Unfortunately, there is no one tool that would satisfy all of my needs. To have the most flexibility, I built my own tool called AfterGlow to address a set of use-cases. The tool helps to generate link graphs and gives the user a lot of freedom in doing so. The second most used tool is a treemap visualization tool called Treemap.
What kind of development can we expect in the upcoming versions of security visualization tools? What new features would you like to see?
I hope to see some more visualization tools in the close future. If I could write a wish list, it would have the following content:
- Highly interactive
- Linked views and dynamic queries, i.e., there are multiple views that show the same data, but with different graphs. If a selection is made on one chart, the other chart is automatically updated.
- Highly scalable
- Standardized interfaces for data acquisition and no need for built-in parsers. (Parsing should be dealt with prior to getting the data into the tool)
- A rich set of visual displays and graphs.
It took me 2 years from the first contact with the publisher about the topic to the published book. I wrote a blog entry about the process. The biggest challenge was that I had at least two chapters that I didn't really know how to go about visualizing the topic, namely insider threat and compliance. It took me a significant amount of time to do all the research for those topics and write up a cohesive process. Interestingly enough, a lot of reviewers like the insider threat chapter the best.
Another problem that I encountered every now and then is that I didn't have access to a lot of data to visualize. Especially, again for compliance and insider threat, I didn't have real data sets to work with.
What are some of the interesting facts you discovered while researching for this book?
1. It is hard to generate the data needed for visualization. Even if an environment exists and access is available, the configuration of each of the data sources can be very hard.
2. There are no good visualization tools that could help quickly generate images.
3. There is definitely a need for use-case driven security visualization. A lot of people struggle with huge amounts of IT data and need to have tools to help them.
4. There is a need for a new discipline, secviz, which combines security and visualization. Currently, these disciplines are handled independently, instead of as one discipline.
What are your future plans? Any exciting new projects?
I am going to start teaching training around the topics of the book. I will also be speaking at a number of conferences on the topic of security visualization. I will keep working on DAVIX, the live CD for visualization tools to make security visualization available for bigger groups.