This document provides an introduction to HTML and HTML5. It discusses what HTML is, the basic tags used in HTML like <p> and <a>, and newer tags introduced in HTML5 like <header>, <footer>, <video>, and <canvas>. It also covers CSS, JavaScript, and how the three languages work together. The document gives examples of HTML, HTML5, and CSS code. It provides guidance on structure, semantics, accessibility and gives homework on practicing HTML.
The document discusses iOS Keychain, which is an encrypted container for securely storing private information like passwords and certificates on iOS devices. Keychain stores data for each app separately, but data can be shared between apps with the same access group. The document provides code examples for adding, finding, updating, and removing items from the Keychain via API methods like SecItemAdd, SecItemCopyMatching, and SecItemDelete.
The document discusses caching techniques in Python. It begins with an introduction to caching and how it is similar to manual memory management. It then covers common caching patterns like memoization and cache invalidation. Some common problems with caching are discussed such as invalidating too much/little data and dependencies between cached values. Finally, it presents solutions like using process-level caching with dicts, application-level caching with Memcache, and batch invalidation of keys.
The document discusses embedding Direct to Web (D2W) functionality into existing WebObjects applications. It explains why one would want to do this, such as to reduce component explosion, provide CRUD functionality, enable property sorting and grouping, and support localization. It covers how to embed D2W, including using the necessary frameworks and resources. It also demonstrates different Apple and WOnder D2W components that can be embedded and provides examples of how to use them, including using bindings and page configurations. Finally, it briefly discusses custom D2W components.
Security Visualization - State of 2010 and 2011 PredictionsRaffael Marty
The document discusses current trends in data visualization. It notes that data collection is important but often lacking. The cloud enables open standards and tools for visualization. However, security visualization remains an afterthought, with few examples and small individual projects, as most organizations do not collect enough security data to visualize. Standards and general purpose visualization tools are still needed to help users understand security data.
Wim Remes SOURCE Boston 2011 Prezo
Among the blind, the squinter rules.
Security visualization in the field.
@wimremes on twitter
wremes-at-gmail-dot-com
This document provides an introduction to HTML and HTML5. It discusses what HTML is, the basic tags used in HTML like <p> and <a>, and newer tags introduced in HTML5 like <header>, <footer>, <video>, and <canvas>. It also covers CSS, JavaScript, and how the three languages work together. The document gives examples of HTML, HTML5, and CSS code. It provides guidance on structure, semantics, accessibility and gives homework on practicing HTML.
The document discusses iOS Keychain, which is an encrypted container for securely storing private information like passwords and certificates on iOS devices. Keychain stores data for each app separately, but data can be shared between apps with the same access group. The document provides code examples for adding, finding, updating, and removing items from the Keychain via API methods like SecItemAdd, SecItemCopyMatching, and SecItemDelete.
The document discusses caching techniques in Python. It begins with an introduction to caching and how it is similar to manual memory management. It then covers common caching patterns like memoization and cache invalidation. Some common problems with caching are discussed such as invalidating too much/little data and dependencies between cached values. Finally, it presents solutions like using process-level caching with dicts, application-level caching with Memcache, and batch invalidation of keys.
The document discusses embedding Direct to Web (D2W) functionality into existing WebObjects applications. It explains why one would want to do this, such as to reduce component explosion, provide CRUD functionality, enable property sorting and grouping, and support localization. It covers how to embed D2W, including using the necessary frameworks and resources. It also demonstrates different Apple and WOnder D2W components that can be embedded and provides examples of how to use them, including using bindings and page configurations. Finally, it briefly discusses custom D2W components.
Security Visualization - State of 2010 and 2011 PredictionsRaffael Marty
The document discusses current trends in data visualization. It notes that data collection is important but often lacking. The cloud enables open standards and tools for visualization. However, security visualization remains an afterthought, with few examples and small individual projects, as most organizations do not collect enough security data to visualize. Standards and general purpose visualization tools are still needed to help users understand security data.
Wim Remes SOURCE Boston 2011 Prezo
Among the blind, the squinter rules.
Security visualization in the field.
@wimremes on twitter
wremes-at-gmail-dot-com
Cyber Security – How Visual Analytics Unlock InsightRaffael Marty
Video can be found at: http://youtu.be/CEAMF0TaUUU
In the Cyber Security domain, we have been collecting ‘big data’ for almost two decades. The volume and variety of our data is extremely large, but understanding and capturing the semantics of the data is even more of a challenge. Finding the needle in the proverbial haystack has been attempted from many different angles. In this talk we will have a look at what approaches have been explored, what has worked, and what has not. We will see that there is still a large amount of work to be done and data mining is going to play a central role. We’ll try to motivate that in order to successfully find bad guys, we will have to embrace a solution that not only leverages clever data mining, but employs the right mix between human computer interfaces, data mining, and scalable data platforms.
How Cyberflow Analytics have used KeyLines’ network visualization functionality to develop the next generation of cyber security analytics platform – built for the scope and scale of the Internet of Things.
