SlideShare a Scribd company logo

Awalin-CapWIC

Download as PPTX, PDF
Awalin Sopan
Awalin Sopan

The document discusses using data visualization techniques in cyber security. It notes that cyber threats pose serious challenges and over 200 attacks occurred on industrial control systems in 2013. It then outlines some of the key roles machines and human cyber analysts play in cyber defense. The rest of the document provides examples of how different types of security data, like network traffic, logs, and events, can be visualized using techniques like node-link diagrams, histograms, dashboards and more to help analysts detect anomalies, patterns, and relationships to better understand threats and make timely decisions. It emphasizes the importance of situational awareness and a joint effort between humans and machines in cyber security.

Technology
1 of 39
DataViz in Cyber Security Awalin Sopan @awalinsopan Senior Software Engineer, FireEye, Inc. Mentor: Girls In Technology, VA
2 Copyright © 2014, FireEye, Inc. All rights reserved. Over 200 attacks on major industrial control systems in 2013 “Cyber threat is one of the most serious economic and national security challenges we face as a nation”- Pres. Obama, White House Press release, May 29, 2009
3 Copyright © 2014, FireEye, Inc. All rights reserved. Copyright: EMC Corporation
4 Copyright © 2014, FireEye, Inc. All rights reserved. DEFENSE AGAINST CYBER ATTACK: Role of Machines
5 Copyright © 2014, FireEye, Inc. All rights reserved. DEFENSE AGAINST CYBER ATTACK: Role of a Human (Cyber Analyst) • Detect intrusion • Recommend solution • Threat insight • Gather evidence • Prevent intrusion • Find vulnerability in the system • Block suspected traffic • Forensic analysis: • Create rules to detect future attack • Nature of attack
Multivariate: Packet Capture/TCP dump, (ip, port, pkt size, time, etc…multiple variables) from snort sensors, Server Logs, OS logs, Firewall logs (used in Host based Intrusion Detection System). Relational: Netflow: (nodes and edges) from routers: connection between IPs, hosts. Used in Network Based Intrusion Detection System. Temporal: Log Files/Activity/Events: Host/endpoint events over time SECURITY DATA: DATA CAPTURED THROUGH SENSORS
WHY VISUALIZE DATA?
ANSCOMBE’S QUARTET 1 2 3 4 x y x y x y x y 10.0 8.04 10.0 9.14 10.0 7.46 8.0 6.58 8.0 6.95 8.0 8.14 8.0 6.77 8.0 5.76 13.0 7.58 13.0 8.74 13.0 12.74 8.0 7.71 9.0 8.81 9.0 8.77 9.0 7.11 8.0 8.84 11.0 8.33 11.0 9.26 11.0 7.81 8.0 8.47 14.0 9.96 14.0 8.10 14.0 8.84 8.0 7.04 6.0 7.24 6.0 6.13 6.0 6.08 8.0 5.25 4.0 4.26 4.0 3.10 4.0 5.39 19.0 12.50 12.0 10.84 12.0 9.13 12.0 8.15 8.0 5.56 7.0 4.82 7.0 7.26 7.0 6.42 8.0 7.91 5.0 5.68 5.0 4.74 5.0 5.73 8.0 6.89
ANSCOMBE’S QUARTET 1 2 3 4 x y x y x y x y 10.0 8.04 10.0 9.14 10.0 7.46 8.0 6.58 8.0 6.95 8.0 8.14 8.0 6.77 8.0 5.76 13.0 7.58 13.0 8.74 13.0 12.74 8.0 7.71 9.0 8.81 9.0 8.77 9.0 7.11 8.0 8.84 11.0 8.33 11.0 9.26 11.0 7.81 8.0 8.47 14.0 9.96 14.0 8.10 14.0 8.84 8.0 7.04 6.0 7.24 6.0 6.13 6.0 6.08 8.0 5.25 4.0 4.26 4.0 3.10 4.0 5.39 19.0 12.50 12.0 10.84 12.0 9.13 12.0 8.15 8.0 5.56 7.0 4.82 7.0 7.26 7.0 6.42 8.0 7.91 5.0 5.68 5.0 4.74 5.0 5.73 8.0 6.89 Property Value Mean of x 9.0 Variance of x 11.0 Mean of y 7.5 Linear regression y = 3 + 0.5x
ANSCOMBE’S QUARTET
11 Copyright © 2014, FireEye, Inc. All rights reserved. Find Pattern
12 Copyright © 2014, FireEye, Inc. All rights reserved. Find Anomaly
13 Copyright © 2014, FireEye, Inc. All rights reserved. Compare and Contrast
14 Copyright © 2014, FireEye, Inc. All rights reserved. Overview
15 Copyright © 2014, FireEye, Inc. All rights reserved. View Relation
16 Copyright © 2014, FireEye, Inc. All rights reserved. Global terrorist social network
17 Copyright © 2014, FireEye, Inc. All rights reserved.
