VISUAL ANALYTICS - DELIVERING ACTIONABLE SECURITY INTELLIGENCE

Raffael Marty - Sophos | July 22-23 & July 24-25



Overview

Big data and security intelligence are two very hot topics in security. We are collecting more and more information from both the infrastructure, but also directly from our applications. This vast amount of data gets increasingly harder to understand. Terms like map reduce, hadoop, spark, elasticsearch, etc. are part of many discussions. But what are those technologies? And what do they have to do with security intelligence? We will see that none of these technologies are sufficient in our quest to defend our networks and information. Data visualization is an approach that scales to the ever changing threat landscape and infrastructure configurations. Using big data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. The attendees will learn about log analysis, big data, information visualization, data sources for IT security, and learn how to generate visual representations of IT data. The training is filled with hands-on exercises utilizing the DAVIX live CD.

Day 1:

Log Analysis
  • Data Sources Discussion such as PCAP, Firewall, IDS, Threat Feeds, etc.
  • Data Analysis and Visualization Linux (DAVIX)
  • Log Data Processing (CSVKit, ...)


Log Management and SIEM
  • Log management and SIEM overview
  • Elastic Stack and Moloch
  • Big data - Hadoop, Spark, ElasticSearch
  • Data Science with R

Day 2:

Visualization
  • Visualization Theory
  • Dashboard design
  • Data Visualization Tools and Libraries - e.g., Mondrian, Gephi, AfterGlow
  • Visualization Resources


Security Visualization Use-cases
  • Perimeter Threat
  • Network Flow Analysis
  • Firewall Visualization
  • IDS/IPS Signature Analysis
  • Vulnerability Scans
  • Proxy Data
  • User Activity
  • Host-based Data Analysis

Who Should Take this Course

Anyone with an interest in data analytics, big data, and visualization. For example, Security Analysts, Security Engineers, Incident Responders, Security Managers, and System Administrators.

Student Requirements

Working UNIX knowledge, some programming experience, and basic familiarity with TCP/IP networking. You should be able to use the Linux command line for some basic scripting and executing of tools.

What Students Should Bring

Students need to bring a laptop with VMWare player or any other software that can run a VMWare image.

What Students Will Be Provided With

Printed handout of slides and an electronic copy of DAVIX life CD.

Trainers

Raffael Marty is vice president of security analytics at Sophos, and is responsible for all strategic efforts around security analytics for the company and its products. He is based in San Francisco, Calif. Marty is one of the world's most recognized authorities on security data analytics, big data and visualization. His team at Sophos spans these domains to help build products that provide Internet security solutions to Sophos' vast global customer base. Previously, Marty launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. With a track record at companies including IBM Research, ArcSight, and Splunk, he is thoroughly familiar with established practices and emerging trends in the big data and security analytics space. Marty is the author of Applied Security Visualization and a frequent speaker at academic and industry events. Zen meditation has become an important part of Raffy's life, sometimes leading to insights not in data but in life.