The Heatmap - Why is Security Visualization so Hard?Raffael Marty
This presentation explores why it is so hard to come up with a security monitoring (or shall we call it security intelligence) approach that helps find sophisticated attackers in all the data collected. It explores the question of how to visualize a billion events. To do so, the presentation dives deeply into heatmaps - matrices - as an example of a simple type of visualization. While these heatmaps are very simple, they are incredibly versatile and help us think about the problem of security visualization. They help illustrate how data mining and user experience design help get a handle of the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
AfterGlow is a script that assists with the visualization of log data. It reads CSV files and converts them into a Graph description. Check out http://afterglow.sf.net for more information also.
This short presentation gives an overview of AfterGlow and outlines the features and capabilities of the tool. It discusses some of the harder to understand features by showing some configuration examples that can be used as a starting point for some more sophisticated setups.
AftterGlow is one the most downloaded security visualization tools with over 17,000 downloads.
Vision is a human’s dominant sense. It is the communication channel with the highest bandwidth into the human brain. Security tools and applications need to make better use of information visualization to enhance human computer interactions and information exchange.
In this talk we will explore a few basic principles of information visualization to see how they apply to cyber security. We will explore both visualization as a data presentation, as well as a data discovery tool. We will address questions like: What makes for effective visualizations? What are some core principles to follow when designing a dashboard? How do you go about visually exploring a terabyte of data? And what role do big data and data mining play in security visualization?
The presentation is filled with visualizations of security data to help translate the theoretical concepts into tangible applications.
Security Visualization - Let's Take A Step BackRaffael Marty
I gave the keynote at VizSec 2012. I used the opportunity to take a step back to see where security visualization is at and propose a challenge for how some of the problems we should be focusing on going forward.
Video recording is here: http://youtu.be/AEAs7IzTHMo
Case study on how to use interactive data visualization and predictive modeling to find the needle in the haystack for SIEM Analytics and Cyber Security. Practical and handouts on tutorial.
We share experiences from our clients, which include Fortune 100 companies, governments and government agencies, two of the top SIEM vendors, and a variety of mid-size companies.
Workshop: Big Data Visualization for SecurityRaffael Marty
Big Data is the latest hype in the security industry. We will have a closer look at what big data is comprised of: Hadoop, Spark, ElasticSearch, Hive, MongoDB, etc. We will learn how to best manage security data in a small Hadoop cluster for different types of use-cases. Doing so, we will encounter a number of big-data open source tools, such as LogStash and Moloch that help with managing log files and packet captures.
As a second topic we will look at visualization and how we can leverage visualization to learn more about our data. In the hands-on part, we will use some of the big data tools, as well as a number of visualization tools to actively investigate a sample data set.
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start 'hunting' for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.
Here is a blog post I wrote a bit ago about the general theme of internal threat intelligence:
http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225?
This document discusses using data visualization techniques to analyze network security data and detect cyber attacks. It provides examples of visualizing network traffic data from tcpdump files using Perl scripts and Grace to plot graphs. Specific examples include visualizing a port scan, vulnerability scanner, and wargame traffic to identify anomalous patterns compared to normal traffic baselines. Tools mentioned include tcpdump, Ethereal, EtherApe, and research on visualizing intrusion detection systems, routing anomalies, and worm propagation.
The document discusses OpenSOC, an open source security operations center platform for analyzing 1.2 million network packets per second in real time. It provides an overview of the business case for OpenSOC, the solution architecture and design, best practices and lessons learned from deploying OpenSOC at scale. The presentation covers topics like optimizing Kafka, HBase and Storm performance through techniques like tuning configurations, designing row keys, managing region splits, and handling errors. It also discusses integrating analytics tools and the community partnership opportunities around OpenSOC.
DataStax: Enabling Search in your Cassandra Application with DataStax EnterpriseDataStax Academy
This document provides an overview of how to enable search capabilities in Cassandra applications using Datastax Enterprise (DSE). It discusses how DSE allows indexing and searching of Cassandra data by integrating the Solr/Lucene search engine. Specifically, it explains that with DSE, data remains stored in Cassandra while indexes are maintained in Solr/Lucene. This provides search capabilities without requiring ETL processes to migrate data out of Cassandra. The document includes code examples of how to define a table and secondary index in Cassandra to support full-text search on tags columns using DSE.
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax
This talk will review the advanced security features in DataStax Enterprise and discuss best practices for secure deployments. In particular, topics reviewed will cover: Authentication with Kerberos & LDAP/Active Directory, Role-based Authorization and LDAP role assignment, Auditing, Securing network communication, Encrypting data files and using the Key-Management Interoperability Protocol (KMIP) for secure off-host key management. The talk will also suggest strategies for addressing security needs not met directly by the built-in features of the database such as how to address applications that require Attribute Based Access Control (ABAC).
About the Speaker
Matt Kennedy Sr. Product Manager, DataStax
Matt Kennedy works at DataStax as the product manager for DataStax Enterprise Core. Matt has been a Cassandra user and occasional contributor since version 0.7 and was named a Cassandra MVP in 2013 shortly before joining DataStax. Unlike Cassandra, Matt is not partition tolerant.
