The Power Rank

by on March 12, 2013, 0 comments

ThePowerNode

The Power Rank is a visualization of the chances of winning for all the basketball teams participating in the NCAA Tournament. The teams are organized around a circle grouped by the region they are from. In the center of the circle you can see all the games of the tournament represented by dots. These are connected to the different teams that could possibly take part in the game. When hovering over these dots, the teams get highlighted  and the probability of being the winner of this particular game is shown at the team’s label with a percentage value. You can also hover over particular teams to show what the corresponding chances of winning are in the different games leading to the final (which is the dot in the middle).

This visualization is rather uncommon in that it shows a hierarchy in the middle of the circle with a treelike structure. Of course this is a visualization that can handle only a certain amount of data because the space is limited by the circle.

Tags: , , , , , , ,

NICT Daedalus Cyber-Attack Alert System

by on March 4, 2013, 0 comments

http://www.youtube.com/watch?feature=player_embedded&v=3u5u5A8_SE0#at=77

The National Institute of Information and Communications Technology (NICT)  a Japanese research institute focussing on different areas in the field of ICT has developed a system for detecting and visualizing attacks on networks. Information about attacks and possible alerts is presented in a rather sophisticated visual way.

There is not a lot of information about the project except a short text and a video showing the system in action. According to the video, the Internet is represented by a wireframed 3D globe in the middle of the screen surrounded by several donut charts each one representing a network. The donut chart shows with two colors (black and blue) which IP-adresses are used (blue) and which ones are not used. Alerts associated with certain IP-sources and -destinations are marked on the donut chart with a sign. These can be clicked to get more details about the alert. The application is supposed to be used in conjunction with a security system, so it’s not a standalone SIEM or something comparable.

There is not more information about how to interact with the system. It seems interaction with the system is rather limited, functioning more as a general visual overview. Though it’s an interesting visualization, I think a question about the practical quality of the system might be justified. It seems like without the ability to filter the visual representation by certain attributes it might be difficult to differentiate important information from negligible. Also, it’s not clear why they use a wireframe globe to show connections to the web. Without the geographical information it seems rather odd because lines going to certain points on the globe don’t provide you with additional useful information. Another question arises when looking at the donut charts: What does the position of IP-adresses on the ring segment express? Is it random? Might have been helpful to show the actual network topology or show the network structure by other visual means in a simpler manner, so we could see which parts of a network are attacked by what countries for example.

 

Security Log Visualization with a Correlation Engine

by on February 7, 2013, 0 comments

On the 28th Chaos Communication Congress organized by Chaos Computer Club in Berlin, network security specialist Chris Kubecka talks about how correlation and visualization of network log data from different devices can support the process of finding potential threats and malware. Usually a network is comprised of a variety of different devices that each generates log files in its own format. Having a separate console for each of these devices

Tags: , , , , , ,

LogRhythm

by on February 7, 2013, 0 comments

LogRhythm

LogRhythm is a SIEM that can be applied either in smaller organizations as a single software instance or in midsize to large organizations as a combination of different software applications. It offers log management, event management, reporting, user and file integrity monitoring. The product is easily and quickly deployed due to a helpful configuration wizard. Though LogRhythm is capable of event correlation, compared to its competitors it’s very basic and optimized for the most common use cases. Gartner has positioned the product in their Magic Quadrant for Security Information and Event Management as one of the leaders.

Tags: , , , , , , , , ,

Sentinel, Security Manager (NetIQ)

by on February 6, 2013, 0 comments

NetIQ Sentinel

The company NetIQ offers two SIEM solutions: Sentinel and Security Manager. Sentinel is a product originally offered by Novell. With the recent acquisition of the company by NetIQ there are two products overlapping in their functionality. In the future all functionality will be merged into the Sentinel solution. Sentinel’s strength lies in event correlation and real-time event management. Security Manager lacks this functionality and focuses more on host- and agentbased monitoring capabilities for server platforms, something missing in most SIEMs. Sentinel is a leader in the Gartner Magic Quadrant 2012

Tags: , , , , , , , , ,

Enterprise Security Manager (McAfee)

by on February 6, 2013, 0 comments

McAfee NitroSecurityMcAfee NitroSecurity 2

McAfee NitroSecurity is a software that offers SIEM functionality and log management in one single tool separating it from other SIEM systems. It is scalable and has a high performance, which makes it especially useful for organizations that need to analyse huge numbers of events. The company itself emphasizes the speed of the product as an outstanding feature. It is one of the five products positioned as leader in the Magic Quadrant for Security Information and Event Management.

Tags: , , , , , , ,

Q1 Labs (IBM)

by on February 6, 2013, 0 comments

IBM offers an extensive security system solution called Q1 Labs. This includes several products for different security aspects, like, for example, QRadar Log Manager for collecting, archiving and analyzing network and security event logs or QRadar SIEM for real-time analysis of security alerts and correlating data from different sources to detect any threats. The product distinguishes itself from other products by its ability to collect and process NetFlow data, by deep packet inspection (DPI) and behavior analysis for all supported event sources. According to Gartner it can be considered one of the leaders in the field (Gartner 2012).

QRadar SIEM Dashboard

Tags: , , , , , , ,

HP Enterprise Security Products and ArcSight

by on February 5, 2013, 0 comments

ArcSight ESM DashboardIn their business unit ESP (Enterprise Security Products) Hewlett Packard offers several security tools in three different areas: Application Security (Fortify), Information Security (ArcSight) and Network and Cloud Security (Tipping Point). While Fortify is targeted at software security, ArcSight can be considered a SIEM (Security Information and Event Management) system. TippingPoint is a defense system against cyber attacks and threats.
According to Gardner ArcSight can be considered as one of the leaders in the field of SIEMs. There are different ArcSight SIEM solutions available depending, if you are  interested in recording and analyzing log information or if you are focussing on real-time security events. The choice for one of the solutions is also dependent on the size of your network.

Though ArcSight is one of the most popular products on the market on the market it has its shortcomings:

“ArcSight Enterprise Security Manager is complex in terms of deployment and performance management.”

Tags: , , , , , , , ,

CNN Ecosphere

by on January 29, 2013, 0 comments

The CNN Ecosphere is an interactive visualization of tweets about the COP17 Conference on Climate Change in Durban, South Africa. Tweets with the hashtag #COP17 are organized in threedimensional trees around a globe. The different discussed topics are split into different trees with each tweet being a leaf in the tree. Depending on how the discussion develops over time, growth in the trees is stimulated more or less. By clicking and dragging the globe and the trees can be turned around. There is a timeline slider at the bottom to select a certain day in the past. Also, Different topics can be selected at the bottom. Clicking them automatically zooms in to these trees. When a tree is zoomed in, the each tweet can be read by hovering over the leaves.
While the visualization is quite impressive and beautiful, the interface is very limited and the overall performance of the app is rather slow.

ecosphere 1

Tags: , , , ,

Splunk

by on January 28, 2013, 0 comments

splunk_dashboard 2 splunk_dashboard

Splunk is a general tool for analysing data in huge IT infrastructures. It consists of different tools that can be utilized in different contexts. With the “Splunk App for Enterprise Security” potential threats and security incidents can be observed, analysed and classified. Users of the app are presented with a web dashboard that visualizes different aspects of the network.

Tags: , , , , , , , , , ,