Catalogue


Applied security visualization /
Raffael Marty.
imprint
Upper Saddle River, NJ : Addison-Wesley, c2009.
description
xxiii, 523 p., [16] p. of plates : ill. (some col.), maps (some col.) ; 24 cm. + 1 CD-ROM (4 3/4 in.)
ISBN
0321510100 (pbk. : alk. paper), 9780321510105 (pbk. : alk. paper)
format(s)
Book
Holdings
More Details
imprint
Upper Saddle River, NJ : Addison-Wesley, c2009.
isbn
0321510100 (pbk. : alk. paper)
9780321510105 (pbk. : alk. paper)
catalogue key
7352823
 
Includes bibliographical references and index.
A Look Inside
About the Author
Author Affiliation
Raffael Marty is chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures
Excerpts
Introduction or Preface
Preface PrefaceThis book is about visualizing computer security data. The book shows you, step by step, how to visually analyze electronically generated security data. IT data must be gathered and analyzed for myriad reasons, including GRC (governance, risk, and compliance) and preventing/mitigating insider threats and perimeter threats. Log files, configuration files, and other IT security data must be analyzed and monitored to address a variety of use-cases. In contrast to handling textual data, visualization offers a new, more effective, and simpler approach to analyzing millions of log entries generated on a daily basis. Graphical representations help you immediately identify outliers, detect malicious activity, uncover misconfigurations and anomalies, and spot general trends and relationships among individual data points. Visualization of data--the process of converting security data into a picture--is the single most effective tool to address these tasks. After all...A picture is worth a thousand log entries.To handle today's security and threat landscape, we need new analysis methods. Criminal activity is moving up the network stack. Network-based attacks are becoming more sophisticated, and increasingly attacks are executed on the application layer.Criminal techniques have adapted. Are you prepared to deal with these new developments? Are you aware of what is happening inside of your networks and applications? In addition to monitoring your networks, you must make sure you are taking an in-depth look at your applications. Because of the vast amount of data that requires analysis, novel methods are needed to conduct the analysis. Visualization can help address these complex data analysis problems. What This Book CoversFollow me on an exciting journey through security data visualization. We will start with the basics of data sources needed for security visualization. What are they? What information do they contain, and what are the problems associated with them? I then discuss different ways to display data in charts or more complex visualizations, such as parallel coordinates. You will learn which graphical methods to use and when. The book then takes you through the process of generating graphical representations of your data. A step-by-step approach guarantees that no detail is left out. By introducing aninformation visualization process,visualization of security data becomes a simple recipe, which I apply in the core of this book to analyze three big areas of security visualization: perimeter threat, compliance, and insider threat. These chapters are hands-on and use-case driven. Open source visualization tools and libraries are discussed in the last chapter of the book. You can find all the tools introduced on the accompanying CD. Without dealing with installations, you can immediately start analyzing your own security data.The book is ahands-onguide to visualization. Where it covers theoretical concepts and processes, it backs them up with examples of how to apply the theory on your own data. In addition to discussing--step by step--how to generate graphical representations of security data, this book also shows you how to analyze and interpret them.The goal is to get you excited and inspired. You are given the necessary tools and information to go ahead and embed visualization in your own daily job. The book shows example use-cases that should inspire you to go ahead and apply visualization to your own problems. If one of the chapters covers a topic that is not your responsibility or focus area (for example, compliance), try to see beyond the topic specifics and instead explore the visualizations. The concepts may be valid for other use-cases that you want to address.What This Book Doesn't Cover -This book covers vi
Introduction or Preface
Preface Preface This book is about visualizing computer security data. The book shows you, step by step, how to visually analyze electronically generated security data. IT data must be gathered and analyzed for myriad reasons, including GRC (governance, risk, and compliance) and preventing/mitigating insider threats and perimeter threats. Log files, configuration files, and other IT security data must be analyzed and monitored to address a variety of use-cases. In contrast to handling textual data, visualization offers a new, more effective, and simpler approach to analyzing millions of log entries generated on a daily basis. Graphical representations help you immediately identify outliers, detect malicious activity, uncover misconfigurations and anomalies, and spot general trends and relationships among individual data points. Visualization of data--the process of converting security data into a picture--is the single most effective tool to address these tasks. After all... A picture is worth a thousand log entries. To handle today's security and threat landscape, we need new analysis methods. Criminal activity is moving up the network stack. Network-based attacks are becoming more sophisticated, and increasingly attacks are executed on the application layer. Criminal techniques have adapted. Are you prepared to deal with these new developments? Are you aware of what is happening inside of your networks and applications? In