VIDEO
HIGHLIGHT
Log InSign up
Graph Visualization for Cyber Threat Intelligence
SummaryTranscriptChat

Graph Visualization for Cyber Threat Intelligence

Understanding Cybersecurity Through Graph Data

Introduction to Graph Data in Cybersecurity

  • Corey Lanum introduces the topic of using graph data and visualization for uncovering insights in cybersecurity, emphasizing its growing importance.
  • He defines cybersecurity as a multifaceted domain that involves preventing unauthorized access, detecting breaches, hardening systems against spread, and investigating incidents.

Key Concepts in Cybersecurity

  • The discussion highlights the necessity of connected data to understand relationships between various elements like systems and user accounts.
  • A graph is defined as a model where both data points (nodes) and their relationships (links) are crucial for analysis.

Visualization Techniques

  • Analysts can visualize data through interactive diagrams which help reveal insights about system interactions.
  • However, challenges arise due to the vast amount of cyber-related data that complicates straightforward visualization.

Addressing Big Data Challenges

Expand and Explore Technique

  • Lanum introduces "expand and explore," a method where users search for specific IP addresses within large datasets instead of visualizing everything at once.
  • This technique allows users to add nodes dynamically based on their exploration, enhancing user experience and insight discovery.

Grouping or Combinations Technique

  • Another approach discussed is grouping devices into manageable clusters rather than displaying all nodes individually, reducing overwhelm while maintaining detail accessibility.
  • Users can drill down into groups for more detailed views when necessary, allowing deeper investigation without cluttering the initial visualization.

Filtering Technique

  • The filtering technique enables users to view larger datasets but provides tools to narrow down information relevant to their needs.

Understanding Cybersecurity Visualization

Importance of Data Structure in Cybersecurity

  • Identifying highly connected nodes is crucial for cybersecurity, as it allows for scrutiny of accounts with unexpected access levels.
  • A comprehensive understanding of network assets and their interconnections is essential for effective protection against cyber threats.

Detection and Investigation of Cyber Attacks

  • Traditional log file auditing involves generating entries over time, but this method becomes cumbersome as data volume increases.
  • Graph visualization can enhance the analysis of log entries by representing connections between items, although timing information is often overlooked.

The Role of Timing in Network Activity Analysis

  • Understanding the sequence and timing of events is critical to identifying patterns in network activity, such as denial-of-service attacks.
  • An example illustrates how a simple Google search generates thousands of packets, emphasizing the need to analyze both source/destination and timing.

Interactive Visualizations for Enhanced Insight

  • Timeline visualizations group IP addresses to manage complexity while allowing detailed examination through a lens view.
  • Interactivity between graph views and timeline views enables users to correlate specific traffic events with their corresponding graphical representations.

Investigating Data Breaches

  • Post-attack investigations are vital for understanding incidents, identifying offenders, and preventing future breaches.
  • A modeled graph representation shows publicly known data breaches over two years, linking companies to breach vectors effectively.

Understanding Cybersecurity Breaches and Visualization Tools

Filtering Access Types in Breaches

  • The discussion begins with filtering breaches based on the type of access used, specifically focusing on physical access to computers or servers.
  • It is noted that breaches conducted by cashiers, tellers, or waiters predominantly involved physical access, highlighting a trend related to their roles within the network.

The Role of Animation in Data Visualization

  • Animation is introduced as a valuable tool for visualizing changes in network structure over time, enhancing understanding of data flow.
  • An example is provided where animating the path between IP addresses allows for real-time observation of data movement across the network.

Tools for Graph Visualization

  • The speaker shares insights about the toolkits used for creating visualizations: KeyLines and ReGraph are highlighted as essential tools for node link visualizations.
  • KronoGraph is mentioned as a tool for developing interactive timeline visualizations. All tools offer free evaluations and can be integrated into applications.

Applications Beyond Cybersecurity

  • The products discussed are not limited to cybersecurity; they also find applications in supply chain analysis and fraud detection across various domains.
Video description

Interested in learning more about #CyberThreatIntelligence? Visit our website: https://cambridge-intelligence.com/use-cases/cybersecurity/ As cyber crime diversifies and the complexity of our data grows, it gets harder to investigate attacks and protect our assets. In under 15 minutes, #DataVisualization expert Corey Lanum explains how advanced graph technology is one of the most valuable #CyberSecurityTools available to analysts. He looks at the challenges of huge data sets, and demonstrates techniques you can use with our toolkits to investigate the scope of a cyber attack. #GraphVisualization is a powerful way to understand and protect the structure of your connected assets, and KronoGraph, our timeline visualization toolkit, allows you to identify and examine clusters of unauthorized activity. There's also a focus on investigations: it's important to work out what happened so that you can take steps to prevent future offenders from using the same exploit. As an example you'll see a data breach demonstration visualized in KeyLines. Finally, you'll see how animation can bring the story to life, showing how your network evolves over time, and tracking key events as they unfold. 00:26 What is cybersecurity? 01:26 Building a graph from cyber threat data 02:28 The challenges of huge data sets 02:56 Demo: "Expand and explore" 05:34 Demo: Filtering your data 06:37 Detecting and investigating an attack 07:54 A graph and timeline representation of your data 10:15 Demo: Investigating a data breach 12:05 Animation brings the story to life 12:39 Try our toolkits!