This set of slides covers two topics: 1) In support of the Cyber Warfare linked In membership group, I developed profiles for the membership base using Interactive Analytics from Centrifuge. 2) I have included some samples of how Centrifuge can be used to analyze cyber network traffic in support of cyber crimes analysis.
1. THE FREEDOM TO EXPLORE
CYBER WARFARE LINKED IN MEMBERSHIP PROFILES
& CYBER SECURITY VISUALIZATIONS
2. NOTES ABOUT THIS PRESENTATION
This presentation was created for the Cyber Warfare
Linked In membership group.
Profiles developed used the first 1200 members. No
confidential information was used in developing these
profiles.
Profiles show the membership by industry, location and
company and use a variety of visualizations.
Visualizations were created by Centrifuge Systems using
their Interactive Analytics (IA) technology.
This same technology can be used to identify cyber
crime.
Sample visualizations which show how Interactive
Analytics can analyze cyber data are at the end of
the presentation.
THE FREEDOM TO EXPLORE
2
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
3. INTERACTIVE ANALYTICS
THE FREEDOM TO EXPLORE
3
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
4. Top 10 Geographic Locations
Washington DC,
San Francisco &
Boston top the list.
THE FREEDOM TO EXPLORE
4
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
5. Top 10 Industries
The two top industries with
the highest membership counts are:
3)Computer & Network Security
4)IT and Services
THE FREEDOM TO EXPLORE
5
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
6. Member Count by Industry & Location
THE FREEDOM TO EXPLORE
6
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
7. Military Members by Location
Military members
are also concentrated in
D.C. with small pockets
scattered throughout the US
and in select cities worldwide.
THE FREEDOM TO EXPLORE
7
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
8. Top Member Counts by Company
Many members
have not specified a company.
Other companies have more
than one member.
I wonder if the multi-member
companies are focused on one
or more industries?
THE FREEDOM TO EXPLORE
8
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
9. Company Membership by Industry
Booz Allen has members
across 5 industries with the
highest concentration
in IT & Services.
THE FREEDOM TO EXPLORE
9
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
10. Member counts in the form of “Heat Maps”
Heat maps show “hot-spots”
of member activity. Hot colors like
orange have different member
counts than the cool colors.
THE FREEDOM TO EXPLORE
10
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
11. Top 5 Industries Linked to Member
Location
Links can be set to show the relationships between entities. For example,
this link analysis shows locations linked to the top 5 industry groups. Each
globe is a location and can have more than one member. Notice some
locations are linked to more than one industry. Let’s zoom in.
THE FREEDOM TO EXPLORE
11
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
12. Member Locations and Industries
Notice how locations have more than one member and these members
are linked to multiple industries. Let’s select this cross section and just
analyze these members.
THE FREEDOM TO EXPLORE
12
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
13. Select Nodes to Analyze Further
The nodes highlighted
in orange have been
selected. They can be
“spun off” so that we
can analyze just these
records.
THE FREEDOM TO EXPLORE
13
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
14. Member Locations & Industries
Some locations (Orlando, Madres Area in India, others) are linked to
one industry (Computer and Network Traffic). Other areas (Providence and
Houston) have members from multiple industries. The counts in the “tool tips”
are the member counts. THE FREEDOM TO EXPLORE
14
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
15. Only Computer & Network Security Members
If we only analyze the Computer and Network Security membership base, we
can see that some companies (Mitre and BAE, as examples) have members in
different geographic locations. Let’s see how this technology can analyze Cyber
Security data...
THE FREEDOM TO EXPLORE
15
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
16. THE FREEDOM TO EXPLORE
THE USE OF INTERACTIVE ANALYTICS TO DETECT
AND PREVENT CYBER ATTACKS
17. Connecting to Data
Network traffic data can be analyzed in a variety of forms. This is the
Table View and shows Source and Destination IP addresses plus additional
information on ports, attachment file size, payload and much more… Connecting to
this data is very easy. THE FREEDOM TO EXPLORE
17
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
18. Charting Communication Types
Charting can be used to analyze traffic
by communication type and other
attributes. These profiles lead to
deeper investigations.
THE FREEDOM TO EXPLORE
18
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
19. Identifying “Hot Spots” using Heat
Maps
You can analyze payload by ISP and
originating Source to identify
unusually high payloads that may
indicate a presence of malware. This
could also be done by destination
computer or server. Heat Maps and
charts allow analysts to explore the
data in a highly interactive way.
THE FREEDOM TO EXPLORE
19
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
20. Link Analysis shows Relationships
Link analysis can show the relationships between entities while also displaying key
facts in the form of tool tips. Here we see where a source organization (location
6) is generating more traffic than others. File attachment size and links to other
computers or servers could also be shown.
THE FREEDOM TO EXPLORE
20
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
21. Extending the Analysis
This link analysis shows which sources are communicating through Globelink
(ISP). It also shows the linkage between the destination organization and internal
addresses. This can be useful in identifying computers “at risk”. Centrifuge allows
you to customize the look & feel of the visualization.THE FREEDOM TO EXPLORE
21
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
22. Different Layout Algorithms
Analysts can visualize the data in different forms very quickly. This example
shows the link analysis in a linear hierarchy format. This can be useful in quickly
identifying key points of origin and the links to destination addresses.
THE FREEDOM TO EXPLORE
22
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
23. Access Other Sources of Information
It is essential that analysts stay within the same analytical tool. This speeds up
the investigation and allows the analyst to maintain a consistent “train of
thought.” Repositories, URLs, unstructured text or any other data source can be
accessed from within Centrifuge. THE FREEDOM TO EXPLORE
23
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
24. Share Insights in Real Time
Centrifuge allows analysts to publish these results to a repository of “live assets”
and also send them through secure RSS feeds. The live assets can be updated by
other analysts. This form of collaboration facilitates communication and
knowledge transfer.
THE FREEDOM TO EXPLORE
24
www.centrifugesystems.com 571-830-1390 Mclean, Virginia JULY 1ST 2009
25. For additional information, visit
centrifugesystems.com or contact:
TONY AGRESTA
VP OF MARKETING
Office: 571.830.1390
Mobile: 443.253.6810
Email: aagresta@centrifugesystems.com