addition to monitoring your networks, you must make sure you are taking an in-depth look at your applications. Because of the vast amount of data that requires analysis, novel methods are needed to conduct the analysis. Visualization can help address these complex data analysis problems. What This Book Covers Follow me on an exciting journey through security data visualization. We will start with the basics of data sources needed for security visualization. What are they? What information do they contain, and what are the problems associated with them? I then discuss different ways to display data in charts or more complex visualizations, such as parallel coordinates. You will learn which graphical methods to use and when. The book then takes you through the process of generating graphical representations of your data. A step-by-step approach guarantees that no detail is left out. By introducing an information visualization process, visualization of security data becomes a simple recipe, which I apply in the core of this book to analyze three big areas of security visualization: perimeter threat, compliance, and insider threat. These chapters are hands-on and use-case driven. Open source visualization tools and libraries are discussed in the last chapter of the book. You can find all the tools introduced on the accompanying CD. Without dealing with installations, you can immediately start analyzing your own security data. The book is a hands-on guide to visualization. Where it covers theoretical concepts and processes, it backs them up with examples of how to apply the theory on your own data. In addition to discussing--step by step--how to generate graphical representations of security data, this book also shows you how to analyze and interpret them. The goal is to get you excited and inspired. You are given the necessary tools and information to go ahead and embed visualization in your own daily job. The book shows example use-cases that should inspire you to go ahead and apply visualization to your own problems. If one of the chapters covers a topic that is not your responsibility or focus area (for example, compliance), try to see beyond the topic specifics and instead explore the visualizations. The concepts may be valid for other use-cases that you want to address. What This Book Doesn't Cover - This book covers visualization of computer security data. I do not discuss topics such as binary code or malware analysis. I don't get into the topics of steganography (the art or science of hiding information in images) or system call visualizations. This book is about time-based data and system status records. The data visualized is data you use to operationally secure an organization. This book is not a compendium of security data sources and possible visual representations. It uses existing visualization methods--charts, parallel coordinates, treemaps, and so on--that are supported by many tools and applications. The book is composed of a sample set of data sources and use-cases to illustrate how visualization can be used. Audience I wrote this book for security practitioners. I am introducing new ways to analyze security data to the people who can implement them. Whether you are analyzing perimeter threat issues, investigating insider crimes, or are in charge of compliance monitoring and reporting, this book is meant for you. The reader should have a basic understanding of programming to follow the Perl and UNIX scripts in this book. I assume that you are familiar with basic networking concepts and have seen a log file before. You don't have to be an expert in IT security or compliance. It helps to have an understanding of the basic concepts, but it is definitely not a prerequisite for this book. Most of all, I want you to read this book with an open mind. Try to see how visualization can help you in your daily job. Structure and Content This book follows a simple organization. It introduces basic visualization and data graphing concepts first. It then integrates those concepts with security data and shows how you can apply them to security problems. In the following list, I briefly describe each chapter: Chapter 1: Visualization Visualization is the core topic of this book. The first chapter introduces some basic visualization concepts and graph design principles that help generate visually effective graphs. Chapter 2: Data Sources Visualization cannot exist without data. This chapter discusses a variety of data sources relevant to computer security. I show what type of data the various devices generate, show how to parse the data, and then discuss some of the problems associated with each of the data sources. Chapter 3: Visually Representing Data Data can be visualized in many different ways. This chapter takes a closer look at various forms of visualizations. It first discusses generic graph properties and how they can help encode information. It then delves into a discussion of specific visualizations, such as charts, box plots, parallel coordinates, links graphs, and treemaps. The chapter ends with a discussion of how to choose the right graph for the data visualization problem at hand. Chapter 4: From Data to Graphs This chapter introduces the information visualization process. It is a step-by-step process that guides you through how to take the data and generate a graphical representation of it. It also discusses how to interpret the resulting visual representation. In addition, the chapter discusses ways to process data with various tools, such as UNIX scripts or Perl. Chapter 5: Visual Security Analysis Visually analyzing security data can be separated into three classes: reporting, historical analysis, and real-time monitoring. Historical analysis I discuss in four sections: time-series visualization, correlation graphs, interactive analysis, and forensic analysis. These are the topics discussed in this chapter. Chapter 6:
First Chapter

