I just read an article on virtual reality (VR) in cyber security and how VR can be used in a SOC.
Image taken from original post
The post basically says that VR helps the SOC be less of an expensive room you have to operate by letting a company take the SOC virtual. Okay. I am buying that argument to some degree. It’s still different to be in the same room with your team, but okay.
Secondly, the article says that it helps tier-1 analysts look at context (I am paraphrasing). So in essence, they are saying that VR helps expand the number of pixels available. Just give me another screen and I am fine. Just having VR doesn’t mean we have the data to drive all of this. If we had it, it would be tremendously useful to show that contextual information in the existing interfaces. We don’t need VR for that. So overall, a non-argument.
There is an entire paragraph of non-sense in the post. VR (over traditional visualization) won’t help monitoring more sources. It won’t help with the analysis of endpoints. etc. Oh boy and “.. greater context and consumable intelligence for the C-suite.” For real? That’s just baloney!
Before we embark on VR, we need to get better at visualizing security data and probably some more advanced cyber security training for employees. Then, at some point, we can see if we want to map that data into three dimensions and whether that will actually help us being more efficient. VR isn’t the silver bullet, just like artificial intelligence (AI) isn’t either.
This is a gem within the article; a contradiction in itself: “More dashboards and more displays are not the answer. But a VR solution can help effectively identify potential threats and vulnerabilities as they emerge for oversight by the blue (defensive) team.” – What is VR other than visualization? If you can show it in three dimensions within some google, can’t you show it in two dimensions on a flat screen?
I’ve always had issues with 3D honestly. In HCI experiments humans don’t fare well with depth cues. There’s issues of obfuscation if one object is in front of another. I think any display that leverages the entire field of vision is pretty cool, though there are also issues of attention, how we perceive, and the task being performed. I think VR could hold promise for really moving around in a 3D space and really leveraging 3D rather than 2.5D although the use cases I can think of are likely impractical for a SOC. For instance, I can imagine someone studying protein folding in simulations could visualize outputs of their computational experiments, walk around the model to understand it better, maybe modify inputs and resimulate, etc. But yeah – VR for the SOC seems unlikely. To your point, I think we still have a long way to go in just visualizing cyber data well.
Comment by John T Langton — January 18, 2018 @ 5:18 pm
Great points. One of the main points I keep bringing up in these discussions is that physical spaces lend themselves well to VR, but abstract spaces, like the IPv4 address space or similar doesn’t. Mainly because of mapping something arbitrary to ‘depth’, rather than physical depth. Hence the application to protein folding.
Comment by Raffael Marty — January 19, 2018 @ 9:59 am