This document discusses how to build and use SQLCipher, an SQLite extension that provides encryption of database files. It describes compiling SQLCipher and OpenSSL from source, configuring an Xcode project to include the libraries, setting an encryption key for databases, and provides links for further information.
This document provides an overview of EDA (Epsilon Data Format), which is used to represent digital publishing data like books, comics, and magazines. It describes the core components of EDA including nodes, views, animations, and different document types (Tier 1, 2, and 3). The core nodes (Tier 1) include EDANode, which contains properties and children. Views (Tier 2) are used to display nodes and include scroll views and images. Higher-level document types (Tier 3) are constructed with nodes and views, such as comics, magazines, and books. Examples are provided for creating scrolling pages, sprites, and animations using EDA.
This document discusses secure coding practices for PL/SQL applications. It begins by covering common security problems in PL/SQL code like injection vulnerabilities. It then demonstrates how to find security issues like sinks and sources in code. The document emphasizes the importance of limiting access to code and data as well as following secure coding standards. Finally, it explores options for protecting intellectual property in PL/SQL code like wrapping, obfuscation, and adding license validation.
Jonathan is a MySQL consultant who specializes in SQL, indexing, and reporting for big data. This tutorial will cover strategies for resolving 80% of performance problems, including indexes, partitioning, intensive table optimization, and finding and addressing bottlenecks. The strategies discussed will be common, established approaches based on the presenter's experience working with MySQL since 2007.
This document provides an agenda and slides for a PowerShell presentation. The agenda covers PowerShell basics, file systems, users and access control, event logs, and system management. The slides introduce PowerShell, discuss cmdlets and modules, and demonstrate various administrative tasks like managing files, users, services, and the firewall using PowerShell. The presentation aims to show how PowerShell can be used for both system administration and security/blue team tasks.
Rails is a great Ruby-based framework for producing web sites quickly and effectively. Here are a bunch of tips and best practices aimed at the Ruby newbie.
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
The document provides an overview of Oracle Key Vault and Data Subsetting and Masking Pack. It discusses how Oracle Key Vault can be used to centrally manage encryption keys and securely share them across databases, middleware, and systems. It also summarizes the key capabilities of Oracle Data Subsetting and Masking Pack, which can be used to discover, mask, and subset sensitive data to limit its proliferation while sharing non-sensitive data with others. The document highlights use cases, challenges, methodology, transformation types, and deployment options for data masking and subsetting.
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESDrupalCamp Kyiv
In agile world when requirements changes faster than tasks got "done" status, we forced to make fast solutions that will work here and now. Being under pressure and in strict dead lines it easy to ignore code standards, "drupal way", and best practices that could be found in top Drupal sites. Tools and tips to keep your code clean.
https://drupalcampkyiv.org/node/37
Cyber Security – How Visual Analytics Unlock InsightRaffael Marty
Video can be found at: http://youtu.be/CEAMF0TaUUU
In the Cyber Security domain, we have been collecting ‘big data’ for almost two decades. The volume and variety of our data is extremely large, but understanding and capturing the semantics of the data is even more of a challenge. Finding the needle in the proverbial haystack has been attempted from many different angles. In this talk we will have a look at what approaches have been explored, what has worked, and what has not. We will see that there is still a large amount of work to be done and data mining is going to play a central role. We’ll try to motivate that in order to successfully find bad guys, we will have to embrace a solution that not only leverages clever data mining, but employs the right mix between human computer interfaces, data mining, and scalable data platforms.
How Cyberflow Analytics have used KeyLines’ network visualization functionality to develop the next generation of cyber security analytics platform – built for the scope and scale of the Internet of Things.
The Heatmap - Why is Security Visualization so Hard?Raffael Marty
This presentation explores why it is so hard to come up with a security monitoring (or shall we call it security intelligence) approach that helps find sophisticated attackers in all the data collected. It explores the question of how to visualize a billion events. To do so, the presentation dives deeply into heatmaps - matrices - as an example of a simple type of visualization. While these heatmaps are very simple, they are incredibly versatile and help us think about the problem of security visualization. They help illustrate how data mining and user experience design help get a handle of the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
AfterGlow is a script that assists with the visualization of log data. It reads CSV files and converts them into a Graph description. Check out http://afterglow.sf.net for more information also.
This short presentation gives an overview of AfterGlow and outlines the features and capabilities of the tool. It discusses some of the harder to understand features by showing some configuration examples that can be used as a starting point for some more sophisticated setups.
AftterGlow is one the most downloaded security visualization tools with over 17,000 downloads.
Vision is a human’s dominant sense. It is the communication channel with the highest bandwidth into the human brain. Security tools and applications need to make better use of information visualization to enhance human computer interactions and information exchange.
In this talk we will explore a few basic principles of information visualization to see how they apply to cyber security. We will explore both visualization as a data presentation, as well as a data discovery tool. We will address questions like: What makes for effective visualizations? What are some core principles to follow when designing a dashboard? How do you go about visually exploring a terabyte of data? And what role do big data and data mining play in security visualization?