Preface

This book is about visualizing computer security data. The book shows you, step by step, how to visually analyze electronically generated security data. IT data must be gathered and analyzed for myriad reasons, including GRC (governance, risk, and compliance) and preventing/mitigating insider threats and perimeter threats. Log files, configuration files, and other IT security data must be analyzed and monitored to address a variety of use-cases. In contrast to handling textual data, visualization offers a new, more effective, and simpler approach to analyzing millions of log entries generated on a daily basis. Graphical representations help you immediately identify outliers, detect malicious activity, uncover misconfigurations and anomalies, and spot general trends and relationships among individual data points. Visualization of data—the process of converting security data into a picture—is the single most effective tool to address these tasks. After all...

A picture is worth a thousand log entries.

To handle today's security and threat landscape, we need new analysis methods. Criminal activity is moving up the network stack. Network-based attacks are becoming more sophisticated, and increasingly attacks are executed on the application layer.

Criminal techniques have adapted. Are you prepared to deal with these new developments? Are you aware of what is happening inside of your networks and applications? In addition to monitoring your networks, you must make sure you are taking an in-depth look at your applications. Because of the vast amount of data that requires analysis, novel methods are needed to conduct the analysis. Visualization can help address these complex data analysis problems.

What This Book Covers

Follow me on an exciting journey through security data visualization. We will start with the basics of data sources needed for security visualization. What are they? What information do they contain, and what are the problems associated with them? I then discuss different ways to display data in charts or more complex visualizations, such as parallel coordinates. You will learn which graphical methods to use and when. The book then takes you through the process of generating graphical representations of your data. A step-by-step approach guarantees that no detail is left out. By introducing an information visualization process, visualization of security data becomes a simple recipe, which I apply in the core of this book to analyze three big areas of security visualization: perimeter threat, compliance, and insider threat. These chapters are hands-on and use-case driven. Open source visualization tools and libraries are discussed in the last chapter of the book. You can find all the tools introduced on the accompanying CD. Without dealing with installations, you can immediately start analyzing your own security data.

The book is a hands-on guide to visualization. Where it covers theoretical concepts and processes, it backs them up with examples of how to apply the theory on your own data. In addition to discussing—step by step—how to generate graphical representations of security data, this book also shows you how to analyze and interpret them.

The goal is to get you excited and inspired. You are given the necessary tools and information to go ahead and embed visualization in your own daily job. The book shows example use-cases that should inspire you to go ahead and apply visualization to your own problems. If one of the chapters covers a topic that is not your responsibility or focus area (for example, compliance), try to see beyond the topic specifics and instead explore the visualizations. The concepts may be valid for other use-cases that you want to address.


What This Book Doesn't Cover - This book covers visualization of computer security data. I do not discuss topics such as binary code or malware analysis. I don't get into the topics of steganography (the art or science of hiding information in images) or system call visualizations. This book is about time-based data and system status records. The data visualized is data you use to operationally secure an organization.

This book is not a compendium of security data sources and possible visual representations. It uses existing visualization methods—charts, parallel coordinates, treemaps, and so on—that are supported by many tools and applications. The book is composed of a sample set of data sources and use-cases to illustrate how visualization can be used.


Audience

I wrote this book for security practitioners. I am introducing new ways to analyze security data to the people who can implement them. Whether you are analyzing perimeter threat issues, investigating insider crimes, or are in charge of compliance monitoring and reporting, this book is meant for you.

The reader should have a basic understanding of programming to follow the Perl and UNIX scripts in this book. I assume that you are familiar with basic networking concepts and have seen a log file before. You don't have to be an expert in IT security or compliance. It helps to have an understanding of the basic concepts, but it is definitely not a prerequisite for this book. Most of all, I want you to read this book with an open mind. Try to see how visualization can help you in your daily job.

