SlideShare une entreprise Scribd logo

Security - Situational awareness

Raffael Marty
Raffael Marty

This presentation gives a very short introduction to security situational awareness. It shows what the state of the art in security visualization is and where there are challenges to be solved. The presentation also features a visualization maturity scale that is published here for the first time. This presentation was given

TechnologieFormation
1  sur  27
Télécharger pour lire hors ligne
Situational Awareness raffael marty - pixlcloud december 2011
Is this useful for Situational Awareness? pixlcloud | creating big data stories copyright (c) 2011
Overview Network Security Sit Awareness Today Where we should be Challenges Resources pixlcloud | creating big data stories copyright © 2011
Raffael Marty • SaaS business expert pixlcloud • Data visualization practitioner • Security data analyst IBM Research Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 pixlcloud | creating big data stories copyright (c) 2011
Cyber Security Network Security Information Security Data Collection Authentication Authorization Forensics / IR Accounting Reporting Neglected!!! BCM / DR Alerting OS Security Situational Awareness Policies and Procedures ... Reactive Pro-Active pixlcloud | creating big data stories copyright (c) 2011
Situational Awareness “Situational Awareness is the ability to identify, process, and comprehend the critical elements of information about what is happening to the team with regards to the mission. More simply, it’s knowing what is going on around you.” ‣ find air force viz images IWViz - IDS Situational Awareness pixlcloud | creating big data stories copyright © 2011
Sit Awareness Is Visualization ‣ Visualization - because machine centered approaches have failed ‣ Leverage human cognitive capabilities ‣Pattern recognition ‣Pre-attentive processing ‣Context memory pixlcloud | creating big data stories copyright © 2011
Today pixlcloud | creating big data stories copyright (c) 2011
Data Sources for Sit Awareness 1.1.1.1 10.0.0.2 ‣Flow records 9.4.242.10 ‣ Firewalls 1.1.1.1 10.0.0.2 9.4.242.10 ‣ IDS/IPSs 1.1.1.1 10.0.0.2 9.4.242.10 ‣ What about: PCAP, DNS, BGP, OS, Proxies, User behavior ?? ‣ Context information - Hosts, Users, ... pixlcloud | creating big data stories copyright © 2011
Todays Visualization Tools ‣ Based on specific data source ‣ Hard to use ‣ Limited interactivity ‣ Not real-time ‣ Slow ‣ Ugly ‣ Gephi ‣ PicViz ‣ R ‣ Treemap 4.1 ‣ Matlab ‣ Google Earth ‣ Mondrian pixlcloud | creating big data stories copyright © 2011
Take the Blinders Off! pixlcloud | creating big data stories copyright © 2011
Visualization Maturity ‣ Data Collection Contextual Data iterations ‣ Data Analysis Data Sources (Data Store) Structured Data Visual Representation ‣ Context Integration parsing visualization feature selection ‣ Visualization files database filtering aggregation cleansing ‣ Visual Analytics ‣ Collaboration ‣ Dissemination pixlcloud | creating big data stories copyright © 2011
Security Visualization Dichotomy Security Visualization ‣ security data ‣ types of data ‣ networking protocols ‣ perception ‣ routing protocols (the Internet) ‣ optics ‣ security impact ‣ color theory ‣ security policy ‣ depth cue theory ‣ jargon ‣ interaction theory ‣ use-cases ‣ types of graphs ‣ are the end-users ‣ human computer interaction pixlcloud | creating big data stories copyright © 2011
Landscape Changes Threat Landscape Technology • from disruptive to disastrous • Big Data • from audacious to “low and slow” • NoSQL • from fame to financial gain • Column-based data stores • from manual to automated • Map Reduce (hadoop) • from indiscriminate to targeted • Cloud • from infrastructure to applications • on demand computing We have technology to attack the threats! BUT we don’t know what to do with it! pixlcloud | creating big data stories copyright © 2011
The Public Sector ‣ Currently using a lot of Excel ‣ Big data technologies (e.g., Datameer, Karmasphere, Cloudera) ‣ Incremental improvements to SIEM tools (e.g., ArcSight, etc.) ‣ Using non security / network tools (e.g., Advizor, Cognos) ‣ Working with blacklists and whitelists ‣ Not understanding the data intrinsically pixlcloud | creating big data stories copyright © 2011
The Government Everything is different from Industry Scale Data sources e.g., DISA has 5 million e.g., ASIM CIDS live hosts Types of attacks Adversaries I have no example .... e.g., Nation states pixlcloud | creating big data stories copyright © 2011
We Need pixlcloud | creating big data stories copyright (c) 2011
What we Need ‣ Leverage advanced technologies (big data, etc.) ‣ Build for the actual users, not programmers! ‣ End to end tools, not yet another library ‣ Interactive, not static! ‣ Multiple data sources at once ‣ Leverage context, not just event data ‣ Decouple data from the tools ‣ Crowd intelligence pixlcloud | creating big data stories copyright © 2011
Make it This Simple! pixlcloud | creating big data stories copyright © 2011
Challenges pixlcloud | creating big data stories copyright (c) 2011
Maturity Challenge Companies and products are stuck on the left hand side! pixlcloud | creating big data stories copyright © 2011
1 Data Challenges ‣ No data - no insights - no sit awareness ‣ We don’t even have / collect the data ‣ It is too hard to collect data ‣ We don’t understand our data! ‣ Data silos ‣ Large amounts of semi-structured data ‣Parsing data is extremely hard pixlcloud | creating big data stories copyright © 2011
Tool Challenges ‣ Same old - all over Overview first ‣Does your SIEM support visual analytics? ‣ Missing: Brushing, Interactivity ‣ Help the user understand the data! Zoom and Filter ‣ Highly scalable visualization systems are hard to build! ‣ What algorithms are useful? (e.g., clustering) Details on demand ‣ Visualization expertise is missing ‣ Visualization AND security is an interdisciplinary problem pixlcloud | creating big data stories copyright © 2011
Visualization Challenges ‣ Skilled people are missing ‣ What are we even trying to look for? ‣ Anomaly detection is not working ‣ Academia is disconnected ‣Use-cases and problems ‣State of the art in industry ‣ Visualization is always an afterthought pixlcloud | creating big data stories copyright © 2011
Myths ‣Real-time ‣Do we really need real-time? ‣Hadoop ‣Not everything that is big data needs to use Hadoop! ‣Know your technologies! ‣Cloud ‣Will we ever put security relevant data into the cloud? pixlcloud | creating big data stories copyright © 2011
Resources ‣ SecViz: http://secviz.org and @secviz ‣ CERT - NetSA: http://www.cert.org/netsa/ ‣Mainly a collection of papers and links to some tools (SiLK) ‣ VizSec Conference: http://www.vizsec.org ‣ Applied Security Visualization R. Marty, 2008 pixlcloud | creating big data stories copyright © 2011
pixlcloud buy now creating big data stories @raffaelmarty copyright (c) by r. marty - december 2011

