January 17, 2018

Virtual Reality in Cyber Security

Filed under: Security Article Reviews,Visualization — @ 17th of January 2018, 18:17

I just read an article on virtual reality (VR) in cyber security and how VR can be used in a SOC.

Image taken from original post

The post basically says that VR helps the SOC be less of an expensive room you have to operate by letting a company take the SOC virtual. Okay. I am buying that argument to some degree. It’s still different to be in the same room with your team, but okay.

Secondly, the article says that it helps tier-1 analysts look at context (I am paraphrasing). So in essence, they are saying that VR helps expand the number of pixels available. Just give me another screen and I am fine. Just having VR doesn’t mean we have the data to drive all of this. If we had it, it would be tremendously useful to show that contextual information in the existing interfaces. We don’t need VR for that. So overall, a non-argument.

There is an entire paragraph of non-sense in the post. VR (over traditional visualization) won’t help monitoring more sources. It won’t help with the analysis of endpoints. etc. Oh boy and “.. greater context and consumable intelligence for the C-suite.” For real? That’s just baloney!

Before we embark on VR, we need to get better at visualizing security data and probably some more advanced cyber security training for employees. Then, at some point, we can see if we want to map that data into three dimensions and whether that will actually help us being more efficient. VR isn’t the silver bullet, just like artificial intelligence (AI) isn’t either.

This is a gem within the article; a contradiction in itself: “More dashboards and more displays are not the answer. But a VR solution can help effectively identify potential threats and vulnerabilities as they emerge for oversight by the blue (defensive) team.” – What is VR other than visualization? If you can show it in three dimensions within some google, can’t you show it in two dimensions on a flat screen?

August 20, 2008

Applied Security Visualization Press

Filed under: Log Analysis,Security Article Reviews,Visualization — @ 20th of August 2008, 12:20

I recorded a couple of podcasts and did some interviews lately about the book. If you are interested in listening in on some of the press coverage:

More information about the Applied Security Visualization book is on the official book page. I am working on figuring out where to put an Errata. There were some minor issues and typos that people reported. If you find anything wrong or you have any generic comments, please let me know!

August 14, 2008

First Amazon for Applied Security Visualization Book

Filed under: Log Analysis,Security Article Reviews,Visualization — @ 14th of August 2008, 11:21

I just saw the first Amazon review for my book. I just don’t understand why the person only gave it four stars, instead of five 😉 Just kidding. Thanks for the review! Keep them coming!

August 13, 2008

Applied Security Visualization Book is Available!

Filed under: Compliance,Log Analysis,Security Article Reviews,Visualization — @ 13th of August 2008, 12:38

picture-5.pngThe Applied Security Visualization book is DONE and available in your favorite store!

Last Tuesday when I arrived at BlackHat, I walked straight up to the book store. And there it was! I held it in my hands for the first time. I have to say, it was a really emotional moment. Seeing the product of 1.5 years of work was just amazing. I am really happy with how the book turned out. The color insert in the middle is a real eye-catcher for people flipping through the book and it greatly helps making some of the graphs better interpretable.

2754352452_e3ed2c1d0f.jpgI had a few copies to give away during BlackHat and DefCon. I am glad I was able to give copies to some people that have contributed by inspiring me, challenging me, or even giving me very specific use-cases that I collected in the book. Thanks everyone again! I really appreciate all your help.

People keep asking me what the next project is now that the book is out. Well, I am still busy. secviz.org is one of my projects. I am trying to get more people involved in the discussions and get more people to contribute graphs. Another project I am starting is to build out a training around the book, which I want to teach at security conferences. I have a few leads already for that. Drop me a note if you would be interested in taking such a training. Maybe I will also get some time to work on AfterGlow some more. I have a lot of ideas on that end…

During DefCon, I recorded a PodCast with Martin McKeay where I talk a little bit about the book.

April 1, 2008

Applied Security Visualization – I Have a Book Cover!

Filed under: Log Analysis,Security Article Reviews,Security Information Management,VI — @ 1st of April 2008, 14:56

Thanks to the design department at Addison Wesley, I have a proposal for a cover page of my upcoming book:

Applied Security Visualization

This is really exciting. I have been working on the book for over a year now and finally it seems that the end is in sight. I have three chapters completely done and they should appear in a rough-cuts program, as an electronic pre-version, very soon (next three weeks). Another three chapters I got back from my awesome review committee and then there are three chapters I still have to finish writing.

Applied Security Visualization should be available by Black Hat at the beginning of August. I will do anything I can to get it out by then.