Structure and Content

This book follows a simple organization. It introduces basic visualization and data graphing concepts first. It then integrates those concepts with security data and shows how you can apply them to security problems. In the following list, I briefly describe each chapter:

  • Chapter 1: Visualization

  • Visualization is the core topic of this book. The first chapter introduces some basic visualization concepts and graph design principles that help generate visually effective graphs.

  • Chapter 2: Data Sources

  • Visualization cannot exist without data. This chapter discusses a variety of data sources relevant to computer security. I show what type of data the various devices generate, show how to parse the data, and then discuss some of the problems associated with each of the data sources.

  • Chapter 3: Visually Representing Data

  • Data can be visualized in many different ways. This chapter takes a closer look at various forms of visualizations. It first discusses generic graph properties and how they can help encode information. It then delves into a discussion of specific visualizations, such as charts, box plots, parallel coordinates, links graphs, and treemaps. The chapter ends with a discussion of how to choose the right graph for the data visualization problem at hand.

  • Chapter 4: From Data to Graphs

  • This chapter introduces the information visualization process. It is a step-by-step process that guides you through how to take the data and generate a graphical representation of it. It also discusses how to interpret the resulting visual representation. In addition, the chapter discusses ways to process data with various tools, such as UNIX scripts or Perl.

  • Chapter 5: Visual Security Analysis

  • Visually analyzing security data can be separated into three classes: reporting, historical analysis, and real-time monitoring. Historical analysis I discuss in four sections: time-series visualization, correlation graphs, interactive analysis, and forensic analysis. These are the topics discussed in this chapter.

  • Chapter 6: Perimeter Threat

  • This chapter is a collection of use-cases. It starts out with a discussion of use-cases involving traffic-flow analysis. Everything from detecting worms to isolating denial-of-service attacks and monitoring traffic-based policies is covered. The use-cases are then extended to firewall logs, where a large firewall log is analyzed first. In a second part, firewall logs are used to assess the ruleset to find potential misconfigurations or security holes. Intrusion detection signature tuning and wireless access log analysis are the next two use-cases that deal with network layer data. The remainder of the chapter looks at application layer data. Email server logs are first analyzed to find open relays and identify email-based attacks. A second part then looks at social network analysis using email transaction logs. The chapter closes with a discussion of visualizing vulnerability scan data.

  • Chapter 7: Compliance

    This chapter first introduces compliance in a log analysis context. I discuss the basics of control objectives and policies and show which federal or industry regulations require companies to analyze and collect their logs. I then show how visualization can help analyze audit data for compliance. Going through this process, it becomes necessary to start mapping the log files against business processes to weigh their importance. This leads into a risk management discussion and shows how risk-centric security visualizations can be generated. The chapter finishes up with a discussion of two compliance use-cases: the visualization of separation of duties in an application context and the monitoring of databases.

  • Chapter 8: Insider Threat

  • Instead of looking from the outside in, insider threat focuses on monitoring inside the perimeter. This chapter first introduces the topic and discusses different aspects of it, such as who a typical insider is. The chapter then introduces a detection framework that helps assess and monitor individuals. Through the use of so-called precursors, we can then identify potential malicious insiders and find users behaving suspiciously. Visualization is a key component of the insider detection process.

  • Chapter 9: Data Visualization Tools

  • After a short introduction to different data formats used by visualization tools, this chapter then surveys visualization tools and libraries. The chapter then introduces about 20 tools and open source visualization libraries that you can use in your own programs. All of these tools are also available on the accompanying CD, the Data Visualization and Analysis Linux (DAVIX).

Color

Color is a key property of information visualization. Unfortunately, the cost of printing a book in color is quite high. This is why the images in the book are printed in black and white. However, because color is an important graph property, the book contains an insert of 16 color pages in the middle of the book. This insert is a collection of figures from throughout the book that illustrate how color enhances the readability of the visualizations. The following table lists the figures that are featured in the color insert.

