Digging into SIEM Alerts with Visual Graph Analytics

Presented at BSidesLV 2016, Aug. 3, 2016, 5 p.m. (30 minutes)

Our responsibilities are expanding to include larger infrastructures, more applications, and a multitude of security products. As a result, security investigators must navigate big, inter-connected data. Traditional data visualization techniques, like lists, charts, and tables, are great for summaries, but hide individual entities and relationships. Graph visualization, on the other hand, models these entities and relationships as nodes and edges. By exposing structural and temporal information, we can reveal suspicious patterns and anomalies. Over the last year, I've been using Graphistry's visual graph explorer to analyze one of our customer's ArcSight SIEM. In this talk, I will share how I used graph visualization to better understand and detect malicious attack patterns hidden within millions of security logs.

Presenters:

• Paden Tomasello - Software Engineer - Graphistry
  I recently graduated from UC Berkeley, and joined Graphistry because of my interests in performance programming and data analytics. Graphistry, originally spun out of some research done at UC Berkeley, is scaling visual graph analysis by leveraging the power of GPUs in the cloud. Since joining, we have directed our technology toward Security. I still consider myself a novice in this field, so I intend to learn as much as possible while attending BSidesLV. At the same time, I hope I can shed some light onto the benefits of visual graph analytics in security. If your interested in learning more, please don't hesitate to reach out!

Links:

• https://bsideslv2016.sched.com/event/7ZXq/digging-into-siem-alerts-with-visual-graph-analytics

Similar Presentations:

• Black Hat USA 2022 / All Your GNN Models and Data Belong to Me
• BSidesLV 2019 / Grapl - A Graph Platform for Detection and Response
• Kernelcon 2019 / Grapl - A Graph Analytics Platform for DFIR