Introduce the concept of security data visualization to our readers.
Security data visualization seeks to create insightful graphical windows on security datasets, files, file systems, network communications, and logs. It excels at providing big picture context that is impossible using text and simple charting techniques. More importantly, security data visualization is inherently interactive, allowing analysts to take cumbersome data and iteratively study slices of activity and find new and interesting patterns, outliers, and anomalies. If done correctly, the process is fun and powerful, but it is important to avoid the common pitfall of creating just pretty pictures, which while beautiful, donít provide useful insight.
Visualization is obviously of great significance for analyzing large amounts of data. Many also praise its usefulness when it comes to illustrating security problems to the management. What are the areas in which security visualization comes out as essential?
From my experience it is possible to use visualization to study ten to one hundred times more data than competing manual methods. It is probably possible to increase this gain to one thousand times or more with very well thought out visualization systems. There are number of places that I see visualization as very valuable. Visualization is at its best been you are dealing with the new, unfamiliar or when you donít really know what you are looking for. It facilitates exploration of data whether in a static dataset or when faced with dynamically changing data, such as in network communications or protocols, particularly those that arenít well documented.
In your opinion, how important is the visualization of security data in general?
I believe visualization is quite important if used properly. When I first began looking at security data visualization I imagined graphical intrusion detection systems. Iíve since backed away from that idea because it isnít realistic to expect 100% attention from a human operator all the time. However, Iíve found data particularly useful when conducting forensic analysis. For example, a friend and I were looking at the network communications of a new gaming system. We captured network packets from the console back to the server and spent a good deal of time learning the unfamiliar protocol offline. A common problem in systems development is security through obscurity. Designers assume that no one will poke into the odd corners of systems. Anyone familiar with security analysis will tell you this is a bad design idea. Visualization helps lift the veil on systems designed using security through obscurity and shows data in ways that designers didnít intend, with a great deal of success. Visual cryptanalysis is another area that I feel bears great promise. The right visualization systems can help identify flaws in cryptographic implementations that are difficult to detect using traditional manual analysis and machine processing techniques. Anytime you hear the phrase ďart and scienceĒ that is an indicator that visualization may be helpful. The trick, and the fun, is designing the right graphical windows