Color Insert Table Figures that appear in the color insert

Figure Number

Page Number

Figure 3-1

68

Figure 3-17

86

Figure 3-27

95

Figure 3-39

116

Figure 4-10

141

Figure 4-11

143

Figure 4-12

146

Figure 4-15

150

Figure 6-7

251

Figure 6-12

260

Figure 6-13

261

Figure 6-16

263

Figure 6-17

264

Figure 6-18

265

Figure 6-19

267

Figure 6-24

276

Figure 6-26

284

Figure 6-27

285

Figure 6-38

305

Figure 6-41

308

Figure 6-43

311

Figure 6-44

312

Figure 7-6

342

Figure 8-6

386

Figure 8-16

412

Figure 8-17

413

Figure 8-19

420

Figure 8-23

428

Figure 8-24

430


© Copyright Pearson Education. All rights reserved.

Reviews
This item was reviewed in:
SciTech Book News, December 2008
To find out how to look for other reviews, please see our guides to finding book reviews in the Sciences or Social Sciences and Humanities.
Summaries
Long Description
APPLIED SECURITY VISUALIZATION "Collecting log data is one thing, having relevant information is something else. the art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired." Andreas Wuchner, Head of Global IT Security, Novartis Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats As networks become ever more complex, securing them becomes more and more difficult. the solution is visualization. Using today's state-of-the-art data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. In Applied Security Visualization , leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You'll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with an introduction to a broad set of visualization tools. the book's CD also includes DAVIX, a compilation of freely available tools for security visualization. You'll learn how to: · Intimately understand the data sources that are essential for effective visualization · Choose the most appropriate graphs and techniques for your IT data · Transform complex data into crystal-clear visual representations · Iterate your graphs to deliver even better insight for taking action · Assess threats to your network perimeter, as well as threats imposed by insiders · Use visualization to manage risks and compliance mandates more successfully · Visually audit both the technical and organizational aspects of information and network security · Compare and master today's most useful tools for security visualization Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation. Raffael Marty is chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. an active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcSight, served as IT security consultant for PriceWaterhouseCoopers, and was a member of the IBM Research Global Security Analysis Lab.
Main Description
APPLIED SECURITY VISUALIZATION "Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired." -Andreas Wuchner, Head of Global IT Security, Novartis Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today''s state-of-the-art data visualization techniques, you can gain a far deeper understanding of what''s happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. In Applied Security Visualization , leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You''ll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with an introduction to a broad set of visualization tools. The book''s CD also includes DAVIX, a compilation of freely available tools for security visualization. You'll learn how to: * Intimately understand the data sources that are essential for effective visualization * Choose the most appropriate graphs and techniques for your IT data * Transform complex data into crystal-clear visual representations * Iterate your graphs to deliver even better insight for taking action * Assess threats to your network perimeter, as well as threats imposed by insiders * Use visualization to manage risks and compliance mandates more successfully * Visually audit both the technical and organizational aspects of information and network security * Compare and master today''s most useful tools for security visualization Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation. Raffael Marty is chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. An active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcSight, served as IT security consultant for PriceWaterhouseCoopers, and was a member of the IBM Research Global Security Analysis Lab.
Main Description