Recommandé

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
Darren Pauli
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
Vikas Jain
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 

Recommandé

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
Darren Pauli
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
Vikas Jain
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
Michael Lines
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Business impact analysis
Business impact analysis Business impact analysis
Business impact analysis
Shashwat Shankar
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
Patten John
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Fatigue and Situational Awareness
Fatigue and Situational AwarenessFatigue and Situational Awareness
Fatigue and Situational Awareness
AtlantaSafetyCouncil
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
Marshall Bowen
 

Contenu connexe

Tendances

Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 

Tendances (20)

Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Business impact analysis
Business impact analysis Business impact analysis
Business impact analysis
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Physical security
Physical securityPhysical security
Physical security
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 

En vedette

Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
Situational awareness for computer network security
Situational awareness for computer network securitySituational awareness for computer network security
Situational awareness for computer network security
mmubashirkhan
 
20 Things EMS Can Do With Capnography!
20 Things EMS Can Do With Capnography!20 Things EMS Can Do With Capnography!
20 Things EMS Can Do With Capnography!
Rommie Duckworth
 
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Government Technology and Services Coalition
 
Situational Awareness for Fire and EMS
Situational Awareness for Fire and EMSSituational Awareness for Fire and EMS
Situational Awareness for Fire and EMS
Rommie Duckworth
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
Aakash Bhagat
 

En vedette (20)

Fatigue and Situational Awareness
Fatigue and Situational AwarenessFatigue and Situational Awareness
Fatigue and Situational Awareness
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Situational awareness
Situational awarenessSituational awareness
Situational awareness
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Situational Awareness and Why It's Important
Situational Awareness and Why It's ImportantSituational Awareness and Why It's Important
Situational Awareness and Why It's Important
 
Situational awareness
Situational awarenessSituational awareness
Situational awareness
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Situational awareness for computer network security
Situational awareness for computer network securitySituational awareness for computer network security
Situational awareness for computer network security
 
ILTA 2014: LexisNexis Software Company Update
ILTA 2014: LexisNexis Software Company UpdateILTA 2014: LexisNexis Software Company Update
ILTA 2014: LexisNexis Software Company Update
 
Achieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awarenessAchieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awareness
 
20 Things EMS Can Do With Capnography!
20 Things EMS Can Do With Capnography!20 Things EMS Can Do With Capnography!
20 Things EMS Can Do With Capnography!
 
