Applied Security Visualization
by Raffael Marty
ISBN 978-0-321-51010-5 Amazon.com USD 42.75 Bookpool.com USD 38.95
Reviewed by Richard Austin 01/15/09
As security professionals we are drowning in data: the applications, servers, routers, and other entities that litter our networks can generate massive amounts of data that could provide vital information on critical security questions such as:
The problem lies in making that leap from raw data into timely and usable information. Marty takes a mighty whack at preparing us for that leap. This is a book about visualizing information (reporting is almost never mentioned) and its nine chapters provide a firm basis for making usable sense of the data we already have.
The reader will that the book has three parts: introductory material on visualization (5 chapters), applications of visualization to specific security-related use cases (3 chapters), and a review of visualization tools (one chapter).
The introductory material is worth the price of the book alone. It delves into exactly what we should mean we talk about "visualization" and most importantly, the things that distinguish a good information visualization from a bad one. The first chapter sets the tone of the book by describing what information visualization is and why it can be such an effective way of communicating complex information to human decision makers. As Marty notes, most security professionals have very limited exposure to principles of good visual design and he provides a whirlwind introduction to visualization theory, perception and effective principles of graphical design.
Chapter 2 addresses data sources with all their warts and blemishes. In addition to cataloging common places where useful data hides in our infrastructure, he confronts the problems of inconsistent formats, the need to consolidate data from multiple sources, etc, and shows how these problems can be solved to provide a solid collection of data in usable formats to feed the visualization process.
Chapter 3, titled "Visually Representing Data", begins the discussion of how we should represent data in a visual form. This useful chapter delves into the types of graphs and more importantly the properties that contribute to making them effective in telling the story of the underlying data. The chapter ends with a useful summary table that provides solid guidance in choosing the right graph to match the data and the purpose of the visualization.
Chapter 4, "Data to Graphs", covers the process of actually making the transformation from data to graphical representation. Marty describes an excellent 4-step "Information Visualization Process" to structure this transformation and illustrates it in application.
In the final introductory chapter, "Visual Security Analysis", Marty begins the application of good graphical design in the specialized area of information security. This chapter forms a bridge between the introductory material and the detailed consideration of three use cases in the following chapters.
In chapter 6, Marty considers the use case of "Perimeter Threat" and how visualization can be effectively used in assessing and recognizing threats at the network perimeter.
Chapter 7 considers the use case of "Compliance" and delves into how data visualization can provide effective answers to questions about the state of compliance for an organization.
Chapter 8 considers the thorny use case of "Insider Threat" and how visualization can help make insider abuse (whether in information theft, fraud or sabotage) more visible and identifiable.
Chapter 9 concludes the book with a discussion of "Data Visualization Tools". These tools are pre-installed on the accompanying bootable CD where they can be explored without the necessity of downloading and installing them. Marty calls his customized Linux Environment DAVIX (Data Analysis and Visualization Unix).
In summary this is a very useful contribution to the process of transforming the mountains of data we have available into useful information to both guide and assess our security efforts. Some of the book will be heavy sledding for the more management oriented security professionals (particularly the sections that describe how to use regular expressions, etc, to parse and rearrange fields in the data) but the material on visualization theory, characteristics of a good visualization, etc, are a recommended read for all.
Before beginning life as an itinerant university instructor and cybersecurity consultant, Richard Austin was the storage network security architect for a Fortune 25 company. He welcomes your thoughts and comments at rausti19 at Kennesaw dot edu