Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.

 


 

Applied Security Visualization - FIRST 2008 Talk

I taught a workshop in Vancouver at the FIRST 2008 conference. I put the slides for the talk about Applied Security Visualization online. It covers parts of the book on the same topic. The outline of the talk looks as follows:

 
  • Visualization
  • Log Data Processing
  • IT Data Search
  • Charts and Graphs
  • Visualization Tools
  • DAVIX
  • Perimeter Threat
  • Compliance
  • The podcast discussing the presentation.

    Malware Files Collected By Nepenthes - Imported Symbols Relation

    Malware Files Collected By Nepenthes - Imported Symbols Relation

    With several binaries collected by nepenthes I have correlate the imported symbols with python module pefile and generate an interesting graph.

    CSV:
    ...
    ...
    b02a18d2dca59219b86354a442a95b0e,USER32.DLL
    146d61fca77d748f5a5ecff53afd30e4,KERNEL32.DLL
    146d61fca77d748f5a5ecff53afd30e4,COMCTL32.DLL
    95a7a3e5ea764eed286b53623f9521ab,KERNEL32.DLL
    2059abe419dfeca527b7cf5b53bbee6f,KERNEL32.DLL
    005472c686a5f84ad8e2dea597f50e1d,KERNEL32.DLL
    005472c686a5f84ad8e2dea597f50e1d,ADVAPI32.DLL
    005472c686a5f84ad8e2dea597f50e1d,MPR.DLL
    005472c686a5f84ad8e2dea597f50e1d,OLEAUT32.DLL
    ...
    ...

    Regards

    VizSec 2008 Call for Posters and Demos

    VizSEC 2008 Workshop on Visualization for Cyber Security
    http://vizsec.org/workshop2008/
    September 15, 2008 / Cambridge, MA USA
    In conjunction with RAID 2008

    Submission deadlines:
    Poster and Demo submissions - July 18, 2008

    VizSec is accepting submissions (2 page abstract) for posters and demonstrations. Poster and Demo abstracts will be made available on the VizSec web site.

    Posters
    Posters can be used to describe work in progress or updates to previously published VizSec research or R&D. Poster submissions should consist of a 2 page abstract. Poster will be presented at the VizSec/RAID reception. Abstracts will be made available on the web site.

    Demos
    Demonstrations can be used to show new or updated development efforts. Demo submissions should consist of a 2 page abstract. Demonstrations will take place at the VizSec/RAID reception. (You will need to bring a laptop for demos.) Abstracts will be made available on the web site.

    http://vizsec.org/workshop2008/

    Nepenthes log correlated with ClamAV and ip2country

    Nepenthes log correlated with ClamAV and ip2country

    This file is the result of correlating data from Nepenthes, ip2country and ClamAV, the process is described in the paper
    An approach to malware collection log visualization by Jaime Blasco

    Regards

    New Paper - An approach to malware collection log visualization

    I have just published an article related to malware collection log visualization.

    The paper focus on visualization of Nepenthes logs using AfterGlow. In the paper you can find information about correlation ips with countries and binary files with ClamAV signatures with the goal of generating interesting graphs.

    You can get it at
    An approach to malware collection log visualization

    Regards

    Call for DAVIX Beta Testers

    You may have noticed a page on secviz.org called DAVIX. DAVIX is the upcoming live CD for data analysis and visualization, which will be released at Blackhat/DEFCON in Las Vegas in August 2008.

    We have prepared the second beta version of DAVIX. Raffael and I are now seeking for beta testers that have the time to test DAVIX and answer the questionnaire that comes along with the beta version.

    All completely filled out questionnaires received by me until Monday 23 June 2008 18:00 UTC will enter a raffle for one autographed copy of Raffy's upcoming book Applied Security Visualization. Legal recourse is excluded.

    If you want to participate in the beta test please contact: jan.monsch ät iplosion.com

    Applied Security Visualization

    Author: Raffael Marty
    Publisher: Addison Wesley Professional
    ISBN-10: 0-321-51010-0
    ISBN-13: 978-0-321-51010-5
    Pages: 552
    Publisher Book Home: http://www.informit.com/store/product.aspx?isbn=0321510100
    Safari (electronic version): http://safari.informit.com/9780321585530
    Marketing Material: Book Flyer
    Sample Chapter: Download Chapter 5
    Video Interview: Interview with Raffael Marty.
    Latest version of DAVIX: http://82.197.185.121/davix/release/davix-latest.iso.gz


    “Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired.”
    Andreas Wuchner, Head of Global IT Security, Novartis

    Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats

    As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today’s state-of-the-art data visualization techniques, you can gain a far deeper understanding of what’s happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods.
    In Applied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You’ll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance.
    He concludes with an introduction to a broad set of visualization tools. The book’s CD also includes DAVIX, a compilation of freely available tools for security visualization.
    You'll learn how to:

    • Intimately understand the data sources that are essential for effective visualization

    • Choose the most appropriate graphs and techniques for your IT data

    • Transform complex data into crystal-clear visual representations

    • Iterate your graphs to deliver even better insight for taking action

    • Assess threats to your network perimeter, as well as threats imposed by insiders

    • Use visualization to manage risks and compliance mandates more successfully

    • Visually audit both the technical and organizational aspects of information and network security

    • Compare and master today¿s most useful tools for security visualization


    Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation.

    Errata

    Here are a few typos and errors that I have found or others have found in the book. Thanks for reporting them (either via email to me or as a comment here).

    • Inside cover: My name is mis-spelled (Rafael instead of Raffael)

    • Page 15, Figure 1-7: Similarty should be Similarity in the top right of the figure.

    • Page 26: Says 172. It should say 127.

    • Page 69, under Chart Axes section: "... the vertical axis is generally the y-axis". This should be the z-axis.

    • Page 91, Figure 3-22: Arrow from "web" to "10.0.0.252" should be going the other direction.

    • Page 162 at the very top: It should mention that there are four, not three subcategories.

    • Page 192: line 13 in example: It should be a tilde ~ instead of the [td].

    • Index: MADC should be MACD.

    Press / Related Material


    Past events

    Additional Visualization Tools

    Here is a list of visualization tools. This list is a continuation of what you can find in Chapter 9 "Visualization Tools":

    Sample Figures

    gltail: cisco asa parser

    worked up a cisco asa parser for gltail ( http://www.fudgie.org/ ) to do firewall movies specific to cisco.

    I'll submit to the ruby project for gltail, but if anyone wants it email me at jeff@jeffbryner.com.

    Applied Security Visualization - Book

    Title: Applied Security Visualization
    Author: Raffael Marty
    Source: Addison Wesley Professional
    Publication Date: July 2008 (estimated)

    Excerpt:

    '....As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today's state-of-the-art data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed.

    In Applied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You'll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with a thorough introduction to DAVIX, today's leading toolset for security visualization.


    • Intimately understand the data sources that are essential for effective visualization
    • Choose the most appropriate visualization graphs and techniques for your network data
    • Walk step-by-step through transforming complex data into crystal-clear visual representations
    • Iterate your graphs to deliver even better insight for action
    • Assess threats to your network perimeter, as well as threats generated by insiders
    • Use visualization to manage risks more successfully
    • Visually audit both the technical and organizational aspects of network security
    • Compare and master today's most useful tools for network security visualization

    Contains the powerful Data Analysis and Visualization UNIX (DAVIX) toolset for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation......'

    Read the complete article.

    Nessus vulnerability scanner pigized

    Nessus vulnerability scanner pigized

    Graph of a Nessus scan as seen by Snort and Prelude LML using pig