June 27, 2017

Can We Understand Massive Security Data?

Security software and technology are evolving rapidly, allowing security systems to collect and correlate more data about the inner workings of our network and computing systems, than ever before. But nearly no progress has been made in areas relevant to data visualization; which are key to allowing users to comprehend the vast amount of data collected. This puts at risk our ability to understand the key information required to make important decisions related to protecting our data assets. To put this simply, we’re using cutting edge technology to collect security data that we aren’t truly able to fully understand. Without this last piece, how useful are these technologies?

Human Computer Interaction (HCI) has routinely been presented as the methods and means a user interacts with, to control a computer system. I would argue, however, that this interaction must be presented in a bi-directional methodology. Using an application in an intuitive manner is great, but if the data can’t be understood, then we have failed at the second layer of our problem. We need to present these volumes of data in a manner that make that data more intuitive.

So, what’s the problem we face? Historically, we’ve fallen into a static method of presenting security data feeds in a spreadsheet style. Consider the most popular security software application. If you look at intrusion detection, network monitoring, vulnerability scanners, network traffic analyzers, or firewall software, you’ll immediately visualize boxed line after boxed line of data. This is great organization for a computer, because the computing power of the CPU allows the computer to move quickly through this data. The human brain doesn’t work like that, and many people may move through these tomes of data at a snail’s pace.

sguil

A common event screen from security software.

As college graduates, it’s important to you to be as useful to your first job organization, as quickly as possible. If you’re stepping up from using a basic lab style network, to a large corporation with 10k network nodes, the difference in data flow will normally be overwhelming. Our goal: Improve the HCI bi-directional interaction, and enable more immediate comprehension of complex data structures.

My current research is based on understanding video game development concepts. My rationale for this is fairly simple. If you’ve ever walked into a room, when a young child has first been placed in front of a new video game, you’ve likely seen how quickly they assimilate the complex concepts of how the game works, and the actions they need to take, to successfully manage the game environment.

In recent conversations, between myself and UAT Game Programming Program Champion, Derek Clark, he’s referred to this process as the gamification of complex, non-game software. In short, if we can use proven methods for interaction and data conveyance, we can improve the performance of novice and veteran security professionals. As you work your way through your security education, I urge you to consider new methodologies for presenting information, and allowing users to interact with applications you may be creating. Additionally, be sure to keep up with Derek Clark’s blog posts, so you can stay up-to-date on the latest technology with the game development world. In the war to defend our data from attackers, we need every tool and advantage we can get our hands on. In this case, we may have tools available, and there’s no real reason for us to recreate the wheel.

-Russ

Leave A Comment