Visualizing Security - The Challenge of 2009
Logster itself is not really interesting to me personally, as using such tool would require that I would have access logs from a web server of interest, to analyze them. What is interesting from both VoIP security, and from generic software security perspective is the integration of visualization of network data together with other sources of data such as geo-location. Imagine a small local flower shop in a small distant town launching their first web portal, and then trying to explain to them that they actually need to secure that web page also. Challenging! Then imagine you show them a map of the world with visualization indicating that actually 99% of all web requests are coming from outside the target market, from different Asian countries. Effective!
What Logster basically does to software security people such as me is visualize the importance of Attack Surface analysis. The interfaces that are open for anyone to access are always most security critical. Knowing the actual users of a service, both desired and unwanted visitors, will help you in your threat analysis. It is also a powerful tool in visualizing the real life threats to management level people. Just having high rates of visitors in your Internet-enabled service does not always mean that you are actually reaching your target market.
Visualization of security is the hype of 2009. Visualization itself is not the goal, but to make security easier to understand and integrate into your processes. Let's look at different technologies that have similar goals:
Dashboards bring together complex reports from complex tools, and interpret them for easier understanding.
Collaboration solutions enable you to save huge amount of time and resources in security auditing by building on top of existing work instead of re-creating everything always from scratch.
Network analyzers visualize and reverse-engineer what is really happening in the network, instead of relying on network architecture charts and similar planning documents, which might not have any indication of the realities in the network.
Security as a Service, or SaaS, in security solutions and services is a funny acronym with double meaning. Security companies worked hard to build solutions like fuzzers that automate security assessment services, and then recently started offering the same solutions again, as a cost-effective repeatable service.
Fast Development - Legacy Providers
Companies that have been truly innovative in security often bring in new technologies before other providers even notice the need for such practices. Fortunately, the fiercely competitive landscape of security has enforced all leading practitioners to follow up what is being done by forerunners of technology. I am truly happy that all these technologies that we helped prototype in early millennium caught up so fast in the generic security landscape. Those players that do not evolve, quickly vanish away from the security market. Ask your security provider what they are doing that will make your life easier!