This year marks the first year in my security career that I get to speak at the Black Hat security conference – and I couldn’t be more excited. On Tuesday, August 6th at 2:15pm local time, I’ll be co-presenting Unveiling The Open Source Visualization Engine For Busy Hackers with Thibault Reuille. Here is the abstract for the talk:
The way a human efficiently digests information varies from person-to-person. Scientific studies have shown that some individuals learn better through the presentation of visual/spatial information compared to simply reading text. Why then do vendors expect customers to consume presented data following only the written word method as opposed to advanced graphical representations of the data? We believe this approach is dated.
To help the neglected visually inclined masses, we decided to create a free and Open Source engine to remove the complexity of creating advanced data visualizations. The ultimate goal of the project was to allow for the visualization of any loosely related data without having to endlessly reformat that data. For the visual/spatial learners, the engine will interpret their own data, whether it be a simple or complex system, and present the results in a way that their brains can understand.
Learning, for visual-spatial learners, takes place all at once, with large chunks of information grasped in intuitive leaps, rather than in the gradual accretion of isolated facts or small steps. For example, a visual-spatial learner can grasp all of the multiplication facts as a related set in a chart much easier and faster than memorizing each fact independently. We believe that some security practitioners might be able to better utilize their respective data sets if provided with an investigative model that their brains can understand.
During this presentation, we will show you how you can take any relational data set, quickly massage the format, and visualize the results. We will also share some observations and conclusions drawn from the results of the visualization that may not have appeared in simple text form. We have used this engine within OpenDNS to track CryptoLocker and CryptoDefense ransomware, Red October malware, and the Kelihos botnet. Additionally, specific Syrian Electronic Army (SEA) campaigns, carding sites, and even a map of the Internet via Autonomous Systems have been visualized using the engine.
OpenGraphiti, what we’ve named the tool, will be made available the day of the presentation. Having used it at work (and for play) I can tell you that it’s going to blow your mind. See you in Vegas and I hope to see some of my readers at the talk 🙂
Looks like I get to go to the land of deep dish pizza (Chicago) at the end of the month to speak at the 2013 (ISC)² Congress. I’ll be giving two talks:
3340: (ISC)² – The Five W’s of Securing Dev/Test Cloud Instances
Wednesday, September 25, 2013: 4:30 PM-5:30 PM
S106b – Cloud Track
Software developers, engineers and quality assurance/testers are spinning up cloud servers outside of IT’s control, and, generally speaking, security is the last thing on their mind. Business leadership and product owners typically turn a blind eye to this practice, often referred to as ‘Shadow IT’, because the business knows that letting the software people get their job done faster ultimately results in software getting delivered faster. What many organizations might not know, however, is that this expedited process, often implemented in the name of ‘Agile Development’ or ‘DevOps’, has the potential for increasing organizational security risks.
4340: (ISC)² – When Lightspeed’s Too Slow: Security Automation At Ludicrous Speed
Thursday, September 26, 2013: 3:30 PM-4:30 PM
S106b – Cloud Track
Deploying new or migrating existing applications to cloud architectures introduces a host of new challenges for teams responsible for SaaS product success. Being able to prove to existing and future customers that the servers, applications and customer data are just as safe and secure in a SaaS offering as they were in the organization’s datacenter is almost always a mandatory customer requirement. This session will highlight the business and technical requirements for SaaS product success as well as the new concerns introduced by adopting cloud to deliver products.
Hopefully I’ll see you there 🙂
I’m hoping my readers can help vote up some of the presentations that I am a part of at BSidesSanFrancisco. As such, here is a consolidated view of the presentations:
Nearly a decade old, the SIEM and log management market has matured over time and is now widely adopted among large enterprises and government agencies seeking to maintain compliance and respond to security incidents. Unfortunately, most SIEM and log management products constrain end users’ ability to drill down and analyze the data, which is so necessary to drive informed incident response and the continuous improvement efforts originally intended by compliance regulations.
Led by a panel of security management experts, this talk will discuss emerging use cases that are “prying open” SIEM platforms, analytics and dashboards. Sub-topics of interest will include:
– How to Walk, Talk and Dream Like a Security “Quant”
– SQL as Cyber-attack Signature Language
– Leveraging BI Tools to Mine Security Data
– Dashboards For All My Friends (CISO, CIO, CEO, Customer 1, Customer 2…)
The goal of this session is to stimulate an industry dialogue on how best to turn “the art of the possible” into “the science of the necessary” when it comes to truly customer-driven security data analysis. Panelists will include: Joe Gottlieb, CEO of SenSage; Andrew Hay, Security Analyst at The 451 Group; and Dan Ritari, Vice President of Enterprise Information Risk Management at Deluxe Corporation. Come join the debate and help shape the revolution!