Raffael Marty's blog

Security Visualization

by Raffael Marty

Raffael Marty is chief security strategist and senior product manager at Splunk. Fully immersed in industry initiatives, standards efforts and activities, Raffy lives and breathes security and visualization. He is the author of 'Applied Security Visualization,' published Aug 1, 2008 by Addison-Wesley Professional.

all posts

Recent | Popular | Most Comments

Be the first to comment
16I like it!

Maturity Scale for IT Data Management

How does the IT data management -- the market that is an umbrella for log management, security information management, and security event management -- look? What are some of the implications based on the maturity scale? Why do some SIM/SEM projects fail and others don't? Are you ripe for advanced analytics and visualization?

Posted on 1/5/09 at 8:28 pm | corrrelation, log management, security event management, security information management

Be the first to comment
33I like it!

How do you encode hundreds of data points into one single graph? Use Sparklines.

Have you tried to visualize your traffic flows? Did you have the problem that your graphs got really cluttered? Did you find a way around that problem? Did you filter data? Did you aggregate multiple nodes into one?

Posted on 11/30/08 at 5:13 pm | network, sparklines, traffic analysis, tufte, visual analysis, visulization

2 comments
10I like it!

How do you visualize your traffic flow (NetFlow) logs?

What are you doing with your traffic flow logs, such as NetFlow? How long does it normally take you to understand what exactly the log entries represent? What if you could generate a visual representation of the machines communicating on your network? Would that make your analysis work easier?

Posted on 11/18/08 at 9:05 am | communication visualization, netflow, security visualization, traffic visualization

5 comments
6I like it!

How do you prepare your security data for visualization?

Do you know how much traffic is transmitted on your networks? Do you know what protocols are in use and what machines are using them? Are there spyware infected machines on your network that leak information?

Posted on 11/17/08 at 12:46 pm | netflow, parser, traffic analysis, traffic flow

Be the first to comment
24I like it!

What is the right graph to use in what situation?

Do you like pie charts? Have you ever thought about replacing them with a bar chart? Or a line chart? Do you know when to use what chart?

Posted on 11/6/08 at 8:39 pm | charts, parallell coordinates, treemap, visualization

Be the first to comment
19I like it!

How do you create good visualizations?

I am sure you have seen graphs that were just horrible to look at. Even worse, it was almost impossible to determine what the graph was trying to communicate. One of the first things you should learn - before you even go ahead and generate a graph - are some simple visualization principles.

Posted on 11/4/08 at 4:32 pm | security visualization, tufte, visualization, visualization principles

Be the first to comment
8I like it!

How Do You Get Started With Security Visualization?

Are you in charge of analyzing large amounts of security data? Have you ever wondered whether there is a better way than reading your logs line by line? Here are some starting points on how to visualize your security data.

Posted on 11/3/08 at 12:27 am | analytics, applied, security, security visualization, visualization

peer-to-peer

Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers

Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal

Tom Henderson
Top Ten General Operating Systems Rants

pasmith
PS3 motion controller delayed; goes up against Project Natal

sjvn
Neolithic Windows security hole alive and well in Windows 7

claird
Perl source code comparison makes for good reading

mikelgan
Cell phones don't create stress or interrupt much

Sandra Henry-Stocker
How to: The Unix Interview

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

Quick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

*E-mail address:

*Verify E-mail:

*Job Title:

*Industry:

*Company Size:

*Country

* State:

I would like to receive offers via email from ITworld partners.

By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.

view all newsletters »

	Friends With Benefits: A Social Media Marketing Handbook Tips, tricks, and real-world case studies to help you increase your online visibility.Enter now!
	Ubuntu Unleashed 2010 Edition Detailed information on installing, using, and administering Ubuntu. Enter now!
	VMware vSphere 4 Implementation Best practices for deploying the vSphere product in real-world enterprise environments.Enter now!