The presentation is filled with visualizations of security data to help translate the theoretical concepts into tangible applications.
Security Visualization - Let's Take A Step BackRaffael Marty
I gave the keynote at VizSec 2012. I used the opportunity to take a step back to see where security visualization is at and propose a challenge for how some of the problems we should be focusing on going forward.
Video recording is here: http://youtu.be/AEAs7IzTHMo
Case study on how to use interactive data visualization and predictive modeling to find the needle in the haystack for SIEM Analytics and Cyber Security. Practical and handouts on tutorial.
We share experiences from our clients, which include Fortune 100 companies, governments and government agencies, two of the top SIEM vendors, and a variety of mid-size companies.
Workshop: Big Data Visualization for SecurityRaffael Marty
Big Data is the latest hype in the security industry. We will have a closer look at what big data is comprised of: Hadoop, Spark, ElasticSearch, Hive, MongoDB, etc. We will learn how to best manage security data in a small Hadoop cluster for different types of use-cases. Doing so, we will encounter a number of big-data open source tools, such as LogStash and Moloch that help with managing log files and packet captures.
As a second topic we will look at visualization and how we can leverage visualization to learn more about our data. In the hands-on part, we will use some of the big data tools, as well as a number of visualization tools to actively investigate a sample data set.
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start 'hunting' for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.
Here is a blog post I wrote a bit ago about the general theme of internal threat intelligence:
http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225?
This document discusses using data visualization techniques to analyze network security data and detect cyber attacks. It provides examples of visualizing network traffic data from tcpdump files using Perl scripts and Grace to plot graphs. Specific examples include visualizing a port scan, vulnerability scanner, and wargame traffic to identify anomalous patterns compared to normal traffic baselines. Tools mentioned include tcpdump, Ethereal, EtherApe, and research on visualizing intrusion detection systems, routing anomalies, and worm propagation.
The document discusses OpenSOC, an open source security operations center platform for analyzing 1.2 million network packets per second in real time. It provides an overview of the business case for OpenSOC, the solution architecture and design, best practices and lessons learned from deploying OpenSOC at scale. The presentation covers topics like optimizing Kafka, HBase and Storm performance through techniques like tuning configurations, designing row keys, managing region splits, and handling errors. It also discusses integrating analytics tools and the community partnership opportunities around OpenSOC.
DataStax: Enabling Search in your Cassandra Application with DataStax EnterpriseDataStax Academy
This document provides an overview of how to enable search capabilities in Cassandra applications using Datastax Enterprise (DSE). It discusses how DSE allows indexing and searching of Cassandra data by integrating the Solr/Lucene search engine. Specifically, it explains that with DSE, data remains stored in Cassandra while indexes are maintained in Solr/Lucene. This provides search capabilities without requiring ETL processes to migrate data out of Cassandra. The document includes code examples of how to define a table and secondary index in Cassandra to support full-text search on tags columns using DSE.
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax
This talk will review the advanced security features in DataStax Enterprise and discuss best practices for secure deployments. In particular, topics reviewed will cover: Authentication with Kerberos & LDAP/Active Directory, Role-based Authorization and LDAP role assignment, Auditing, Securing network communication, Encrypting data files and using the Key-Management Interoperability Protocol (KMIP) for secure off-host key management. The talk will also suggest strategies for addressing security needs not met directly by the built-in features of the database such as how to address applications that require Attribute Based Access Control (ABAC).
About the Speaker
Matt Kennedy Sr. Product Manager, DataStax
Matt Kennedy works at DataStax as the product manager for DataStax Enterprise Core. Matt has been a Cassandra user and occasional contributor since version 0.7 and was named a Cassandra MVP in 2013 shortly before joining DataStax. Unlike Cassandra, Matt is not partition tolerant.
This document discusses how to build and use SQLCipher, an SQLite extension that provides encryption of database files. It describes compiling SQLCipher and OpenSSL from source, configuring an Xcode project to include the libraries, setting an encryption key for databases, and provides links for further information.
This document provides an overview of EDA (Epsilon Data Format), which is used to represent digital publishing data like books, comics, and magazines. It describes the core components of EDA including nodes, views, animations, and different document types (Tier 1, 2, and 3). The core nodes (Tier 1) include EDANode, which contains properties and children. Views (Tier 2) are used to display nodes and include scroll views and images. Higher-level document types (Tier 3) are constructed with nodes and views, such as comics, magazines, and books. Examples are provided for creating scrolling pages, sprites, and animations using EDA.
This document discusses secure coding practices for PL/SQL applications. It begins by covering common security problems in PL/SQL code like injection vulnerabilities. It then demonstrates how to find security issues like sinks and sources in code. The document emphasizes the importance of limiting access to code and data as well as following secure coding standards. Finally, it explores options for protecting intellectual property in PL/SQL code like wrapping, obfuscation, and adding license validation.
