Supercharged graph visualization for cyber security
-
Upload
cambridge-intelligence -
Category
Technology
-
view
401 -
download
1
Transcript of Supercharged graph visualization for cyber security
![Page 1: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/1.jpg)
Supercharged graph visualization for cyber security
5th May 2016
Corey Lanum / Ed Wood
09:00 am PDT12:00 noon EDT17:00 BST18:00 CEST
![Page 2: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/2.jpg)
Supercharged graph visualization for cyber security
5th May 2016
Corey Lanum / Ed Wood
![Page 3: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/3.jpg)
Agenda
● Introductions
● Some Challenges of Cyber Data
● Live Demos
● Hints and Tips
● Your Questions
Webinar will be recorded.Video will be shared tomorrow.Please submit questions via Citrix panel!
![Page 4: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/4.jpg)
Cambridge Intelligence
New !
• Founded in 2011
• Cambridge UK & Boston US
• We help organizations to understand connected data:
– Award-winning products
– Developer services
– Expert know-how
![Page 5: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/5.jpg)
• Cross-browser compatibility
• Works on any device
• A fast developer experience
• Rapid deployment
• Easy maintenance
• Full customization
• Powerful functionality
Introducing KeyLines
KeyLines is a powerful SDK for building network visualization web applications:
![Page 6: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/6.jpg)
‘Graph’ data
Enron email traffic
Nodes are people
Links (or ‘Edges’) are emails exchanged
Scale and colour Node using Social Network algorithms
Betweenness = number of shortest paths Nodes are on ; indicates seniority
Links scaled proportional to volume of email
![Page 7: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/7.jpg)
Cyber Security Data
“Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.”
Cyber Security data structures often fit very well with Graph entities and visualisations….E.g. NODES● Machines ● People● Data Centres● Malware Families● Applications ● Credentials
E.g. LINKS● Attack Vectors● Data Packets● Emails● Credentials● Vulnerabilities● Exfiltrated Data
A visual and interactive representation can efficiently uncover patterns, trends and anomalies in complex data-sets
![Page 8: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/8.jpg)
Size / Volume• Huge number of security events generated by SIEM and other
systems...
Challenges of Cyber Data (I)
Generated at millisecond levels of resolution;Typically stored in disparate silos that can be unwieldy to manage.
Challenge is to detect unusual behavior inside terabytes of event and attribute data, including:
● IP logs – detecting indications of infected machines or botnet zombies
● Network logs – uncover applications or users that hog bandwidth so they can optimize systems and prioritize business critical applications.
● Communications logs – for performing analysis to uncover sabotage, espionage or other unwanted activities.
● Web server logs – managing and prevent external threats, such as DDoS attacks.
![Page 9: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/9.jpg)
Complexity• Combination of machine and human
actors
• Subtle interactions of the When and the Where
Noise• Significant events and patterns can
be hidden in a sea of data
• Attackers will attempt to hide their behaviour !
Challenges of Cyber Data (II)
![Page 10: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/10.jpg)
● How to visualize cyber security data:
○ Performance demo
○ Malware demo
○ Data Breach demo
○ Combinations/Grouping demo
○ Geo/TimeBar demo
Demos
![Page 11: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/11.jpg)
KeyLines 3.0!
• Supercharge your charts with (Alpha)
○ Rendering speed up to 10x faster
○ Supported by ‘Big 4’ Browser brandsand most devices
○ Improves fluidity & responsivenesswith larger datasets
• Three new cyber-security demos
○ Inspire creative use of KeyLines
• New Angular directive
○ Performance and compatibility
![Page 12: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/12.jpg)
Your Questions (I)
“Can KeyLines work with real-time data? If so, what visual model / techniques would you recommend?”
• Yes, it does.
• The Time Bar and Tweak Layouts are designed for this.
• Try to limit the volume of data being communicated at any one time. Techniques like combos or ghosting can help.
“What is the maximum number of nodes/links you can handle?”
● HTML5 Canvas - a few thousand.
● WebGL - many tens of thousands.
● Using show/hide, around 1 million. BUT this is rarely useful.
![Page 13: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/13.jpg)
“How easy it is to change the shape, design and layout of nodes and edges?”
• Very easy.
• Shapes, image nodes, font icons and other designs possible.
• 6 extensible & customizable automated layouts available.
“Does WebGL handle rendering thousands of nodes and edges well on machine with say Intel HD 3000?”
• WebGL harnesses machine’s GPU and performance will vary
• For reference, demos today were using Mac Book Air on Intel HD 5000.
Your Questions (II)
![Page 14: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/14.jpg)
Your Questions
+ Live Questions…!
![Page 15: Supercharged graph visualization for cyber security](https://reader030.fdocuments.in/reader030/viewer/2022021509/588461521a28abbd308b4d21/html5/thumbnails/15.jpg)
● Cyber Security data is big, complex and noisy.
● A good cyber security visualization needs:
➔ A well thought-out visual model and defined question
➔ Functionality to overcome complexity and noise
◆ Good layouts, filtering, combos, time bar, geospatial
➔ Power to work with data at scale
● Graph visualization is the ideal tool.
We’d love to help!
Summary