Author: Raffael Marty
Publisher: Addison Wesley Professional
(www.awprofessional.com)
Published: August 2008
ISBN-10: 0-321-51010-0
ISBN-13: 978-0-321-51010-5
Format: Soft cover, 552 pages, plus companion CD-
ROM
Price: $49.99
Using Visualization to Secure Your Network
You don’t normally associate the concept of visualization with computer networks, unless, of course, you are referring to a specialized type of visualization. And that’s the very reason that the book, “Applied Security Visualization”, has been written. Its content describes the role of state-of-the-art data visualization techniques that can be deployed in order to gain a better understanding of what's happening on a company's network. Being acutely aware of what’s actually occurring on your network means that you are then in a much stronger position to secure your network from all sorts of attack, both external and internal.
Raffael Marty, the author of “Applied Security Visualization”, explains that “visual representations of data enable us to communicate a large amount of information to our viewers. Too often, information is encoded in text. It is more difficult to immediately grasp the essence of something if it is just described in words. In fact, it is hard for the brain to process text. Pictures or images, on the other hand, can be processed extremely well. They can encode a wealth of information and are therefore, well suited to communicate much larger amounts of data to a human. Pictures can use shape, color, size, relative positioning, and so on to encode information, contributing to increased bandwidth between the information and the consumer or viewer.”
The content of “Applied Security Visualization” has been divided into nine chapters. The opening chapter of the book outlines the concepts of visualization, why it is needed, and describes the sorts of benefits that can flow from it being used. Readers are then provided with an overview of visualization theory. Marty regards a basic understanding of the theory as important because it helps readers to “better understand why some displays are so easy to read, whereas others are just horrible and do not seem to serve their purpose of quickly communicating information and letting the user interactively explore it.” It is reassuring to discover that Marty is not intending to turn you, the reader, into a visualization theory expert! Entire books have been, and are currently being written about this topic, and he has included the details of a few books he recommends if you’re interested in gaining a deeper understanding of the theory. Rather, the objective is to have at least some familiarity with the theory in order to make it easier to progress through the remainder of his book.
The second chapter of the book focuses on data sources. Knowledge about the different sorts of information that can ultimately be fed into the visualization process is important because such knowledge has a significant impact on the types of graphs that can or cannot be subsequently generated. In addition, Marty highlights some of the unique problems that can potentially arise from interacting with various data sources. For instance, because application logs tend to be large in size, special consideration needs to be given as to how voluminous amounts of data like that can be successfully visualized. In the next chapter of the book, attention is turned onto the host of ways that data can be visually presented. Just some examples of the many different possibilities include both simple and stacked charts; histograms; scatter plots; link graphs; and three dimensional views.
The majority of readers of “Applied Security Visualization” will, I’m sure, be keen to read the fourth chapter of the book because that’s where Marty discusses, in a step by step fashion, the entire process that is involved in turning raw data into graphs. It is vital, however, to firstly acknowledge that the visualization of data is often not as easy as it may first appear. And secondly, that to be successful, it is essential to define the problem to be solved, or alternatively, to clearly state the objective to be delivered. A section of this chapter is also dedicated to describing a range of handy tools for data processing, ranging from Excel, OpenOffice and text editors through to UNIX tools, Perl, and parsers. The fifth chapter of the book is titled “Visual Security Analysis” and is concerned with the three different classes associated with visually analyzing security data, namely, reporting, historical analysis, and real-time monitoring. This particular chapter is available online for reading as a sample chapter from the book’s publisher, Addison Wesley Professional (www.awprofessional.com).
The next chapter of the book tackles the issue of how to protect a network from externally generated threats. That goal is achieved by presenting a series of use-cases that demonstrate, in a practical manner, how the visual analysis of data can aid in the protection of a network’s perimeter. Examples of three topics discussed in this chapter include firewall log analysis, wireless sniffing, and email data analysis. In a similar fashion, the next two chapters of “Applied Security Visualization” again rely on specific visualization use-cases to firstly cover compliance, and secondly, threats to a network that come from within one’s own company or organization. The term “compliance” often has different meanings (and hype!) depending on the context within which it is used, but here Marty explains how it is possible to adopt a visualization approach to compliance and risk management. His chapter on compliance includes two use-cases which show, as Marty says, “how compliance visualization is more than visualizing risk or controls but can be used for auditing separation of duties and database applications.”
The subject matter of the ninth and final chapter of “Applied Security Visualization” is data visualization tools. It has been broken down into three parts, with the opening part of the chapter introducing readers to the different sorts of data input formats typically used by visualization tools. Two examples of these formats are Comma Separated Values (CSV) and Graph Modeling Language (GML). Another part discusses open source visualization libraries – Java libraries, non Java libraries, and charting libraries – while the remaining part of the chapter is taken up with an investigation into different sorts of tools, for instance, those that are freely available; those that are online-based; and those that can be purchased commercially. It is worth noting here that, based on his own experience and research, Marty’s overall opinion of the tools currently available is that “there is no one tool that I deem “the best” for visualizing data. They all have things they do well, but they also have shortcomings and lack one feature or the other. Even when looking into the commercial space, there are some really good products, but there is not one that I think would address all of your security visualization needs.” In fact, he suggests that “you might even have to write a little bit of code to achieve your goals.”
The companion CD-ROM to the book contains a copy of the DAVIX (Data Analysis & Visualization Linux) software. DAVIX is a compilation of tools for visualizing networks and assessing their security. It comes with a comprehensive manual - over a hundred pages in length, in PDF format – which not only shows you how to quickly get up to speed with the tools, but just as importantly, how to customize the use of those tools to match the unique needs of your company or organization. Typical examples of how DAVIX could be successfully utilized include deciphering the contents of logs, shedding new light on operating system performance metrics, and analyzing SAP user permissions. And where more information about DAVIX is required, links to external manuals and tutorials have been included in the DAVIX manual.
In summary, the major advantages to be achieved by reading “Applied Security Visualization” include the following:
• Becoming familiar with what security visualization actually entails, and the benefits that it has to offer.
• Learning about the different data sources that can be used in the visualization process.
• Knowing about the different graphs that can be generated, as well as other visualization techniques that can be deployed.
• Discovering how the power of visualization can be used to cut through the usually vast amounts of data that need to be analyzed and understood.
• Applying the newly acquired knowledge about visualization to assess threats to your network, and then, most importantly, securing your network.
In conclusion, all of us are familiar with the saying that “A picture is worth a thousand words.” But Marty, the author of "Applied Security Visualization", puts a clever spin on it by rephrasing it as “A picture is worth a thousand log records.” Just imagine how much time could be saved, and how much security could be improved, by adopting a security visualization approach rather than doggedly sticking with conventional methods.