Jonathan is a MySQL consultant who specializes in SQL, indexing, and reporting for big data. This tutorial will cover strategies for resolving 80% of performance problems, including indexes, partitioning, intensive table optimization, and finding and addressing bottlenecks. The strategies discussed will be common, established approaches based on the presenter's experience working with MySQL since 2007.
This document provides an agenda and slides for a PowerShell presentation. The agenda covers PowerShell basics, file systems, users and access control, event logs, and system management. The slides introduce PowerShell, discuss cmdlets and modules, and demonstrate various administrative tasks like managing files, users, services, and the firewall using PowerShell. The presentation aims to show how PowerShell can be used for both system administration and security/blue team tasks.
Rails is a great Ruby-based framework for producing web sites quickly and effectively. Here are a bunch of tips and best practices aimed at the Ruby newbie.
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
The document provides an overview of Oracle Key Vault and Data Subsetting and Masking Pack. It discusses how Oracle Key Vault can be used to centrally manage encryption keys and securely share them across databases, middleware, and systems. It also summarizes the key capabilities of Oracle Data Subsetting and Masking Pack, which can be used to discover, mask, and subset sensitive data to limit its proliferation while sharing non-sensitive data with others. The document highlights use cases, challenges, methodology, transformation types, and deployment options for data masking and subsetting.
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESDrupalCamp Kyiv
In agile world when requirements changes faster than tasks got "done" status, we forced to make fast solutions that will work here and now. Being under pressure and in strict dead lines it easy to ignore code standards, "drupal way", and best practices that could be found in top Drupal sites. Tools and tips to keep your code clean.
https://drupalcampkyiv.org/node/37
Drupal Security from Drupalcamp BratislavaGábor Hojtsy
Gábor Hojtsy presented on Drupal security at Drupalcamp Bratislava in 2010. He discussed common security risks like injection, cross-site scripting, authentication issues and how Drupal addresses them through secure APIs and modules. The Drupal security team works to ensure the security of Drupal core and contributed modules by finding and fixing vulnerabilities and educating developers on secure coding practices. While open source can increase scrutiny, it also multiplies eyes finding and addressing issues for more secure software.
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...Rudy Jahchan
Great testing and deployment tools already exist for web platforms like Rails; now it is iOS' turn! What's out there, where can you get it, how do you use it ... and where do we go from here?
Cryptography and encryption and security networkNirajKumar620142
This document outlines a chapter on security from a textbook. It discusses various topics in security including ancient ciphers, modern cryptosystems, secret key cryptography, public key cryptography, cryptanalysis, key management, Java Cryptography Extension (JCE), digital signatures, public key infrastructure, authentication, Secure Sockets Layer (SSL), Java language security and secure coding practices. It also includes code snippets from an example application that demonstrates password-based encryption and decryption in Java using the JCE.
Some basic security controls you can (and should) implement in your web apps. Specifically this covers:
1 - Beyond SQL injection
2 - Cross-site Scripting
3 - Access Control
Rails security best practices involve defending at multiple layers including the network, operating system, web server, web application, and database. The document outlines numerous vulnerabilities at the web application layer such as information leaks, session hijacking, SQL injection, mass assignment, unscoped finds, cross-site scripting (XSS), cross-site request forgery (CSRF), and denial-of-service attacks. It provides recommendations to address each vulnerability through secure coding practices and configuration in Rails.
Making Joomla Insecure - Explaining security by breaking itTim Plummer
This document summarizes a presentation about making Joomla insecure and how to protect against common vulnerabilities. It demonstrates how to introduce vulnerabilities like SQL injection, local file inclusion, and cross-site scripting. It then provides tips to secure a Joomla site, such as sanitizing user input, updating to the latest version, using strong passwords, checking for file existence, and more. The goal is to make attendees aware of potential risks and how to properly secure a Joomla website.
Gábor Hojtsy gave a presentation on doing Drupal security right. He discussed common web application security risks like SQL injection, cross-site scripting, and insecure direct object references. He explained how Drupal addresses these issues through features like input filtering, form tokens, and access control. Hojtsy emphasized that while Drupal provides secure APIs, developers must use them properly. He also discussed Drupal's open security team that works to find and fix vulnerabilities in Drupal core and contributed modules.
Data, the way that we process it and store it, is one of many important aspects of IT. Data is the lifeblood of our organizations, supporting real-time business processes and decision-making. For our DevOps strategy to be truly effective we must be able to safely and quickly evolve production databases, just as we safely and quickly evolve production code. Yet for many organizations their data sources prove to be less than trustworthy and their data-oriented development efforts little more than productivity sinkholes. We can, and must, do better.
This presentation begins with a collection of agile principles for data professionals and of data principles for agile developers - the first step in working together is to understand and appreciate the priorities and strengths of the people that we work with. Our focus is on a collection of practices that enable development teams to easily and safely evolve and deploy databases. These techniques include agile data modeling, database refactoring, database regression testing, continuous database integration, and continuous database deployment.
We also work through operational strategies required of production databases to support your DevOps strategy. If data sources aren’t an explicit part of your DevOps strategy then you’re not really doing DevOps, are you?
