among the blind the squinter rules
play

Among the blind, the squinter rules. Security visualization in the - PowerPoint PPT Presentation

Nov 11, 2023 •235 likes •768 views

Among the blind, the squinter rules. Security visualization in the field About me Wim Remes .Ernst and Young Belgium (ITRA FSO) .Incident Response/Analysis .Security Monitoring (SIEM) .Security Management .Eurotrash podcast .InfosecMentors

  1. Among the blind, the squinter rules. Security visualization in the field

  2. About me Wim Remes .Ernst and Young Belgium (ITRA FSO) .Incident Response/Analysis .Security Monitoring (SIEM) .Security Management .Eurotrash podcast .InfosecMentors @wimremes on twitter wremes-at-gmail-dot-com

  3. Disclaimer The opinions and ideas expressed in this talk are my own and are not endorsed by any corporate entity or church.

  4. Agenda 1. tools can [save|kill] your day 2. visualization hall of fail 3. please your audience 4. tips & tricks 5. Let’s get to work

  5. -1- Tools can [save|kill] your day

  6. What tools can I use ? cool kids use this (not!)

  7. What tools can I use ? - Desktop - Server

  8. Security tools will help ... PS : export to CSV works well ... try it for a 5000+ host network ;)

  9. credit where credit is due ...

  10. this is going in the right direction...

  11. Open source it is then ... grep sed awk perl ... http://www.secviz.org kudos to @zrlram

  12. -2- visualization hall of fail

  13. PIE It ’ s what ’ s in your face

  14. whoa, I take the biggest piece !

  15. Even the best can fail...

  16. sometimes however, they rock ...

  17. to explain simple stuff ;-)

  18. “if bullet points are the obvious killers, pie charts are shurikens”

  19. 3D ?

  20. failing in style ...

  21. playing hide and seek ?

  22. we have to raise the bar or maybe not ...

  23. -3- please your audience

  24. Changing the tune keeps people engaged picture by tochis :http://www.flickr.com/photos/tochis/

  25. Many eyes see different things picture by tochis :http://www.flickr.com/photos/tochis/

  26. you’re the designer

  27. who’s that for ? Management Technical Historical (Near) Real Time Comparative More complex Supporting Decisions Facilitating the job & Business Objectives Actionable! Clear & Concise Actionable ! 42

  28. -4- tips & tricks

  29. Zen master of data visualization Edward Tufte data can be beautiful! data should be beautiful!

  30. Dashboard design guru Stephen Few “The sad thing about dancing bearware is that most people are quite satisfied with the lumbering beast.” Alan Cooper, 1999, the inmates are running the asylum.

  31. sparklines (aka datawords)

  32. Infographs 5 6 7 8 9 10 11 12 13 courtesy of ZoneAlarm (by Checkpoint)

  33. choose your chart wisely http://www.flickr.com/photos/amit-agarwal/3196386402/

  34. Get data from external sources - osvdb.org - datalossdb.org - various industry reports - Verizon DBIR - EY GISS - Trustwave, McAfee, Symantec, ... - virustotal.com - cvedetails.com context creates clarity

  35. 让我们作的更好 (let’s make things better) Vulnerabilities by Severity Level 5 3D? 4 3 2 1 0 25 50 75 100 compared to ? last year? last month?

  36. Messy Dashboards (1/5)

  37. Messy Dashboards (2/5) network status

  38. Messy Dashboards (3/5) Events/Second 1500 1125 750 375 0 12:00 12:10 12:20 12:30 12:40 12:50 13:00

  39. Messy Dashboards (4/5) Top attackers 10.10.10.10 192.168.10.234 172.30.12.15 8.8.8.8 Top targets 172.16.12.30 172.16.12.15 172.16.12.230 172.16.12.120

  40. Messy Dashboards (5/5) Local Network - Inbound bytes 4000 3000 2000 1000 0 9:00 10:00 11:00 12:00 13:00

  41. server health network status Windows Unix Network Events/Second Major Events 1500 worms 1125 portscans 750 failed logins 375 FTP 0 12:00 12:10 12:20 12:30 12:40 12:50 13:00 0 15 30 45 60 Top attackers Top targets 10.10.10.10 172.16.12.30 192.168.10.234 172.16.12.15 172.30.12.15 172.16.12.230 8.8.8.8 172.16.12.120 Local Network - Inbound bytes 4000 3000 2000 1000 0 9:00 10:00 11:00 12:00 13:00

  42. 3,1415926535897932384626433832

  43. Blink...Understand DE NL BE CN US US US Great Lakes KEYWEB TimeNet VolumeDrive EuroAccess RoadRunner ISPSYSTEM-AS Comnet AS