APPLIED SECURITY VISUALIZATION "Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired." Andreas Wuchner, Head of Global IT Security, Novartis Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today's state-of-the-art data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. In Applied Security Visualization , leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You'll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with an introduction to a broad set of visualization tools. The book's CD also includes DAVIX, a compilation of freely available tools for security visualization. You'll learn how to: Intimately understand the data sources that are essential for effective visualization Choose the most appropriate graphs and techniques for your IT data Transform complex data into crystal-clear visual representations Iterate your graphs to deliver even better insight for taking action Assess threats to your network perimeter, as well as threats imposed by insiders Use visualization to manage risks and compliance mandates more successfully Visually audit both the technical and organizational aspects of information and network security Compare and master today's most useful tools for security visualization Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation. Raffael Marty is chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. An active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcSight, served as IT security consultant for PriceWaterhouseCoopers, and was a member of the IBM Research Global Security Analysis Lab.
Main Description
APPLIED SECURITY VISUALIZATION "Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired." Andreas Wuchner, Head of Global IT Security, Novartis Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today's state-of-the-art data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. InApplied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You'll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with an introduction to a broad set of visualization tools. The book's CD also includes DAVIX, a compilation of freely available tools for security visualization. You'll learn how to: Intimately understand the data sources that are essential for effective visualization Choose the most appropriate graphs and techniques for your IT data Transform complex data into crystal-clear visual representations Iterate your graphs to deliver even better insight for taking action Assess threats to your network perimeter, as well as threats imposed by insiders Use visualization to manage risks and compliance mandates more successfully Visually audit both the technical and organizational aspects of information and network security Compare and master today's most useful tools for security visualization Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation. Raffael Martyis chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. An active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcS
Long Description
APPLIED SECURITY VISUALIZATION"Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired."-Andreas Wuchner, Head of Global IT Security, NovartisUse Visualization to Secure Your Network Against the Toughest, Best-Hidden ThreatsAs networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today's state-of-the-art data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods.In Applied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You'll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance.He concludes with an introduction to a broad set of visualization tools. The book's CD also includes DAVIX, a compilation of freely available tools for security visualization.You'll learn how to:· Intimately understand the data sources that are essential for effective visualization· Choose the most appropriate graphs and techniques for your IT data· Transform complex data into crystal-clear visual representations· Iterate your graphs to deliver even better insight for taking action· Assess threats to your network perimeter, as well as threats imposed by insiders· Use visualization to manage risks and compliance mandates more successfully· Visually audit both the technical and organizational aspects of information and network security· Compare and master today's most useful tools for security visualizationContains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation.Raffael Marty is chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. An active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcSight, served as IT security consultant for PriceWaterhouseCoopers, and was a member of the IBM Research Global Security Analysis Lab.
Bowker Data Service Summary
The art of transforming all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered.
Table of Contents
Prefacep. xiii
Acknowledgmentsp. xix
About the Authorp. xxiii
Visualizationp. 1
What Is Visualization?p. 2
Why Visualization?p. 3
Visualization Benefitsp. 5
Security Visualizationp. 6
Security Visualization's Dichotomyp. 7
Visualization Theoryp. 8
Perceptionp. 9
Expressive and Effective Graphsp. 11
Graph Design Principlesp. 13
Information Seeking Mantrap. 18
Summaryp. 19
Data Sourcesp. 21
Terminologyp. 22
Security Datap. 23
Common Problemsp. 24
Incomplete Informationp. 25
Source/Destination Confusionp. 26
Packet Capturesp. 27
Traffic Flowsp. 30
Collecting Traffic Flowsp. 32
Aggregating Traffic Flowsp. 35
Clustering Traffic Flowsp. 36
Anonymizing Traffic Flowsp. 36
Firewallsp. 37
Intrusion Detection and Prevention Systemsp. 40
Passive Network Analysisp. 43
Operating Systemsp. 45
