Applied Security Visualization
- By Raffael Marty
- Published Aug 1, 2008 by Addison-Wesley Professional.
- Copyright 2009
- Dimensions: 7x9-1/4
- Pages: 552
- Edition: 1st
- ISBN-10: 0-321-51010-0
- ISBN-13: 978-0-321-51010-5
- eBook (Watermarked)
- ISBN-10: 0-321-56430-8
- ISBN-13: 978-0-321-56430-6
Register your product to gain access to bonus material or receive a coupon.
Product Author Bios
Raffael Marty is the founder of PixlCloud (http://pixlcloud.com)–a data visualization in the cloud company. His interests span anything related to information visualization and computer security, which is his traditional background. He used to hold various positions in the log management space at companies like Splunk, ArcSight, and IBM research, where he also earned his masters in computer science. Raffy has been instrumental in building and defining the security visualization space. The SecViz (http://secviz.org) portal, the Data Analysis and Visualization Linux (http://davix.secviz.org) (DAVIX), as well as AfterGlow (http://afterglow.sf.net) are some of the prime resources for information related to security visualization. Raffael has spoken at dozens of computer security conferences around the world about visualization of security data.
APPLIED SECURITY VISUALIZATION
“Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired.”
–Andreas Wuchner, Head of Global IT Security, Novartis
Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats
As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today’s state-of-the-art data visualization techniques, you can gain a far deeper understanding of what’s happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods.
In Applied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You’ll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance.
He concludes with an introduction to a broad set of visualization tools. The book’s CD also includes DAVIX, a compilation of freely available tools for security visualization.
You'll learn how to:
• Intimately understand the data sources that are essential for effective visualization
• Choose the most appropriate graphs and techniques for your IT data
• Transform complex data into crystal-clear visual representations
• Iterate your graphs to deliver even better insight for taking action
• Assess threats to your network perimeter, as well as threats imposed by insiders
• Use visualization to manage risks and compliance mandates more successfully
• Visually audit both the technical and organizational aspects of information and network security
• Compare and master today’s most useful tools for security visualization
Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation.
Raffael Marty is chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. An active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcSight, served as IT security consultant for PriceWaterhouseCoopers, and was a member of the IBM Research Global Security Analysis Lab.
8 of 8 people found the following review helpful
A great book on applied security visualization,
This review is from: Applied Security Visualization (Paperback)Our publisher sent me a copy of Raffael Marty's Applied Security Visualization. This book is absolutely worth getting if you're designing information visualizations. The first and third chapters are a great short intro into how to construct information visualization, and by themselves are probably worth the price of the book. They're useful far beyond security. The chapter I didn't like was the one on insiders, which I'll discuss in detail further in the review.
In the intro, the author accurately scopes the book to operational security visualization. The book is deeply applied: there's a tremendous number of graphs and the data which underlies them. Marty also lays out the challenge that most people know about either visualization or security, and sets out to introduce each to the other. In the New School of Information Security, Andrew and I talk about these sorts of dichotomies and the need to overcome them, and so I really liked how Marty called it out explicitly. One... Read more
3 of 3 people found the following review helpful
An excellent combination of informative graphs, security scenarios, and efficient one-line perl parsers,
This review is from: Applied Security Visualization (Paperback)Applied Security Visualization (ASV) is a pioneering book in the emerging field of using visualization techniques to explore and represent data from a security perspective. Many security products - everything from intrusion detection systems, firewalls, SIM's, and AV software - offer methods for visualizing data they collect, but no single product has the ideal visualization interface (whatever that is). A main theme in ASV is to impart the reader with the knowledge and skills necessary to ask new questions about security data (such as a set of IDS event logs or application logs) and show the reader how to visually represent the answers to these questions. If a commercial interface has not been designed to visualize a data set in a particular way, ASV introduces tools and techniques to frequently make this possible. For example, common visualizations of firewall logs involve source and destination IP addresses and port numbers, but suppose that you want to create a link graph that... Read more
3 of 3 people found the following review helpful
The reference book about Security Visualization - a topic you must dig in.,
This review is from: Applied Security Visualization (Paperback)When security professionals are dealing with huge amounts of information, and who is not nowadays, correlation and filtering is not the easiest path (and sometimes enough) to discern what is going on. The in-depth analysis of security data and logs is a time consuming exercise, and security visualization (SecViz) extensively helps to focus on the relevant data and reduces the amount of work required to reach to the same conclusions. It is mandatory to add the tools and techniques associated to SecViz to your arsenal, as they are basically taking advantage of the capabilities we have as humans to visualize (and at the same time analyze) data. A clear example is the insider threat and related incidents, where tons of data sources are available.
The best sentence (unfortunately it is not an image ;) that describes SecViz comes from the author:
A picture is worth a thousand log entries.
This is a great book that joins two separate worlds, visualization and... Read more
› See all 9 customer reviews...
Online Sample Chapter
Table of Contents
Raffael Marty, Applied Security Visualization (0321510100)
Chapter 1 Visualization 1
Chapter 2 Data Sources 21
Chapter 3 VisuallyRepresenting Data 65
Chapter 4 From Data to Graphs 119
Chapter 5 Visual Security Analysis 161
Chapter 6 Perimeter Threat 239
Chapter 7 Compliance 315
Chapter 8 Insider Threat 373
Chapter 9 Data Visualization Tools 445
This book includes free shipping!
This book includes free shipping!
Get access to thousands of books and training videos about technology, professional development and digital media from more than 40 leading publishers, including Addison-Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media, Wrox, Apress, and many more. If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months. That's a total savings of $199.