Cloud-based Log Analysis and Visualization

Similar documents

IT Data Visualization

From the Bottom to the Top: The Evolution of Application Monitoring

Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security

Edge Configuration Series Reporting Overview

Background on Elastic Compute Cloud (EC2) AMI s to choose from including servers hosted on different Linux distros

TDAQ Analytics Dashboard

1. INTERFACE ENHANCEMENTS 2. REPORTING ENHANCEMENTS

Building a BI Solution in the Cloud

Sisense. Product Highlights.

Client Overview. Engagement Situation. Key Requirements

How to Grow and Transform your Security Program into the Cloud

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

End-user Security Analytics Strengthens Protection with ArcSight

Copyright 2013 Splunk Inc. Introducing Splunk 6

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

The Purview Solution Integration With Splunk

Addressing Security for Hybrid Cloud

1. INTERFACE ENHANCEMENTS 2. REPORTING ENHANCEMENTS

Assessment & Monitoring

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Data Services and Web Applications

ECS 235A Project - NVD Visualization Using TreeMaps

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

SysPatrol - Server Security Monitor

Flexible Web Visualization for Alert-Based Network Security Analytics

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

4/25/2016 C. M. Boyd, Practical Data Visualization with JavaScript Talk Handout

Network visualization

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

DAVIX Visualization. Workshop

Big Data, Cloud Computing, Spatial Databases Steven Hagan Vice President Server Technologies

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

Security Integration Splunk and ArcSight

_Firewall. Palo Alto. How Logtrust works with Palo Alto Networks

XpoLog Center Suite Log Management & Analysis platform

Assignment # 1 (Cloud Computing Security)

Alice. Software as a Service(SaaS) Delivery Platform. innovation is simplicity

JavaScript and jquery for Data Analysis and Visualization

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

Security visualisation

Monitoring backbone networks

Harnessing the Power of the Microsoft Cloud for Deep Data Analytics

The Importance of Cybersecurity Monitoring for Utilities

End-to-End Application Security from the Cloud

Pwning Intranets with HTML5

Globus Auth. Steve Tuecke. The University of Chicago

What is Security Intelligence?

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

1 Log visualization at CNES (Part II)

How To Protect Your Cloud Computing Resources From Attack

Bridging the gap between COTS tool alerting and raw data analysis

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

d3.js Data-Driven Documents Scott Murray, Jerome Cukier & Jeffrey Heer VisWeek 2012 Tutorial

How To Use Titanium Studio

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Take Your Rocket U2 Apps Mobile with Rocket LegaSuite. Greg Mummah, Product Manager Rocket Software

Why The Security You Bought Yesterday, Won t Save You Today

Google Web Toolkit. Introduction to GWT Development. Ilkka Rinne & Sampo Savolainen / Spatineo Oy

Visualizing a Neo4j Graph Database with KeyLines

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

SAAS BASED INVENTORY MANAGEMENT SYSTEM WHITE PAPER

Security of Cloud Computing for the Power Grid

Situational Awareness Through Network Visualization

API Management: Powered by SOA Software Dedicated Cloud

State of Security Monitoring of Public Cloud

Beyond The Web Drupal Meets The Desktop (And Mobile) Justin Miller Code Sorcery Workshop, LLC

Hunk & Elas=c MapReduce: Big Data Analy=cs on AWS

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Cloud Essentials for Architects using OpenStack

Forcepoint Stonesoft Management Center

Q1 Labs Corporate Overview

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Secure Cloud-Ready Data Centers Juniper Networks

Chapter 11 Cloud Application Development

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Assuria from ZeroDayLab

BIG DATA ANALYTICS REFERENCE ARCHITECTURES AND CASE STUDIES

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Leveraging Cloud-Based Mapping Solutions

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

JavaScript (HTML5, CSS3) Toolkits for InfoVis (Graphics)

Cloud Security Specialist Certification Self-Study Kit Bundle

Deploy. Friction-free self-service BI solutions for everyone Scalable analytics on a modern architecture

How To Manage Sourcefire From A Command Console

FireEye App for Splunk Enterprise

Transcription:

Cloud-based Log Analysis and Visualization DeepSec 2010, Vienna, Austria mobile-166 My syslog Raffael Marty - @zrlram