Technorati Tags: , , , ,

March 21, 2008

Follow me on Twitter: @zrlram

Filed under: Security Article Reviews — @ 21st of March 2008, 09:02

twitter.png I was quite surprised, when I heard that twitter was around for about a couple of years already. I jumped on the band wagon about 2 weeks ago, just before SOURCEBoston. What’s twitter? It’s a micro-blog. It’s IM that can be read by everybody that you authorize. It’s broadcast. You subscribe to people’s feeds and they subscribe to yours. It’s fairly interesting. There is an entire following of security twits who twitter all day long about more or less interesting thing.

What I find very interesting are the RSS-like twitter feeds from, for example, conferences. We had a feed for @SOURCEBoston. There is also one for the RSA Blogger Meetup. I hope to see you there!

Follow me: @zrlram

March 13, 2008

2nd Keynote at SOURCEBoston – Dan Geer

Filed under: Security Article Reviews — @ 13th of March 2008, 09:13

cimg2597_2.jpgDan Geer just gave his keynote at SOURCEBoston. Have you heard Dan Geer speak? If not, I highly encourage you to watch the video of his talk as soon as it is online. I will have to go back and listen to his talk a few more times to absorb some more of it. Dan throws out so many thoughts and concepts that it is hard to follow him, without knowing some of this stuff already. I am sure those of you who have been following Dan were able to retain much more of his talk. I mostly know about Dan’s work from his postings on the security metrics list.

Risk management is a topic that is often discussed by Dan. “Risk management is about affecting the future, not explaining the past.” says Dan. To do effective risk management we need to measure things as best as we can. We need security metrics. We can’t make much progress in security if we don’t have good metrics. We’ve exhausted what we can do with firefighting. Dan has an entire slide-deck of over 400 slides about the topic of security metrics that is incredibly interesting to read up on security metrics and risk management.

Do you need security analogies from other fields? Read the transcript of Dan’s talk as soon as it is up on the SOURCEBoston site. It’s really worth it.

March 12, 2008

AirForce Recruiting For Cyber Offense

Filed under: Security Article Reviews — @ 12th of March 2008, 10:47

picture-6.pngRichard Clarke, during his keynote at SOURCEBoston, talked about the 2007, non-public Presidential cybersecurity directive. One part of the directive is rumored to talk about building an offensive cyber capability (see also Jennifer’s post). Is the fact that the AirForce has changed their recruiting commercial to contain cybersecurity aspects already a first sign that they are looking for talent that can execute on those objectives?
– Live from SOURCEBoston!


March 11, 2008

SOURCE Boston – Be There!

Filed under: Security Article Reviews — @ 11th of March 2008, 15:10



We are frantically preparing for the SOURCE Boston conference which starts tomorrow morning.

You can keep track of the happenings via Twitter. It’s pretty interesting how this Twitter thing is taking off. I will try to update my feed (@zrlram) regularly over the next days so you can keep track of what’s going on.

There are a lot of other Security Twits here who hopefully keep their feeds up to date. I am sure @mediaphyter (Jennifer Leggio) is keeping her feed current with the latest gossip. Careful though, she is not always saying the truth 😉

March 9, 2007

ISSA Journal Articles

Filed under: Security Article Reviews — @ 9th of March 2007, 13:22

I just returned from a hearty breakfast on the 22nd floor of my hotel, overlooking Frankfurt. Great hotel, great views! I was flipping through the pages of the ISSA journal. I haven’t really posted any article reviews in a long time. I got too frustrated, I guess. There is this article, I just can’t resist but making two quick comments. The article was posted in the January 2007 issue and is about managing passwords. The first thing that hit me is that this author actually gives us two email addresses in the “About the Author” box. Why would I need two addresses? Isn’t one enough? Anyways. Sorry. What I was really confused about is that the author talks, in the very first paragraph, about:

“I cannot wait for the day when my PC offers two-factor authentication. -snip- I can’t begin to quantify the convenience that will come from having to convince just my PC that I am who I say I am, and then letting it handle the task of convincing the myriad financial institutions, -snip- that I am who I say I am.”

Wow. Maybe the author should read up on two-factor authentication and the topic of single sign on. They are not the same. And believe me, two-factor authentication is not going to ease your life! It’s one more form of authentication. How can that be easier than two? But again. Single Sign On is not two-factor authentication. It’s a fairly big step between two-factor authentication and single sign on! And I am  not sure whether I really want that. Topic attack surface!