Security data visualization

The objective of this paper is to provide guidelines on information security data visualization and insights with repeatable process and examples on visualizing (communicating) information security data. Security data visualization can be used in many areas in information security. Security metrics, Security monitoring, anomaly detection, forensics, and malware analysis are examples where security data visualization can play a vital role and make us better security professionals. Security data visualization also plays key role in emerging fields such as data science, machine learning, and exploratory data analytics. There are many uses for security data visualization; so, in order to cover key aspects the paper is categorized in to two parts. The first category is communicating value. There is a well-known proverb “a picture is worth a thousand words” (Piqua Leader-Dispatch, One Look Is Worth A Thousand Words, 1913, p. 2) which explains this. The problem with traditional metrics is numbers and tables can be daunting and details can be missed easily. Visualizing it will enable the security team to highlight the salient points in the data. Security data visualization enables you to tell a story with the data. Information security is becoming a common topic in boardroom discussions and it is becoming more and more important that the value of information security is communicated to business leaders. The second category is finding anomalies using security data visualization. One of the key strengths of security teams is access to enterprise log data, meta-data, network traffic data, and netflow data. The challenge is finding and isolating the bad actors from legitimate traffic. The human mind, by evolution, is trained to identify patterns and anomalies using visualization. Security professionals can benefit by visualizing enterprise data to find anomalies and identify patterns which will be helpful in isolating events which might indicate compromise. Hopefully some of the examples will be useful to generate more ideas in this space and will be a valuable resource for all Information Security practitioners. Once security professionals get an understanding of using security data visualization it will open a whole new world and there is a possibility that this knowledge of security data science will have significant improvement on information security tasks. Security Data Visualization [email protected] 1.0 Introduction Security data visualization can be used in many areas in information security. Security metrics, Security monitoring, anomaly detection, forensics, and malware analysis are examples where security data visualization can play a vital role and make us better security professionals. Till now security professionals were able to survive with Microsoft Excel and similar tools without in-depth knowledge in security data visualization. But security data visualization is becoming extremely important due to big data, machine learning and exploratory data analytics. Due to the volume of data in big data it is extremely impossible to find anomalies using traditional methods. First thing to do after a statistical computation is to understand the data visually. Recent generations of SIEM log collection and correlation solutions use big data analytics. Security data visualization plays a very vital part in analyzing the big data. Data science field is evolving at a rapid pace. Data visualization is important component of data science. Botnet Visualization Microsoft’s Digital Crimes Unit tapped The Office for Creative Research, a multidisciplinary digital design group based in New York, to come up with new ways of looking at one particular threat: botnets, the global networks of infected computers that cyber criminals enlist to do their bidding. OCR came up with a prototype tool called Specimen Box. Specimen Box offers many views including live display of botnet activity “which can be used to analyze botnet data” (“#005: The Sight and Sound of CyberCrime”, o-c-r.org, 2014, para. 3). Security Data Visualization [email protected] Reverse Engineering Security data visualization is used more and more in reverse engineering. “In this engaging TED(TED is a platform for ideas worth spreading talk, Chris Domas shows how researchers use pattern recognition and reverse engineering (and pull a few allnighters) using visualization to understand a chunk of binary code whose purpose and contents they don’t know.”( Domas, C. (n.d.).