Raffael (Raffy) Marty Founder @ Chief Security Strategist and Product Manager @ Splunk Manager Solutions @ ArcSight Intrusion Detection Research @ IBM Research IT Security Consultant @ PriceWaterhouse Coopers Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 2

Agenda Introduction Visualization Tools Beaver Challenge Visualization in the Cloud The Cloud Visualization Use-Cases Visualization Visualization Resources 3

The Public Cloud IaaS - Infrastructure PaaS - Platform SaaS - Software LaaS - Logging What is really new and has changed? Raffael Marty - @zrlram 4

Visibility and Big Data Raffael Marty - @zrlram 5

Visibility Monitoring -Performance -Availability -Ephemeral Infrastructure Security IaaS - Similar to before PaaS - Lack of Infrastructure SaaS - Blind? -New Threats -New Vulnerabilities -Different Risk Distribution Application Instrumentation and Logging Raffael Marty - @zrlram 6

Big Data NoSQL Distributed data stores Distributed queues Map reduce ETL (Extract, Transform, Load)... Raffael Marty - @zrlram 7

Information Visualization Better tools and capabilities Across disciplines More instrumentation Dichotomies Raffael Marty - @zrlram 8

Open Your Eyes 9

Information Visualization? A picture is worth a thousand log records. Explore and Discover Inspire Answer a Question Pose a New Question Increase Efficiency Communicate Information Support Decisions 10

Visualization Tools 11

Reporting vs. Visualization Reporting Libraries -HighCharts -Flot -Google Chart API -Open Flash Chart -HTML5 Visualization Libraries -TheJIT -Graphael -Protovis -ProcessingJS -Flare JavaScript vs. Flash vs. XYZ 12

HighCharts Click-Through On load -near real-time updates Zoom AJAX data input via JSON http://www.highcharts.com/ 13

Google Visualization API http://code.google.com/apis/visualization/interactive_charts.html JavaScript Based on DataTables() Many graphs Playground - http://code.google.com/apis/ajax/playground 14

ProtoVis JavaScript based visualization library Charting Treemaps BoxPlots Parallel Coordinates etc. http://vis.stanford.edu/protovis/ 15

TheJIT http://thejit.org/ JavaScript InfoVis Toolkit Interactive Link Graphs 16

Processing Visualization library Java based Interactive (event handling) Number of libraries to -draw in OpenGL -read XML files -write PDF files Processing JS -JavaScript -HTML 5 Canvas -Web IDE http://processingjs.org/ http://processing.org/ 17

Data Visualization in the Cloud 18

LaaS - Log collection all data in one place Log storage and management index, storage, archive Extremely fast log search across all your data data source agnostic (no parsers) innovative Web shell API log access oauth authentication always on Benefits No installation Easy configuration No maintenance Great scalability 7x24 availability Pay as you go 19

AfterGlow Cloud Grapher Loggly JSON CSV DOT Graph 20

Visualization Use-Cases 21

Old Skewl Yesterday Today - Cloud 22

Traditional Style Yesterday Today - Cloud 23

The Analysis Approach Overview first Zoom Details on demand Principle by Ben Shneiderman 24

NetFlow Visualization Treemap Protovis.JS Size: Amount Brightness: Variance Color: Sensor Shows: Scans - bright spots Thanks to Chris Horsley 25

Firewall Treemap 26

Firewall Log Port Source IP Destination IP 27

IDS Signature Tuning Top signatures

Signatures Over Time

IDS Sig Tuning - Treemap Hierarchy: Source Destination Signature Number of Events Color: Service Size: Number of alerts 30

IDS Sig Tuning - Treemap Hierarchy: Source Destination Signature Number of Events Color: Priority Size: Number of alerts 31

IDS Sig Tuning - Treemap Hierarchy: Signature Source Service (Port) Color: Priority Size: Number of alerts 32

Visualization Resources 33

Share, discuss, challenge, and learn about security visualization. List: secviz.org/mailinglist Twitter: @secviz http://secviz.org 34

Applied Security Visualization Bridging the gap between security and visualization Hands-on, end to end examples Data processing and analysis Chapters Visualization Data Sources From Data to Graphs Perimeter Threat Compliance Insider Threat Visualization Tools Addison Wesley (August, 2008) ISBN: 0321510100 35

about.me/raffy We are hiring! 36