Situational Awareness - Why It's Important
Situational Awareness - Why It's ImportantSituational Awareness - Why It's Important
Situational Awareness - Why It's Important
 
To situation awareness theory
To situation awareness theoryTo situation awareness theory
To situation awareness theory
 
Shared situation awareness
Shared situation awarenessShared situation awareness
Shared situation awareness
 
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
 
Situational Awareness for Fire and EMS
Situational Awareness for Fire and EMSSituational Awareness for Fire and EMS
Situational Awareness for Fire and EMS
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Technology Trends in Situation Awareness
Technology Trends in Situation AwarenessTechnology Trends in Situation Awareness
Technology Trends in Situation Awareness
 
Improving our energy at work
Improving our energy at workImproving our energy at work
Improving our energy at work
 

Similaire à Security - Situational awareness

Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10
keirdo1
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
sallysogeti
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
reshmaroberts
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
reshmaroberts
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Prc open stack conf aug 2012 cox v1
Prc open stack conf aug 2012 cox v1Prc open stack conf aug 2012 cox v1
Prc open stack conf aug 2012 cox v1
OpenCity Community
 
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Jyothi Satyanathan
 

Similaire à Security - Situational awareness (20)

Hitachi Cloud and Solutions
Hitachi Cloud and Solutions Hitachi Cloud and Solutions
Hitachi Cloud and Solutions
 
16h30 p duff-big-data-final
16h30 p duff-big-data-final16h30 p duff-big-data-final
16h30 p duff-big-data-final
 
Big Data & The Cloud
Big Data & The CloudBig Data & The Cloud
Big Data & The Cloud
 
New Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the CloudNew Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the Cloud
 
The Enterprise Trifecta
The Enterprise TrifectaThe Enterprise Trifecta
The Enterprise Trifecta
 
Big Data on AWS
Big Data on AWSBig Data on AWS
Big Data on AWS
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Data
 
Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10
 
DISA: Cloud Computing And SaaS
DISA: Cloud Computing And SaaSDISA: Cloud Computing And SaaS
DISA: Cloud Computing And SaaS
 
2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud Computing
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Move your desktop to the cloud for $1 day
Move your desktop to the cloud for $1 day Move your desktop to the cloud for $1 day
Move your desktop to the cloud for $1 day
 
Prc open stack conf aug 2012 cox v1
Prc open stack conf aug 2012 cox v1Prc open stack conf aug 2012 cox v1
Prc open stack conf aug 2012 cox v1
 
AIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC CorporationAIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC Corporation
 
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data CenterCloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
 
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
Smarter Storage in the Smarter Computing Era - A New Approach to Storage - Ak...
 

Plus de Raffael Marty

Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
Raffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
Raffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
Raffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 

Plus de Raffael Marty (20)

Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data Visualization
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Dernier (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Security - Situational awareness

