣ We don’t even have / collect the data ‣ It is too hard to collect data ‣ We don’t understand our data! ‣ Data silos ‣ Large amounts of semi-structured data ‣Parsing data is extremely hardpixlcloud | creating big data stories copyright © 2011
  • 23. Tool Challenges ‣ Same old - all over Overview first ‣Does your SIEM support visual analytics? ‣ Missing: Brushing, Interactivity ‣ Help the user understand the data! Zoom and Filter ‣ Highly scalable visualization systems are hard to build! ‣ What algorithms are useful? (e.g., clustering) Details on demand ‣ Visualization expertise is missing ‣ Visualization AND security is an interdisciplinary problempixlcloud | creating big data stories copyright © 2011
  • 24. Visualization Challenges ‣ Skilled people are missing ‣ What are we even trying to look for? ‣ Anomaly detection is not working ‣ Academia is disconnected ‣Use-cases and problems ‣State of the art in industry ‣ Visualization is always an afterthoughtpixlcloud | creating big data stories copyright © 2011
  • 25. Myths ‣Real-time ‣Do we really need real-time? ‣Hadoop ‣Not everything that is big data needs to use Hadoop! ‣Know your technologies! ‣Cloud ‣Will we ever put security relevant data into the cloud?pixlcloud | creating big data stories copyright © 2011
  • 26. Resources ‣ SecViz: http://secviz.org and @secviz ‣ CERT - NetSA: http://www.cert.org/netsa/ ‣Mainly a collection of papers and links to some tools (SiLK) ‣ VizSec Conference: http://www.vizsec.org ‣ Applied Security Visualization R. Marty, 2008pixlcloud | creating big data stories copyright © 2011
  • 27. pixlcloud buy nowcreating big data stories @raffaelmarty copyright (c) by r. marty - december 2011

×