  44. Ok, we can still say it with pie NL CN BE DE US

  45. -4- let’s get to work

  46. Davix | gltail ruby | real time | logs http://www.fudgie.org/ http://dataviz.com.au/blog/Visualizing_VOIP_attacks.html

  47. Davix | afterglow credit: David Bernal Michelena http://www.honeynet.org/challenges/2010_5_log_mysteries

  48. (extra) perl | chart director http://www.secviz.org/content/top-ssh-brute-force-attackers

  49. Google Charts API http://code.google.com/apis/chart/ http://search.cpan.org/dist/URI-GoogleChart/

  50. jquery libraries http://jquery.com/ http://omnipotent.net/jquery.sparkline/ http://www.jqplot.com/

  51. Conclusions - We need data standardization badly - Understand your data - We need to think outside the box - There’s more to visualization than pie charts - There’s tools out there: use them wisely

  52. Thank you wremes@gmail.com - @wimremes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind men called to Jesus using the Messianic title Son of David . Matthew implied that these blind men saw more than the Pharisees and other national leaders

639 views • 27 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior

CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior

THE IMPACT OF THE COVID-19 PANDEMIC ON CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior Research Officer Canadian Council of the Blind COVID-19 Impact Survey Objective To determine the impact that

822 views • 36 slides
Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually

Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually

Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually Impaired Any loss of ability to gather information by seeing might be considered a visual impairment Total Blindness - vision Legally blind - is the

1.19k views • 42 slides
Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind

Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind

Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind 54 M Blind 39 M Global data souce: WHO, IBU See the world through the eyes of a visually impaired person Normal vision Cataract Glaucoma

562 views • 28 slides
Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15,

Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15,

Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15, 2001 Outline Introduction to blind beamforming array Different usages of blind beamforming arrays Applications 1. Acoustic source

301 views • 19 slides
Nanocrafter Xylem vs. r pl r lv r pl r lv r pl r lv + d - d - d + d BLIND BLIND RATINGS

Nanocrafter Xylem vs. r pl r lv r pl r lv r pl r lv + d - d - d + d BLIND BLIND RATINGS

Nanocrafter Xylem vs. r pl r lv r pl r lv r pl r lv + d - d - d + d BLIND BLIND RATINGS BLIND RATINGS CHOICE Compute desired win rate using players rating BLIND RATINGS Compute desired win rate using players rating Compute

670 views • 51 slides
On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore,

On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore,

On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore, India Foteini Baldimtsi, Anna Lysyanskaya 2 Blind Signatures [Chaum'82] Blind signatures are a special type of digital signatures. Signer is

439 views • 33 slides
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4,

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4,

Blind Signatures Ecash Fair Exchange Blind Coinswaps Tokens Conclusion Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4, 2018 Blind Signatures in Scriptless Scripts Jonas Nick

374 views • 22 slides
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17,

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17,

Blind Signatures Ecash Fair Exchange Blind Coinswaps Tokens Conclusion Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17, 2019 Blind Signatures in Scriptless Scripts Jonas Nick

607 views • 24 slides
Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique

Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique

Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique Ecole Normale Suprieure David.Pointcheval@ens.fr http://www.dmi.ens.fr/pointche Strengthened Security for Blind Signatures Summary Blind

370 views • 9 slides
Selection Rules: Selection Rules Each of the spectroscopies have associated selection

Selection Rules: Selection Rules Each of the spectroscopies have associated selection

Selection Rules: Selection Rules Each of the spectroscopies have associated selection rules. Selection rules originate from the quantum mechanical description of electromagnetic radiation interaction with matter. Use time-dependent

424 views • 13 slides
Blind Brooks Vision Promote the continuous intellectual, social and emotional growth of all

Blind Brooks Vision Promote the continuous intellectual, social and emotional growth of all

S TUDENT A SSESSMENT B LIND B ROOK -R YE UFSD November 9, 2016 Blind Brooks Vision Promote the continuous intellectual, social and emotional growth of all students in the Blind Brook school system. 2 The Learning Cycle Curriculum

483 views • 29 slides
The Case for Accessible Digital Images Jen Hale, Archivist, Perkins School for the Blind 2 2

The Case for Accessible Digital Images Jen Hale, Archivist, Perkins School for the Blind 2 2

1 The Case for Accessible Digital Images Jen Hale, Archivist, Perkins School for the Blind 2 2 Workshop for Adults Who Are Blind, South Boston A man sits caning a chair suspended in front of him by a pedestal with a clamp. He wears two