18 Copyright © 2014, FireEye, Inc. All rights reserved. • Communicate findings • Overview • Analyze: • Compare and Relate • Find trend/ pattern • Predict • Find anomaly
19 Copyright © 2014, FireEye, Inc. All rights reserved. Multivariate: Packet/TCP dump, (ip, port, pkt size, time, etc…multiple variables), Server Logs table, scatter plot, bubble chart, parallel coordinate Relational: Netflow: communication between the devices. Top-down hierarchy of the system Node-link diagram, Matrix diagram, Tree, Treemap Temporal: Host/endpoint events over time, Log files Line chart, histogram SECURITY DATA TO GRAPH
PACKET CAPTURE: BINARY FILE VIS • http://binvis.io/#/view/examples/elf-Linux-ARMv7-ls.bin
21 Copyright © 2014, FireEye, Inc. All rights reserved. Traffic Flow: Network Data, 361 Rows
22 Copyright © 2014, FireEye, Inc. All rights reserved. 361 network connections, 12 nodes (IPs) Node-Link Diagram
23 Copyright © 2014, FireEye, Inc. All rights reserved.
24 Copyright © 2014, FireEye, Inc. All rights reserved.
25 Copyright © 2014, FireEye, Inc. All rights reserved. Activity Log: Sparklines
26 Copyright © 2014, FireEye, Inc. All rights reserved. R. Marty: Advanced Security Visualization
27 Copyright © 2014, FireEye, Inc. All rights reserved. TreeMap
DASHBOARD Example: SPLUNK
29 Copyright © 2014, FireEye, Inc. All rights reserved. DASHBOARD Example: SPLUNK
VISUAL ANALYTICS: INTERACTIVE VISUAL INTERFACE FOR DECISION MAKING
31 Copyright © 2014, FireEye, Inc. All rights reserved. VISUAL INFORMATION SEEKING “MANTRA” -BEN SHNEIDERMAN • Overview data using charts, dashboard, tables: see all relevant data • Find pattern, trend, outlier, correlation • Sort by rank • Group similar things: group by signature • Zoom and filter: select only interesting ones • Details on Demand: details of the selected alert
Time-based Network Traffic Visualization -JohnGoodallet al,2005.http://tnv.sourceforge.net/ src dest Packets,backgroundcoloredbyhostip,linkscoloredbyprotocol
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=7312763 OCELOT
34 Copyright © 2014, FireEye, Inc. All rights reserved. CYNOMIX GOVE ET A.L, VIZSEC 2014 Find similar malwares
VISUALIZING THE INSIDER THREATHTTP://IEEEXPLORE.IEEE.ORG/XPL/LOGIN.JSP?TP=&ARNUMBER=7312772&URL=HTTP%3A%2F%2FIEEEXPLORE.IEEE.ORG%2FIEL7%2F7310645%2F7312757%2F073 12772.PDF%3FARNUMBER%3D7312772 Interactive PCAof user activity Anomalous cluster
36 Copyright © 2014, FireEye, Inc. All rights reserved. SITUATIONAL AWARENESS
37 Copyright © 2014, FireEye, Inc. All rights reserved. Situation awareness is the ability to : • assess data, • evaluate options, and • make decisions in a timely manner. Analysts are often charged to examine all traffic coming through the network. Providing contextual clues can guide them to the locations they should regard most closely and enable faster decisions. Given the vast and complex nature of cyber space, interface design approaches that capitalize on recent advances in complex data set visualization are well worth exploring”- (Daniel at all, 2010)
38 Copyright © 2014, FireEye, Inc. All rights reserved. Simplicity works
• Humans and machines to work together. • Bridge gap btwn cyber security experts & dataviz experts. • Provide context to the analysts to detect false positives. CHALLENGES awalin.sopan@fireeye.com

Recommended

Awalin viz sec
Awalin viz secAwalin viz sec
Awalin viz sec
Awalin Sopan
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction
Jonathan Cran
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
Greg Foss
 
Top 10 exploited vulnerabilities 2019 (thus far...)
Top 10 exploited vulnerabilities 2019 (thus far...) Top 10 exploited vulnerabilities 2019 (thus far...)
Top 10 exploited vulnerabilities 2019 (thus far...)
Jonathan Cran
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
Cimation
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
 
Vulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionVulnerability Prioritization and Prediction
Vulnerability Prioritization and Prediction
Jonathan Cran
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
Sylvain Martinez
 

Recommended

Awalin viz sec
Awalin viz secAwalin viz sec
Awalin viz sec
Awalin Sopan
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction
Jonathan Cran
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
Greg Foss
 
Top 10 exploited vulnerabilities 2019 (thus far...)
Top 10 exploited vulnerabilities 2019 (thus far...) Top 10 exploited vulnerabilities 2019 (thus far...)
Top 10 exploited vulnerabilities 2019 (thus far...)
Jonathan Cran
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
Cimation
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
 
Vulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionVulnerability Prioritization and Prediction
Vulnerability Prioritization and Prediction
Jonathan Cran
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
Sylvain Martinez
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020
Jonathan Cran
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE - ATT&CKcon
 
Best Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat IntelligenceBest Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat Intelligence
AlienVault
 
Hidden empires of malware
Hidden empires of malwareHidden empires of malware
Hidden empires of malware
Ryan Kovar
 
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
CODE BLUE
 
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine LearningThe Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
Ryan Kovar
 
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-Slides
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-SlidesUS-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-Slides
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-SlidesAbhishek Singh
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security Ecosystem
Cyphort
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Sqrrl
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez
 
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
MITRE - ATT&CKcon
 
Threat hunting workshop
Threat hunting workshopThreat hunting workshop
Threat hunting workshop
Megan Shippy
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
HackerOne
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Computer security
Computer securityComputer security
Computer security
Mohamed Abdo
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
centralohioissa
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
Stefano Maccaglia
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
The Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is KeyThe Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is Key
AlienVault
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 

More Related Content

What's hot

2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020
Jonathan Cran
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE - ATT&CKcon
 
Best Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat IntelligenceBest Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat Intelligence
AlienVault
 
Hidden empires of malware
Hidden empires of malwareHidden empires of malware
Hidden empires of malware
Ryan Kovar
 
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
CODE BLUE
 
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine LearningThe Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
Ryan Kovar
 
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-Slides
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-SlidesUS-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-Slides
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-SlidesAbhishek Singh
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security Ecosystem
Cyphort
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Sqrrl
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez
 
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
MITRE - ATT&CKcon
 
Threat hunting workshop
Threat hunting workshopThreat hunting workshop
Threat hunting workshop
Megan Shippy
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
HackerOne
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 

What's hot (15)

2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020
 
Honeypot
Honeypot Honeypot
Honeypot
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
 
Best Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat IntelligenceBest Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat Intelligence
 
Hidden empires of malware
Hidden empires of malwareHidden empires of malware
Hidden empires of malware
 
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
CODE BLUE 2014 : [Keynote] The 5 biggest problems of cyber security - and how...
 
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine LearningThe Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning
 
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-Slides
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-SlidesUS-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-Slides
US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-Slides
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security Ecosystem
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
 
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...
 
Threat hunting workshop
Threat hunting workshopThreat hunting workshop
Threat hunting workshop
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 

Similar to Awalin-CapWIC

Computer security
Computer securityComputer security
Computer security
Mohamed Abdo
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
centralohioissa
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
Stefano Maccaglia
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
The Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is KeyThe Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is Key
AlienVault
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
Dataviz For Cyber Security
Dataviz For Cyber SecurityDataviz For Cyber Security
Dataviz For Cyber Security
Awalin Sopan
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
Gregory Hanis
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
APNIC
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
Bipin Upadhyay
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1
Barry Greene
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
Tzar Umang
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
Cisco Canada
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
APNIC
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 

Similar to Awalin-CapWIC (20)

Computer security
Computer securityComputer security
Computer security
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
The Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is KeyThe Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is Key
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Dataviz For Cyber Security
Dataviz For Cyber SecurityDataviz For Cyber Security
Dataviz For Cyber Security
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
 
Malware Analysis -an overview by PP Singh
Malware Analysis -an overview by PP SinghMalware Analysis -an overview by PP Singh
Malware Analysis -an overview by PP Singh
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 

Recently uploaded

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 

Recently uploaded (20)

