VISUAL ANALYTICS – DELIVERING ACTIONABLE SECURITY INTELLIGENCE
Big data and security intelligence are the two hot topics in security for 2013. We are collecting more and more information from both the infrastructure, but increasingly also directly from our applications. This vast amount of data gets increasingly hard to understand. Terms like map reduce, hadoop, mongodb, etc. are part of many discussions. But what are those technologies? And what do they have to do with security intelligence? We will see that none of these technologies are sufficient in our quest to defend our networks and information. Data visualization is the only approach that scales to the ever changing threat landscape and infrastructure configurations. Using big data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. The attendees will learn about log analysis, big data, information visualization, data sources for IT security, and learn how to generate visual representations of IT data. The training is filled with hands-on exercises utilizing the DAVIX live CD.
This class features brand-new material, first presented at BlackHat USA in July 2013. Here is what students said:
"Raffy obviously put a lot of time and effort into preparing for this course. Having already read the book, I expected a lot of the material to be a re-hash of what I already saw in the book. I was surprised at how much new material there was to get out of it. Looking forward to applying a lot of these concepts in the real world."
"Raffael did a great job! He knows and understands the subject matter extremely well. I highly recommend this course and instructor."
"One of the best trainings I have ever taken!"
Visual Analytics - Delivering Actionable Security Intelligence
Dates: December 9-10 & 11-12, 2013
Location: Washington State Convention Center
Seattle, Washington, USA
Sign Up Now
Early registration discount ends October 24th!
Network Forensics and Security Visualization
Date: November 3-4, 2013
Location: Dubai, UAW
Sign Up Now
Sample of Tools and Techniques
Tools to gather data:
- tcpdump and wireshark to analyze packet captures
- argus, nfdump, nfsen, and silk to process traffic flows
- snort, bro, suricata as intrusion detection systems
- p0f, npad for passive network analysis
- iptables, pf, pix as examples of firewalls
We are also using a number of visualization tools to analyze example data in the labs:
- graphviz, tulip, cytoscape, and gephi
- mondrian, ggobi
Under the log management section, we are going to discuss:
- rsyslog, syslog-ng, nxlog
- logstash, graylog
- commercial log management and SIEM solutions
The section on big data is covering the following:
- hadoop (HDFS, map-reduce, HBase, Hive, Impala, Zookeper)
- search engines like: elastic search, Solr
- key-value stores like MongoDB, Cassandra, etc.
- OLAP and OLTP
About the Trainer
Raffael Marty is one of the world's most recognized authorities on security data analytics. The author of Applied Security Visualization and creator of the open source DAVIX analytics platform, Raffy is the founder and ceo of PixlCloud, a next-generation data visualization application for big data. With a track record at companies including IBM Research and ArcSight, Raffy is thoroughly familiar with established practices and emerging trends in data analytics. He has served as Chief Security Strategist with Splunk and was a co-founder of Loggly, a cloud-based log management solution. For more than 12 years, Raffy has helped Fortune 500 companies defend themselves against sophisticated adversaries and has trained organizations around the world in the art of data visualization for security. Practicing zen has become an important part of Raffy's life.
- Data sources
- Data Analysis and Visualization Linux (DAVIX)
- Log data processing
Log Management and SIEM
- Log management and SIEM overview
- Application logging guidelines
- Logging as a service
- Big data technologies
- Information visualization history
- Visualization theory
- Data visualization tools and libraries
- Visualization resources
- Perimeter threat use-cases
- Network flow data
- Firewall data
- IDS/IPS data
- Proxy data
- User activity
- Host-based data analysis