Riverside: A Network Security Visualization Tool

Presented at ShmooCon 2023, Jan. 21, 2023, 2 p.m. (30 minutes).

Visualizations are a capability that can be leveraged to enrich cybersecurity defenders. Riverside is an open-source network security visualization tool that showcases live traffic between internal hosts and external remote hosts in a real-time network graph. While capturing netflow from internal network devices, users can traverse backwards in time to analyze previous network activity for enriched situational awareness and a thorough understanding of their network security posture. This utility supplements existing tooling to provide more insight for use cases such as incident response, analysis and investigation, and identification of true assets used within a network environment.

Presenters:

• Kaitlyn DeValk
  Kaitlyn DeValk (@kaitlyn_devalk) is an active-duty Coast Guard officer who works in cybersecurity. She recently completed her Master’s Degree in Computer Science from the University of Maryland and previously completed a Bachelor’s in Electrical Engineering at the US Coast Guard Academy. Her professional experience is primarily in vulnerability assessments, penetration testing, and SOC duties. Her certifications include GCIH, GPEN, and CISSP.

Similar Presentations:

• DEF CON 19 (2011) / Port Scanning Without Sending Packets
• HushCon East 2018 / Auralizing Network Traffic - A Sound-Based Approach to Network Analysis
• Kawaiicon (2019) / The Power of Poseidon: Uncovering Your Network & Becoming a Better Defender