Among The Blind, The Squinter Rules : Security Visualization In The Field. presented at Blackhat Europe 2011

by Wim Remes (Ernst & Young ),

Tags: Security

Summary : When preparing for a talk on security monitoring, I was fighting hard to add security visualization in the mix while keeping within my alloted timeslot. Most of the feedback I received afterwards was that there wasn't enough of that in the talk. Security visualization, put on the map by the likes of Raffael Marty who performed groundbreaking work with secviz.org and the Davix LiveCD, is a subject that most people are interested in but few manage to master. In this talk I will touch on the basics of visualization techniques and dig deeper into the gathering of data to enable attendees to move beyond pie charts and bar graphs. Using mainly Davix and the Google Chart API, I will demonstrate how to make sense of the huge amount of data that comes at security analysts on a daily basis. In the first place to work more efficiently but also, and not in the least, to report to the business what is actually going on without the message getting lost in noise.
Resources utilized in this presentation and the "Grepping for Gold" Workshop:
Complete list of all tools covered in both talk and workshop:
OSSEC: http://www.ossec.net
MaxMind GeoIP: http://www.maxmind.com/app/perlDAVIX
Live CD: http://www.secviz.org
GLTAIL: http://www.fudgie.orgGoogle
Chart Tools: http://code.google.com/apis/chart/
JQuery visualization plugins:
JQPlot: http://www.jqplot.com
Sparklines: http://omnipotent.net/jquery.sparkline/
HighCharts: http://www.highcharts.com/ (commercial, not covered in EU presentation but added recently)
Commercial visualization tools:
Tableau: http://www.tableausoftware.com/ (has a basic freeware version)
Gapminder: http://www.gapminder.org/