Visual Security Event Analysis

Presented at DEF CON 13 (2005), July 31, 2005, noon (50 minutes)

In the network security world, event graphs are evolving into a useful data analysis tool, providing a powerful alternative to reading raw log data. By visually outlining relationships among security events, analysts are given a tool to intuitively draw conclusions about the current state of their network and to respond quickly to emerging issues. I will be showing a myriad of graphs generated with data from various sources, such as Web servers, firewalls, network based intrusion detection systems, mail servers, and operating system logs. Each of the graphs will be used to show a certain property of the dataset analyzed. They will show anomalous behavior, misconfigurations and simply help document activities in a network. As part of this talk, I will release a tool tool that can be used to experiment with generating event graphs. A quick tutorial will show how easy it is to generate graphs from security data of your own environment.

Presenters:

• Raffael Marty - Senior Security Engineer, ArcSight Inc

Links:

• https://defcon.org/html/defcon-13/dc13-speakers.html#Marty
• https://infocon.org/cons/DEF CON/DEF CON 13/DEF CON 13 video/DEF CON 13 Hacking Conference Presentation By R Marty - Visual Security Event Analysis - Video.mp4
• https://www.youtube.com/watch?v=rOhkX3fPJb0

Similar Presentations:

• 32C3 (2015) / Graphs, Drones & Phones: The role of social-graphs for Drones in the War on Terror.
• DEF CON 14 (2006) / Visual Log Analysis - The Beauty of Graphs
• Black Hat Asia 2018 / Breaking the Attack Graph: How to Leverage Graphs to Strengthen Security in a Domain Environment