  • 1. Situational Awareness raffael marty - pixlcloud december 2011
  • 2. Is this useful for Situational Awareness? pixlcloud | creating big data stories copyright (c) 2011
  • 3. Overview Network Security Sit Awareness Today Where we should be Challenges Resources pixlcloud | creating big data stories copyright © 2011
  • 4. Raffael Marty • SaaS business expert pixlcloud • Data visualization practitioner • Security data analyst IBM Research Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 pixlcloud | creating big data stories copyright (c) 2011
  • 5. Cyber Security Network Security Information Security Data Collection Authentication Authorization Forensics / IR Accounting Reporting Neglected!!! BCM / DR Alerting OS Security Situational Awareness Policies and Procedures ... Reactive Pro-Active pixlcloud | creating big data stories copyright (c) 2011
  • 6. Situational Awareness “Situational Awareness is the ability to identify, process, and comprehend the critical elements of information about what is happening to the team with regards to the mission. More simply, it’s knowing what is going on around you.” ‣ find air force viz images IWViz - IDS Situational Awareness pixlcloud | creating big data stories copyright © 2011
  • 7. Sit Awareness Is Visualization ‣ Visualization - because machine centered approaches have failed ‣ Leverage human cognitive capabilities ‣Pattern recognition ‣Pre-attentive processing ‣Context memory pixlcloud | creating big data stories copyright © 2011
  • 8. Today pixlcloud | creating big data stories copyright (c) 2011
  • 9. Data Sources for Sit Awareness 1.1.1.1 10.0.0.2 ‣Flow records 9.4.242.10 ‣ Firewalls 1.1.1.1 10.0.0.2 9.4.242.10 ‣ IDS/IPSs 1.1.1.1 10.0.0.2 9.4.242.10 ‣ What about: PCAP, DNS, BGP, OS, Proxies, User behavior ?? ‣ Context information - Hosts, Users, ... pixlcloud | creating big data stories copyright © 2011
  • 10. Todays Visualization Tools ‣ Based on specific data source ‣ Hard to use ‣ Limited interactivity ‣ Not real-time ‣ Slow ‣ Ugly ‣ Gephi ‣ PicViz ‣ R ‣ Treemap 4.1 ‣ Matlab ‣ Google Earth ‣ Mondrian pixlcloud | creating big data stories copyright © 2011
  • 11. Take the Blinders Off! pixlcloud | creating big data stories copyright © 2011
  • 12. Visualization Maturity ‣ Data Collection Contextual Data iterations ‣ Data Analysis Data Sources (Data Store) Structured Data Visual Representation ‣ Context Integration parsing visualization feature selection ‣ Visualization files database filtering aggregation cleansing ‣ Visual Analytics ‣ Collaboration ‣ Dissemination pixlcloud | creating big data stories copyright © 2011
  • 13. Security Visualization Dichotomy Security Visualization ‣ security data ‣ types of data ‣ networking protocols ‣ perception ‣ routing protocols (the Internet) ‣ optics ‣ security impact ‣ color theory ‣ security policy ‣ depth cue theory ‣ jargon ‣ interaction theory ‣ use-cases ‣ types of graphs ‣ are the end-users ‣ human computer interaction pixlcloud | creating big data stories copyright © 2011
  • 14. Landscape Changes Threat Landscape Technology • from disruptive to disastrous • Big Data • from audacious to “low and slow” • NoSQL • from fame to financial gain • Column-based data stores • from manual to automated • Map Reduce (hadoop) • from indiscriminate to targeted • Cloud • from infrastructure to applications • on demand computing We have technology to attack the threats! BUT we don’t know what to do with it! pixlcloud | creating big data stories copyright © 2011
  • 15. The Public Sector ‣ Currently using a lot of Excel ‣ Big data technologies (e.g., Datameer, Karmasphere, Cloudera) ‣ Incremental improvements to SIEM tools (e.g., ArcSight, etc.) ‣ Using non security / network tools (e.g., Advizor, Cognos) ‣ Working with blacklists and whitelists ‣ Not understanding the data intrinsically pixlcloud | creating big data stories copyright © 2011
  • 16. The Government Everything is different from Industry Scale Data sources e.g., DISA has 5 million e.g., ASIM CIDS live hosts Types of attacks Adversaries I have no example .... e.g., Nation states pixlcloud | creating big data stories copyright © 2011
  • 17. We Need pixlcloud | creating big data stories copyright (c) 2011
  • 18. What we Need ‣ Leverage advanced technologies (big data, etc.) ‣ Build for the actual users, not programmers! ‣ End to end tools, not yet another library ‣ Interactive, not static! ‣ Multiple data sources at once ‣ Leverage context, not just event data ‣ Decouple data from the tools ‣ Crowd intelligence pixlcloud | creating big data stories copyright © 2011
  • 19. Make it This Simple! pixlcloud | creating big data stories copyright © 2011
  • 20. Challenges pixlcloud | creating big data stories copyright (c) 2011
  • 21. Maturity Challenge Companies and products are stuck on the left hand side! pixlcloud | creating big data stories copyright © 2011
  • 22. 1 Data Challenges ‣ No data - no insights - no sit awareness ‣ We don’t even have / collect the data ‣ It is too hard to collect data ‣ We don’t understand our data! ‣ Data silos ‣ Large amounts of semi-structured data ‣Parsing data is extremely hard pixlcloud | creating big data stories copyright © 2011
  • 23. Tool Challenges ‣ Same old - all over Overview first ‣Does your SIEM support visual analytics? ‣ Missing: Brushing, Interactivity ‣ Help the user understand the data! Zoom and Filter ‣ Highly scalable visualization systems are hard to build! ‣ What algorithms are useful? (e.g., clustering) Details on demand ‣ Visualization expertise is missing ‣ Visualization AND security is an interdisciplinary problem pixlcloud | creating big data stories copyright © 2011
  • 24. Visualization Challenges ‣ Skilled people are missing ‣ What are we even trying to look for? ‣ Anomaly detection is not working ‣ Academia is disconnected ‣Use-cases and problems ‣State of the art in industry ‣ Visualization is always an afterthought pixlcloud | creating big data stories copyright © 2011
  • 25. Myths ‣Real-time ‣Do we really need real-time? ‣Hadoop ‣Not everything that is big data needs to use Hadoop! ‣Know your technologies! ‣Cloud ‣Will we ever put security relevant data into the cloud? pixlcloud | creating big data stories copyright © 2011
  • 26. Resources ‣ SecViz: http://secviz.org and @secviz ‣ CERT - NetSA: http://www.cert.org/netsa/ ‣Mainly a collection of papers and links to some tools (SiLK) ‣ VizSec Conference: http://www.vizsec.org ‣ Applied Security Visualization R. Marty, 2008 pixlcloud | creating big data stories copyright © 2011
  • 27. pixlcloud buy now creating big data stories @raffaelmarty copyright (c) by r. marty - december 2011