Gábor Hojtsy presented on Drupal security at Drupalcamp Bratislava. He discussed the top security risks for Drupal sites like insecure server configurations, weak passwords, and cross-site scripting vulnerabilities. Hojtsy explained the proper Drupal approaches to mitigate these risks, such as using strong passwords, keeping software updated, sanitizing user input, and leveraging Drupal's built-in security features like form tokens. He also covered the work of the Drupal security team to help ensure the core framework and contributed modules are secure.
How to protect, detect, and respond to your threats.
This is an MSP centric talk exploring how to detect, protect, and respond to cyber security threats. We first walk through the cyber defense matrix, explore what security intelligence needs to be and emphasize the concepts with two case studies of BlackCat.
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
Blog Post: http://raffy.ch/blog. - Video: https://youtu.be/nk5uz0VZrxM
In this video we talk about the world of security data or log data. In the first section, we dive into a bit of a history lesson around log management, SIEM, and big data in security. We then shift to the present to discuss some of the challenges that we face today with managing all of that data and also discuss some of the trends in the security analytics space. In the third section, we focus on the future. What does tomorrow hold in the SIEM / security data space? What are some of the key features we will see and how does this matter to the user of these approaches.
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
The cyber security industry has spent trillions of dollars to keep external attackers at bay. To what effect? We still don't see an end to the cat and mouse game between attackers and the security industry; zero day attacks, new vulnerabilities, ever increasingly sophisticated attacks, etc. We need a paradigm shift in security. A shift away from traditional threat intelligence and indicators of compromise (IOCs). We need to look at understanding behaviors. Those of devices and those of humans.
What are the security approaches and trends that will make an actual difference in protecting our critical data and intellectual property; not just from external attackers, but also from malicious insiders? We will explore topics from the 'all solving' artificial intelligence to risk-based security. We will look at what is happening within the security industry itself, where startups are putting placing their bets, and how human factors will play an increasingly important role in security, along with all of the potential challenges that will create.
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
Companies have AI projects. Security products use AI to keep attackers out and insiders at bay. But what is this "AI" that everyone talks about? In this talk we will explore what artificial intelligence in cyber security is, where the limitations and dangers are, and in what areas we should invest more in AI. We will talk about some of the recent failures of AI in security and invite a conversation about how we verify artificially intelligent systems to understand how much trust we can place in them.
Alongside the AI conversation, we will discover that we need to make a shift in our traditional approach to cyber security. We need to augment our reactive approaches of studying adversary behaviors to understanding behaviors of users and machines to inform a risk-driven approach to security that prevents even zero day attacks.
In this presentation I explore the topic of artificial intelligence in cyber security. What is AI and how do we get to real intelligence in a cyber context. I outline some of the dangers of the way we are using algorithms (AI, ML) today and what that leads to. We then explore how we can add real intelligence through export knowledge to the problem of finding attackers and anomalies in our applications and networks.
Presented at AI 4 Cyber in NYC on April 30, 2019
The document summarizes an agenda for a Security Chat event discussing various cybersecurity topics:
1) Several speakers will present on DevSecOps, formjacking, open source security, and tools for discovering information on the internet.
2) The event is sponsored by Forcepoint, a large cybersecurity company that provides human-centric security solutions like data protection, web security, CASB, NGFW, and more.
3) There is an opportunity for lightning talks and announcements regarding job openings or presentation sharing at the conclusion.
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
This document discusses the dangers of using algorithms in cybersecurity. It makes three key points:
1) Algorithms make assumptions about the data that may not always be valid, and they do not take important domain knowledge into account.
2) Throwing algorithms at security problems without proper understanding of the data and algorithms can be dangerous and lead to failures.
3) A Bayesian belief network approach that incorporates domain expertise may be better suited for security tasks than purely algorithmic approaches. It allows modeling relationships between different factors and computing probabilities.
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
It's an interesting exercise to look back to the year 2000 to see how we approached cyber security. We just started to realize that data might be a useful currency, but for the most part, security pursued preventative avenues, such as firewalls, intrusion prevention systems, and anti-virus. With the advent of log management and security incident and event management (SIEM) solutions we started to gather gigabytes of sensor data and correlate data from different sensors to improve on their weaknesses and accelerate their strengths. But fundamentally, such solutions didn't scale that well and struggled to deliver real security insight.
Today, cybersecurity wouldn't work anymore without large scale data analytics and machine learning approaches, especially in the realm of malware classification and threat intelligence. Nonetheless, we are still just scratching the surface and learning where the real challenges are in data analytics for security.
This talk will go on a journey of big data in cybersecurity, exploring where big data has been and where it must go to make a true difference. We will look at the potential of data mining, machine learning, and artificial intelligence, as well as the boundaries of these approaches. We will also look at both the shortcomings and potential of data visualization and the human computer interface. It is critical that today's systems take into account the human expert and, most importantly, provide the right data.
