Speaker: L. Aaron Kaplan
This talk will present visualization techniques for IT-security events and incidents.
Conficker demonstrated that sinkholing botnets and logging relevant IT-security events on a massive scale is a powerful weapon for mitigation and remediation. However, naturally these data collections quickly grow to sizes too large to understand or handle. Visualization can prove to be an invaluable tool for the IT security handler to gain insights into the dimensions of a problem as well as for management and even politicians.
Therefore this presentation will show - based on a concrete example - how we can extract understandable information out of a multitude of data sources. The concrete example will deal with DNS, DNScap and NFSen / NFDump visualizations. Since DNS is a hidden treasure box for IT Security and since DNS requests can hint to lots of problems (misconfigurations as well as abuse), visualizing DNS is in our opinion a promising fresh approach.
Finally, a list of practical tools will be presented which participants can use in their own organizations and thus improve their own incident handling.