18.03 20110

Black Hat EU: Among the blind, the squinter rules : Security visualization in the field

Wim Remes starts of his tool as giving us an overview of the lack of visualizati

Miniature Dotted Hot Pink Cake a CC NC ND image from - Stephanie Kilgast's Flicker account

Miniature Dotted Hot Pink Cake a CC NC ND image from – Stephanie Kilgast’s Flicker account

on in security tools. There are some tools that have some visualization, but it is limited and lacks features.

He then takes us through the hall of fail of visualizations and gives us some tips on visualization.

Thinks as a designer, be aware of who you are visualizing for. Each group has different demands for visualization and want to take different things out of it.

He then proceeds to give us some tips and tricks. He recommends to follow the work of Edward Tufte and Stephen Few who have both done excellent work on data visualization.

If you do data visualization you may want to get data from external reports like osvdb.org datalossdb.org and other industry vendors.

Common problems of data visualization are redundant elements like 3D and color. This is expressed in the ink-to-info ratio. You may want to reduce the bell and whistles you use.

Dashboards are often messy, they should really be aware of their screen real estate. Most important places on the screen are top left and the center of the screen. In order to squeze as much info as possible into a dashboard dashboard often get messy.

Wim presents a number of idea’s on how to make these dashboards better.

Visualization can really aid as well. Wim is showing use visualization tools that can really help.

First, Wim shows us a video that represents an attack on a VOIP server. The movie was created using gltail and can be downloaded from http://www.fudgie.org/.

Afterglow is another tool used b Wim a lot, it creates visualization that can really aid understand log files.

Perl perl | chart director which can also help to create understandable graphics form complex data charts.

The Google charts API and Google Visualization API may be a good alternatives as well. Wim demo’s the visualization capabilities of the Google Visualization API by using publicly available data and visualizing it. Naturally you have to be careful of what data you send to a could provider such as Google.

Sparkline and JQPlot are interesting JQuery libraries you can use for data visualization in a good way without sending it to a cloud..

Conclusions:

  • We need data standardization to get more out of visualization
  • You need to understand data before you can successfully visualize it
  • We need to think outside the gox
  • There is more to visualization then pie charts
  • There are tools out there: use them wisely.

Wim Remes is an information security consultant currently working for Ernst and Young in Belgium. With 13 years of experience in IT, most of those in various security roles, he has spent ample time in noisy server rooms and cosy, but still noisy, board rooms. The only big difference is the quality of the drink. In the past decade Wim has been focusing on incident response, security monitoring and trying to prove the value of security to management. Wim has spoken at events like Excaliburcon 2009(Wuxi, China), FOSDEM 2010(Brussels, Belgium) and Source Barcelona 2010(Spain). I am a co-host of the Eurotrash information security podcast and a sporadic blogger. My name can be found in various information security related documents that I contributed to in one way or the other but won’t use for shameless self-promotion.

Comments are closed.