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
We are writing the year 2017. Cyber security has been a discipline for many years and thousands of security companies are offering solutions to deter and block malicious actors in order to keep our businesses operating and our data confidential. But fundamentally, cyber security has not changed during the last two decades. We are still running Snort and Bro. Firewalls are fundamentally still the same. People get hacked for their poor passwords and we collect logs that we don't know what to do with. In this talk I will paint a slightly provocative and dark picture of security. Fundamentally, nothing has really changed. We'll have a look at machine learning and artificial intelligence and see how those techniques are used today. Do they have the potential to change anything? How will the future look with those technologies? I will show some practical examples of machine learning and motivate that simpler approaches generally win. Maybe we find some hope in visualization? Or maybe Augmented reality? We still have a ways to go.
Ensuring security of a company’s data and infrastructure has largely become a data analytics challenge. It is about finding and understanding patterns and behaviors that are indicative of malicious activities or deviations from the norm. Data, Analytics, and Visualization are used to gain insights and discover those malicious activities. These three components play off of each other, but also have their inherent challenges. A few examples will be given to explore and illustrate some of these challenges,
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start ‘hunting’ for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.What is internal threat intelligence? Check out http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225
The extent and impact of recent security breaches is showing that current security approaches are just not working. But what can we do to protect our business? We have been advocating monitoring for a long time as a way to detect subtle, advanced attacks that are still making it through our defenses. However, products have failed to deliver on this promise.
Current solutions don't scale in both data volume and analytical insights. In this presentation we will explore what security monitoring is. Specifically, we are going to explore the question of how to visualize a billion log records. A number of security visualization examples will illustrate some of the challenges with big data visualization. They will also help illustrate how data mining and user experience design help us get a handle on the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
Raffael Marty gave a presentation on big data visualization. He discussed using visualization to discover patterns in large datasets and presenting security information on dashboards. Effective dashboards provide context, highlight important comparisons and metrics, and use aesthetically pleasing designs. Integration with security information management systems requires parsing and formatting data and providing interfaces for querying and analysis. Marty is working on tools for big data analytics, custom visualization workflows, and hunting for anomalies. He invited attendees to join an online community for discussing security visualization.
The Heatmap - Why is Security Visualization so Hard?Raffael Marty
The extent and impact of recent security breaches is showing that current approaches are just not working. But what can we do to protect our business? We have been advocating monitoring for a long time as a way to detect subtle, advanced attacks. However, products have failed to deliver on this promise. Current solutions don't scale in both data volume and analytical insights. In this presentation we will explore why it is so hard to come up with a security monitoring (or shall we call it security intelligence) approach that helps find sophisticated attackers in all the data collected. We are going to explore the question of how to visualize a billion events. We are going to look at a number of security visualization examples to illustrate the problem and some possible solutions. These examples will also help illustrate how data mining and user experience design help us get a handle of the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
DAVIX - Data Analysis and Visualization LinuxRaffael Marty
DAVIX, a live CD for data analysis and visualization, brings the most important free tools for data processing and visualization to your desk. There is no hassle with installing an operating system or struggle to build the necessary tools to get started with visualization. You can completely dedicate your time to data analysis.
This document discusses the intersection of cloud computing, big data, and security. It explains how cloud computing has enabled big data by providing large amounts of cheap storage and on-demand computing power. This has allowed companies to analyze larger datasets than ever before to gain insights. However, big data also presents security challenges as more data is stored remotely in the cloud. The document outlines both the benefits and risks to security from adopting cloud computing and discusses how big data analytics could also be used to enhance cyber security.
Supercharging Visualization with Data MiningRaffael Marty
We are exploring how data mining can help visualization. I am giving examples of security visualizations and am discussing how data mining best augments visualization efforts.
Visual Analytics and Security IntelligenceRaffael Marty
Big data and security intelligence are the two hot security topics in 2012. We are collecting more and more information from both the infrastructure, but increasingly also directly from our applications. Some companies are moving away from traditional log management and SIEM tools and are deploying big data products. But what is this big data craze all about? Why is it that we have more and more data to look at? And is big data the right approach or what is missing?
The presentation takes the audience on a journey through big data tools and show that analytical tools are needed to make use of these infrastructures. How can visualization be used to fill in the gap in analytics to move into gaining situational awareness and building up security intelligence.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Things to Consider When Choosing a Website Developer for your Website | FODUUFODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
4. Agenda
• Security Visualization Today
- The SecViz Dichotomy
- The Failure Goal:
- The Way Forward
Provoke thought and stir up
more questions than offering
• My Focus Areas answers.
