Security Visualization. Data Science. Big Data.
These are books that I have written and contributed to.
This book is about visualizing computer security data. The book guides, Step-by step, through visually analyzing electronically generated security data. Insider Threat, Governance, Risk, and Compliance (GRC), and Perimeter Threat all require people to gather and analyze their IT data. Log files, configuration files, and other IT security data needs to be analyzed and monitored to address a variety of use-cases. Instead of handling textual data, visualization is offering a new, more effective, and simpler approach to analyze millions of log entries generated on a daily basis. Graphical representations help immediately identify outliers, detect malicious activity, uncover mis-configurations and anomalies, or spot general trends and relationships among individual data points. Visualization of data - the process of converting security data into a picture - is the single most effective tool to address these tasks.
I wrote a chapter on firewall log analysis and IDS signature tuning using visual methods for Greg's book.
I wrote a chapter on security data analysis and reporting for the Snort book from Syngress.
The term data lake comes from the big data community and starts appearing in the security field more often. A data lake (or a data hub) is a central location where all security data is collected and stored. Sounds like log management or security information and event management (SIEM)? Sure. Very similar. In line with the Hadoop big data movement, one of the objectives is to run the data lake on commodity hardware and storage that is cheaper than special purpose storage arrays, SANs, etc. Furthermore, the lake should be accessible by third-party tools, processes, workflows, and teams across the organization that need the data. Log management tools do not make it easy to access the data through standard interfaces (APIs). They also do not provide a way to run arbitrary analytics code against the data.