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 

Awalin-CapWIC

  • 1. DataViz in Cyber Security Awalin Sopan @awalinsopan Senior Software Engineer, FireEye, Inc. Mentor: Girls In Technology, VA
  • 2. 2 Copyright © 2014, FireEye, Inc. All rights reserved. Over 200 attacks on major industrial control systems in 2013 “Cyber threat is one of the most serious economic and national security challenges we face as a nation”- Pres. Obama, White House Press release, May 29, 2009
  • 3. 3 Copyright © 2014, FireEye, Inc. All rights reserved. Copyright: EMC Corporation
  • 4. 4 Copyright © 2014, FireEye, Inc. All rights reserved. DEFENSE AGAINST CYBER ATTACK: Role of Machines
  • 5. 5 Copyright © 2014, FireEye, Inc. All rights reserved. DEFENSE AGAINST CYBER ATTACK: Role of a Human (Cyber Analyst) • Detect intrusion • Recommend solution • Threat insight • Gather evidence • Prevent intrusion • Find vulnerability in the system • Block suspected traffic • Forensic analysis: • Create rules to detect future attack • Nature of attack
  • 6. Multivariate: Packet Capture/TCP dump, (ip, port, pkt size, time, etc…multiple variables) from snort sensors, Server Logs, OS logs, Firewall logs (used in Host based Intrusion Detection System). Relational: Netflow: (nodes and edges) from routers: connection between IPs, hosts. Used in Network Based Intrusion Detection System. Temporal: Log Files/Activity/Events: Host/endpoint events over time SECURITY DATA: DATA CAPTURED THROUGH SENSORS
  • 8. ANSCOMBE’S QUARTET 1 2 3 4 x y x y x y x y 10.0 8.04 10.0 9.14 10.0 7.46 8.0 6.58 8.0 6.95 8.0 8.14 8.0 6.77 8.0 5.76 13.0 7.58 13.0 8.74 13.0 12.74 8.0 7.71 9.0 8.81 9.0 8.77 9.0 7.11 8.0 8.84 11.0 8.33 11.0 9.26 11.0 7.81 8.0 8.47 14.0 9.96 14.0 8.10 14.0 8.84 8.0 7.04 6.0 7.24 6.0 6.13 6.0 6.08 8.0 5.25 4.0 4.26 4.0 3.10 4.0 5.39 19.0 12.50 12.0 10.84 12.0 9.13 12.0 8.15 8.0 5.56 7.0 4.82 7.0 7.26 7.0 6.42 8.0 7.91 5.0 5.68 5.0 4.74 5.0 5.73 8.0 6.89
  • 9. ANSCOMBE’S QUARTET 1 2 3 4 x y x y x y x y 10.0 8.04 10.0 9.14 10.0 7.46 8.0 6.58 8.0 6.95 8.0 8.14 8.0 6.77 8.0 5.76 13.0 7.58 13.0 8.74 13.0 12.74 8.0 7.71 9.0 8.81 9.0 8.77 9.0 7.11 8.0 8.84 11.0 8.33 11.0 9.26 11.0 7.81 8.0 8.47 14.0 9.96 14.0 8.10 14.0 8.84 8.0 7.04 6.0 7.24 6.0 6.13 6.0 6.08 8.0 5.25 4.0 4.26 4.0 3.10 4.0 5.39 19.0 12.50 12.0 10.84 12.0 9.13 12.0 8.15 8.0 5.56 7.0 4.82 7.0 7.26 7.0 6.42 8.0 7.91 5.0 5.68 5.0 4.74 5.0 5.73 8.0 6.89 Property Value Mean of x 9.0 Variance of x 11.0 Mean of y 7.5 Linear regression y = 3 + 0.5x
  • 11. 11 Copyright © 2014, FireEye, Inc. All rights reserved. Find Pattern
  • 12. 12 Copyright © 2014, FireEye, Inc. All rights reserved. Find Anomaly
  • 13. 13 Copyright © 2014, FireEye, Inc. All rights reserved. Compare and Contrast
  • 14. 14 Copyright © 2014, FireEye, Inc. All rights reserved. Overview
  • 15. 15 Copyright © 2014, FireEye, Inc. All rights reserved. View Relation
  • 16. 16 Copyright © 2014, FireEye, Inc. All rights reserved. Global terrorist social network
  • 17. 17 Copyright © 2014, FireEye, Inc. All rights reserved.
  • 18. 18 Copyright © 2014, FireEye, Inc. All rights reserved. • Communicate findings • Overview • Analyze: • Compare and Relate • Find trend/ pattern • Predict • Find anomaly
  • 19. 19 Copyright © 2014, FireEye, Inc. All rights reserved. Multivariate: Packet/TCP dump, (ip, port, pkt size, time, etc…multiple variables), Server Logs table, scatter plot, bubble chart, parallel coordinate Relational: Netflow: communication between the devices. Top-down hierarchy of the system Node-link diagram, Matrix diagram, Tree, Treemap Temporal: Host/endpoint events over time, Log files Line chart, histogram SECURITY DATA TO GRAPH
  • 20. PACKET CAPTURE: BINARY FILE VIS • http://binvis.io/#/view/examples/elf-Linux-ARMv7-ls.bin
  • 21. 21 Copyright © 2014, FireEye, Inc. All rights reserved. Traffic Flow: Network Data, 361 Rows