346 views • 5 slides
Blind Spots Restricting Views of Sikhi Landscapes In the aftermath of the tragic Wisconsin

Blind Spots Restricting Views of Sikhi Landscapes In the aftermath of the tragic Wisconsin

Blind Spots Restricting Views of Sikhi Landscapes In the aftermath of the tragic Wisconsin shooting, many questions were raised from the 'outsiders' in terms of the Sikh religion, its basic tenets, beliefs, etc. Rather than looking at the blind

349 views • 6 slides
Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck

Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck

Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck http://jstarck.cosmostat.org Collaborators: Morgan Schmitz Fred Nole Fadi Nammour Weak Gravitational Lensing & Blind Deconvolution - Part I: Introduction to

723 views • 58 slides
Sample Opening Slides to use in a Live Online Class A Resource for Virtual Trainers from Cindy

Sample Opening Slides to use in a Live Online Class A Resource for Virtual Trainers from Cindy

Sample Opening Slides to use in a Live Online Class A Resource for Virtual Trainers from Cindy Huggett, CPLP cindy@cindyhuggett.com A Note for Readers This guide is designed for designers, presenters, trainers and facilitators who wish to

251 views • 11 slides
Simplify Your IoT Deployment from Edge-to-Cloud Edwin. Teo, Sales Manager, Advantech Singapore

Simplify Your IoT Deployment from Edge-to-Cloud Edwin. Teo, Sales Manager, Advantech Singapore

Simplify Your IoT Deployment from Edge-to-Cloud Edwin. Teo, Sales Manager, Advantech Singapore Alan. Kao, Product Manager, Advantech IoT Projects Implementation Viewpoints IoT = Digital Disruption Owner Business Better decision-making

988 views • 20 slides
The tidyverse September 2016 Hadley Wickham @hadleywickham Chief Scientist, RStudio

The tidyverse September 2016 Hadley Wickham @hadleywickham Chief Scientist, RStudio

The tidyverse September 2016 Hadley Wickham @hadleywickham Chief Scientist, RStudio Import Visualise Surprises, but doesn't scale Tidy Transform Create new variables & new summaries Consistent way of storing data Model Scales,

758 views • 60 slides
Making MiniGame Magic Key tricks to pull from your hat to make MiniGames AWESOME! Jeremy

Making MiniGame Magic Key tricks to pull from your hat to make MiniGames AWESOME! Jeremy

Making MiniGame Magic Key tricks to pull from your hat to make MiniGames AWESOME! Jeremy McCammack Clint Hohenstein V.P. of I.T. Location Manager Jenner Ag Jenner Ag Harristown, IL Taylorville, IL Jeremy McCammack I.T .T. F . Field

830 views • 36 slides
Production issues of THGEMS at ELTOS Fulvio Tessarotto ( I.N.F.N. Trieste ) The production

Production issues of THGEMS at ELTOS Fulvio Tessarotto ( I.N.F.N. Trieste ) The production

Production issues of THGEMS at ELTOS Fulvio Tessarotto ( I.N.F.N. Trieste ) The production procedure Quality checks - visual inspection - electrical tests Problems we faced Conclusions 1 RD51 miniweek, WG6, CERN,

696 views • 18 slides
Welc Welcome ome to Trans ransiti ition Ye on Year ar 20 2019-20 20 Page 1 of 20

Welc Welcome ome to Trans ransiti ition Ye on Year ar 20 2019-20 20 Page 1 of 20

Welc Welcome ome to Trans ransiti ition Ye on Year ar 20 2019-20 20 Page 1 of 20 Transition Year Programme Introduction: The Mission: The Transition Year programme in Loreto College Foxrock offers each student a broad holistic

309 views • 20 slides
Biblical Timekeeping: Why We DON'T Use The Rabbinic Calendar Biblical Timekeeping Series - 1

Biblical Timekeeping: Why We DON'T Use The Rabbinic Calendar Biblical Timekeeping Series - 1

Biblical Timekeeping: Why We DON'T Use The Rabbinic Calendar Biblical Timekeeping Series - 1 Rabbinic Calendar Jewish Calendar Hebrew Calendar Hebrew Calculated Calendar Hillel II Calendar The first one to plead his cause seems right,

1.27k views • 107 slides
Introduction To Computer Where do they all go? Programming P High-level Java, C# < Close to

Introduction To Computer Where do they all go? Programming P High-level Java, C# < Close to

Language Levels Introduction To Computer Where do they all go? Programming P High-level Java, C# < Close to problem FORTRAN, COBOL, C++ < System independent Chapter 1 C/C++ P Low-level < Close to system Assembler < Doesnt

320 views • 4 slides

More recommend