Real-Time Operating System Informationp. 46
Operating System State Informationp. 49
Operating System Log Problemsp. 53
Applicationsp. 55
Web Proxyp. 56
Mailp. 58
Databasesp. 60
Configurationsp. 62
Summaryp. 64
VisuallyRepresenting Datap. 65
Graph Propertiesp. 66
Data Typesp. 66
Colorp. 68
Size, Shape, and Orientationp. 69
Chart Axesp. 69
Simple Chartsp. 70
Pie Chartp. 71
Bar Chartp. 72
Line Chartp. 73
3D Bar Chartsp. 74
Stacked Chartsp. 75
Stacked Pie Chartp. 76
Stacked Bar Chartp. 77
Stacked Line Chartp. 78
Histogramsp. 78
Box Plotsp. 80
Scatter Plotsp. 82
Parallel Coordinatesp. 85
Link Graphsp. 87
Mapsp. 93
Treemapsp. 96
Three-Dimensional Viewsp. 100
Three-Dimensional Scatter Plotsp. 101
Three-Dimensional Link Graphsp. 103
Interaction and Animationp. 104
Interactionp. 104
Animationp. 105
Choosing the Right Graphp. 109
Challengesp. 115
Summaryp. 117
From Data to Graphsp. 119
Information Visualization Processp. 119
Define the Problemp. 121
Assess Available Datap. 122
Process Informationp. 124
Adding Additional Datap. 126
Filtering Log Entriesp. 127
Aggregationp. 128
Data Processing Challengesp. 129
Visual Transformationp. 132
Data Mappingp. 132
Size and Shapep. 137
Colorp. 140
View Transformationp. 143
Aggregationp. 144
Interpret and Decidep. 146
Tools for Data Processingp. 150
Excel, OpenOffice, and Text Editorsp. 151
Regular Expressionsp. 151
UNIX toolsp. 152
Perlp. 155
Parsersp. 157
Other Toolsp. 158
Summaryp. 158
Visual Security Analysisp. 161
Reportingp. 162
Reporting Toolsp. 164
Issues and Problemsp. 165
Reporting Machine Access-An Examplep. 165
Historical Analysisp. 169
Time-Series Visualizationp. 169
Correlation Graphsp. 189
Interactive Analysisp. 192
Forensic Analysisp. 197
Real-Time Monitoring and Analysisp. 228
Dashboardsp. 228
Situational Awarenessp. 236
Summaryp. 237
Perimeter Threatp. 239
Traffic-Flow Monitoring and Analysisp. 240
Service Characteristicsp. 240
Service Anomaliesp. 245
Worm Detectionp. 250
Denial of Servicep. 254
Botnetsp. 257
Policy-Based Traffic-Flow Analysisp. 264
Firewall Log Analysisp. 268
Firewall Visualization Processp. 268
Firewall Ruleset Analysisp. 272
Intrusion Detection System Signature Tuningp. 278
Wireless Sniffingp. 286
Email Data Analysisp. 290
Email Server Analysisp. 291
Social Network Analysisp. 298
Vulnerability Data Visualizationp. 302
Risk-Posture Visualizationp. 304
Vulnerability-Posture Changesp. 310
Summaryp. 312
Compliancep. 315
Policies, Objectives, and Controlsp. 316
Regulations and Industry Mandatesp. 318
IT Control Frameworksp. 322
Logging Requirementsp. 324
Auditp. 328
Audit Data Visualizationp. 332
Business Process Monitoringp. 333
Compliance Monitoringp. 338
Risk Managementp. 343
Control Objective Prioritizationp. 345
Risk Visualizationp. 346
Separation of Dutiesp. 356
An Example of Applying Visualization to an SoD Auditp. 357
Generating SoD Graphsp. 360
Database Monitoringp. 362
Summaryp. 370
Insider Threatp. 373
Insider Threat Visualizationp. 374
What Is a Malicious Insider?p. 374
Three Types of Insider Crimesp. 375
Information Theftp. 376
Fraudp. 382
Sabotagep. 387
Who Are the Malicious Insiders?p. 390
Information Theftp. 390
Fraudsterp. 391
Saboteurp. 391
A Detection Framework for Malicious Insidersp. 392
Precursorsp. 392
Assigning Scores to Precursorsp. 394
Insider-Detection Processp. 396
Summary of Insider-Detection Processp. 408
Insider-Detection Process at Workp. 409
Improved Insider-Detection Processp. 414
Watch Listsp. 415
Adding Watch Lists to the Insider-Detection Processp. 419
Grouping Precursors into Bucketsp. 420
Candidate Graph Based on Precursor Bucketsp. 422
Improved Insider-Detection Process Summaryp. 424
Extended Insider-Detection Process at Workp. 424
Challengesp. 431
Proactive Mitigationp. 432
Sample Precursorsp. 433
Summaryp. 444
Data Visualization Toolsp. 445
Data Inputsp. 446
Comma Separated Valuesp. 446
TM3p. 447
DOTp. 448
GMLp. 449
Freely Available Visualization Toolsp. 450
Static Data Graphsp. 451
Stand-Alone Applicationsp. 464
Open Source Visualization Librariesp. 492
Java Librariesp. 493
Non-Java Librariesp. 494
Charting Librariesp. 495
Libraries Summaryp. 496
Online Toolsp. 497
Swivelp. 498
Many Eyesp. 499
Google Maps and Google Earthp. 499
Google Chart APIp. 501
Commercial Visualization Toolsp. 502
Advizorp. 502
Other Commercial Visualization Toolsp. 504
Summaryp. 505
Indexp. 507
Table of Contents provided by Ingram. All Rights Reserved.

This information is provided by a service that aggregates data from review sources and other sources that are often consulted by libraries, and readers. The University does not edit this information and merely includes it as a convenience for users. It does not warrant that reviews are accurate. As with any review users should approach reviews critically and where deemed necessary should consult multiple review sources. Any concerns or questions about particular reviews should be directed to the reviewer and/or publisher.

  link to old catalogue

Report a problem