  • 22. 22 Copyright © 2014, FireEye, Inc. All rights reserved. 361 network connections, 12 nodes (IPs) Node-Link Diagram
  • 23. 23 Copyright © 2014, FireEye, Inc. All rights reserved.
  • 24. 24 Copyright © 2014, FireEye, Inc. All rights reserved.
  • 25. 25 Copyright © 2014, FireEye, Inc. All rights reserved. Activity Log: Sparklines
  • 26. 26 Copyright © 2014, FireEye, Inc. All rights reserved. R. Marty: Advanced Security Visualization
  • 27. 27 Copyright © 2014, FireEye, Inc. All rights reserved. TreeMap
  • 29. 29 Copyright © 2014, FireEye, Inc. All rights reserved. DASHBOARD Example: SPLUNK
  • 30. VISUAL ANALYTICS: INTERACTIVE VISUAL INTERFACE FOR DECISION MAKING
  • 31. 31 Copyright © 2014, FireEye, Inc. All rights reserved. VISUAL INFORMATION SEEKING “MANTRA” -BEN SHNEIDERMAN • Overview data using charts, dashboard, tables: see all relevant data • Find pattern, trend, outlier, correlation • Sort by rank • Group similar things: group by signature • Zoom and filter: select only interesting ones • Details on Demand: details of the selected alert
  • 32. Time-based Network Traffic Visualization -JohnGoodallet al,2005.http://tnv.sourceforge.net/ src dest Packets,backgroundcoloredbyhostip,linkscoloredbyprotocol
  • 34. 34 Copyright © 2014, FireEye, Inc. All rights reserved. CYNOMIX GOVE ET A.L, VIZSEC 2014 Find similar malwares
  • 35. VISUALIZING THE INSIDER THREATHTTP://IEEEXPLORE.IEEE.ORG/XPL/LOGIN.JSP?TP=&ARNUMBER=7312772&URL=HTTP%3A%2F%2FIEEEXPLORE.IEEE.ORG%2FIEL7%2F7310645%2F7312757%2F073 12772.PDF%3FARNUMBER%3D7312772 Interactive PCAof user activity Anomalous cluster
  • 36. 36 Copyright © 2014, FireEye, Inc. All rights reserved. SITUATIONAL AWARENESS
  • 37. 37 Copyright © 2014, FireEye, Inc. All rights reserved. Situation awareness is the ability to : • assess data, • evaluate options, and • make decisions in a timely manner. Analysts are often charged to examine all traffic coming through the network. Providing contextual clues can guide them to the locations they should regard most closely and enable faster decisions. Given the vast and complex nature of cyber space, interface design approaches that capitalize on recent advances in complex data set visualization are well worth exploring”- (Daniel at all, 2010)
  • 38. 38 Copyright © 2014, FireEye, Inc. All rights reserved. Simplicity works
  • 39. • Humans and machines to work together. • Bridge gap btwn cyber security experts & dataviz experts. • Provide context to the analysts to detect false positives. CHALLENGES awalin.sopan@fireeye.com

Editor's Notes

  1. Explain a scenario … Phishing, Key log, Access the system, Steals passowrd, vpn. Access credit card processing info. Repeat until done.
  2. A machine learning algorithm, data mining can help generate alerts for possible malware attack, but with more and more clever hackers, we need human intelligence to separate the false positive from the true ones.
  3. Source: wikipaedia
  4. Simple statistical properties failed to convey the actual overview. May be there is some outlier. Or trend, pattern.
  5. we are more or less familiar with creating charts and graphs, now let’s see how these data from cyber space can be mapped to our day to day charts.
  6. Dashboards: Cyber analysts make use of dashboards for their situation awareness, to make decision in a timely manner,
  7. Dashboards: Cyber analysts make use of dashboards for their situation awareness, to make decision in a timely manner,
  8. a computer-driven transformation of abstract data into an interactive visual depiction aiming at insight – which in turn translates into “discovery, decision-making, and explanation”
  9. A machine learning algorithm, data mining can help generate alerts for possible malware attack, but with more and more clever hackers, we need human intelligence to separate the false positive from the true ones.