• The Future
2
5. • Chief Security Strategist @ Splunk>
• Looked at logs/IT data for over 10 years
- IBM Research
- Conference boards / committees
• Presenting around the world on SecViz
• Passion for Visualization
Applied Security Visualization
- http://secviz.org Paperback: 552 pages
Publisher: Addison Wesley (August, 2008)
- http://afterglow.sourceforge.net
ISBN: 0321510100
6. Raffael Marty
• Chief Security Strategist @ Splunk>
• Looked at logs/IT data for over 10 years
- IBM Research
- Conference boards / committees
• Presenting around the world on SecViz
• Passion for Visualization
Applied Security Visualization
- http://secviz.org Paperback: 552 pages
Publisher: Addison Wesley (August, 2008)
- http://afterglow.sourceforge.net
ISBN: 0321510100
12. The 1st Dichotomy
Security Visualization
• security data
• networking protocols
• routing protocols (the Internet)
• security impact
• security policy
• jargon
• use-cases
• are the end-users
5
13. The 1st Dichotomy
Security Visualization
• security data • types of data
• networking protocols • perception
• routing protocols (the Internet) • optics
• security impact • color theory
• security policy • depth cue theory
• jargon • interaction theory
• use-cases • types of graphs
• are the end-users • human computer interaction
5
22. The Right Thing - Help The User Along
• Provide use-case aligned displays
• Meaningful legends
• Interactive exploration
• UI design that guides the user through tasks
• Do not overload displays
13
24. The Right Thing - Apply Good Visualization Practices
• Don't use graphics to decorate a few numbers
• Reduce data ink ratio
• Visualization principles
15
27. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
16
28. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact
16
29. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact
• get the 70% solution
16
30. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact
• get the 70% solution
• don’t think big
16
31. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact
• get the 70% solution
• don’t think big
• no time/money for real research
16
32. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact
• get the 70% solution
• don’t think big
• no time/money for real research
• can’t scale
16
33. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact
• get the 70% solution
• don’t think big
• no time/money for real research
• can’t scale
• work based off of a few
customer’s input
16
34. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact • don’t know what’s been done in industry
• get the 70% solution
• don’t think big
• no time/money for real research
• can’t scale
• work based off of a few
customer’s input
16
35. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact • don’t know what’s been done in industry
• get the 70% solution • don’t understand the use-cases
• don’t think big
• no time/money for real research
• can’t scale
• work based off of a few
customer’s input
16
36. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact • don’t know what’s been done in industry
• get the 70% solution • don’t understand the use-cases
• don’t think big • don’t understand the environments /
data / domain
• no time/money for real research
• can’t scale
• work based off of a few
customer’s input
16
37. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact • don’t know what’s been done in industry
• get the 70% solution • don’t understand the use-cases
• don’t think big • don’t understand the environments /
data / domain
• no time/money for real research • work on simulated data
• can’t scale
• work based off of a few
customer’s input
16
38. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact • don’t know what’s been done in industry
• get the 70% solution • don’t understand the use-cases
• don’t think big • don’t understand the environments /
data / domain
• no time/money for real research • work on simulated data
• can’t scale • construct their own problems
• work based off of a few
customer’s input
16
39. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact • don’t know what’s been done in industry
• get the 70% solution • don’t understand the use-cases
• don’t think big • don’t understand the environments /
data / domain
• no time/money for real research • work on simulated data
• can’t scale • construct their own problems
• work based off of a few • use overly complicated, impractical
customer’s input solutions
16
40. The 2nd Dichotomy
Some comments are based on paper reviews from
RAID 2007/08, VizSec 2007/08
Industry Academia
• don’t understand the real impact • don’t know what’s been done in industry
• get the 70% solution • don’t understand the use-cases
• don’t think big • don’t understand the environments /
data / domain
• no time/money for real research • work on simulated data
• can’t scale • construct their own problems
• work based off of a few • use overly complicated, impractical
customer’s input solutions
• use graphs / visualization where it is not
needed
16
41. The Way Forward
Two disciplines
• Building a secviz discipline
• Bridging the gap Security Visualization
• Learning the “other” discipline
Two worlds
• More academia / industry collaboration
• Build components / widgets / gadgets
• (Re-)use existing technologies
• Focus on strengths SecViz
• Focus on the visualization and interaction aspects
17
43. My Focus Areas
• Use-case oriented visualization
• Perimeter Threat
• Governance Risk Compliance (GRC)
• Insider Threat
• IT data visualization
• SecViz.Org
• DAVIX
18
44. Insider Threat Visualization
• Huge amounts of data
• More and other data sources than for the traditional security use-cases
- Insiders often have legitimate access to machines and data. You need to log more than the
exceptions
- Insider crimes are often executed on the application layer
• The questions are not known in advance!
- Visualization provokes questions and helps find answers
• Dynamic nature of fraud
- Problem for static algorithms
- Bandits quickly adapt to fixed threshold-based detection systems
• Looking for any unusual patterns
19
47. SecViz - Security Visualization
This is a place to share, discuss, challenge, and learn about
security visualization.
48. V
D X
Data Analysis and Visualization Linux
davix.secviz.org
49. • Addressing the secviz dichotomy
• Better industry - academia collaboration
• More and better visualization tools
- Use-case driven product development
• We need to solve the data semantics problem
- Common Event Expression?
- Entity extraction?
23
50. The Future
• Addressing the secviz dichotomy
• Better industry - academia collaboration
• More and better visualization tools
- Use-case driven product development
• We need to solve the data semantics problem
- Common Event Expression?
- Entity extraction?
23