I believe visualization is quite important if used properly. When I first began looking at security data visualization I imagined graphical intrusion detection systems. Iíve since backed away from that idea because it isnít realistic to expect 100% attention from a human operator all the time. However, Iíve found data particularly useful when conducting forensic analysis. For example, a friend and I were looking at the network communications of a new gaming system. We captured network packets from the console back to the server and spent a good deal of time learning the unfamiliar protocol offline. A common problem in systems development is security through obscurity. Designers assume that no one will poke into the odd corners of systems. Anyone familiar with security analysis will tell you this is a bad design idea. Visualization helps lift the veil on systems designed using security through obscurity and shows data in ways that designers didnít intend, with a great deal of success. Visual cryptanalysis is another area that I feel bears great promise. The right visualization systems can help identify flaws in cryptographic implementations that are difficult to detect using traditional manual analysis and machine processing techniques. Anytime you hear the phrase ďart and scienceĒ that is an indicator that visualization may be helpful. The trick, and the fun, is designing the right graphical windows
What are the best security visualization tools available at the moment?
This is a tricky question, because security visualization tools usually come in two forms Ė prohibitively expensive (on the order of tens to hundreds of thousands of dollars) and free. I like Raffy Martyís open source project Afterglow because it is powerful and flexible enough to be used with many types of security data. The prefuse toolkit helps Java developers create powerful visualization applications. On the commercial side, I believe ArcSight, Splunk and Secure Decisions make very nice products. Iíve been very impressed with Zynamicís BinNavi and BinDiff. Halvar Flake and his fellow researchers at Zynamics really know their stuff. There are a number of general purpose tools that can be used for security and other types of data, examples include IBMís free Many Eyes service and TIBCOís SpotFire. Finally, visualization is a very active research area. Iíd recommend monitoring the output of VizSEC, the Workshop on Visualization for Computer Security and the National Visual Analytics Center as well as the VizSEC and SecViz portals for the latest developments. VizSEC 2008 will be held September 15, 2008 in conjunction with the Recent Advances in Intrusion Detection (RAID) Symposium and we invite people interested in visualization to attend. Here youíll find bleeding edge ideas, before they turn into products.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.