More About Me

Security Visualization. | Data Science. | Big Data.

Raffael Marty

Security Visualization. Data Science. Big Data.

"Yesterday's the past, tomorrow's the future, but today is a gift. That's why it's called the present." - Bill Keane


  • Certified Product Manager, Pragmatic Marketing, October 2006.
  • SANS GIAC Certified Intrusion Analyst (GCIA), February 2005.
  • IBM IT Security Methodology Certification, March 2003.
  • Certified Information System Security Professional (CISSP), November 2002.
  • Masters in Computer Science from Federal Institute of Technology (ETH) in Zurich, Switzerland
  • Teaching assistant for Network Security 2001 at ETH Zurich.

Advisory Boards

Former Advisory Boards


Conference Boards / Program Committees


"If you light a lamp for somebody, it will also brighten your own path." - Buddhist Saying


"When the pupil is ready to learn, a teacher will appear." - Zen Proverb

These are books that I have written and contributed to.

Applied Security Visualization

This book is about visualizing computer security data. The book guides, Step-by step, through visually analyzing electronically generated security data. Insider Threat, Governance, Risk, and Compliance (GRC), and Perimeter Threat all require people to gather and analyze their IT data. Log files, configuration files, and other IT security data needs to be analyzed and monitored to address a variety of use-cases. Instead of handling textual data, visualization is offering a new, more effective, and simpler approach to analyze millions of log entries generated on a daily basis. Graphical representations help immediately identify outliers, detect malicious activity, uncover mis-configurations and anomalies, or spot general trends and relationships among individual data points. Visualization of data - the process of converting security data into a picture - is the single most effective tool to address these tasks.

Security Data Visualization

I wrote a chapter on firewall log analysis and IDS signature tuning using visual methods for Greg's book.

Snort IDS and IPS Toolkit

I wrote a chapter on security data analysis and reporting for the Snort book from Syngress.

Security Data Lake

The term data lake comes from the big data community and starts appearing in the security field more often. A data lake (or a data hub) is a central location where all security data is collected and stored. Sounds like log management or security information and event management (SIEM)? Sure. Very similar. In line with the Hadoop big data movement, one of the objectives is to run the data lake on commodity hardware and storage that is cheaper than special purpose storage arrays, SANs, etc. Furthermore, the lake should be accessible by third-party tools, processes, workflows, and teams across the organization that need the data. Log management tools do not make it easy to access the data through standard interfaces (APIs). They also do not provide a way to run arbitrary analytics code against the data.

Press and Articles

"You will not be punished for your anger; you will be punished by your anger." - Buddha


"Do not speak - unless it improves on silence." - Buddha
  • Raffael Marty, "Cloud Application Logging for Forensics", SAC'11 March 21-25, 2011, TaiChung, Taiwan, ACM 978-1-4503-0113-8/11/03.
  • Kara Nance, Raffael Marty, "Visualizing the Insider Threat", HICSS 2011.
  • Challenge 5 of the Forensic Challenge 2010 - Log Mysteries, May 2010.
  • DAVIX gegen Goliath, Jan P. Monsch/Raffael Marty/Christoph Puppe, iX special Herbst 2008 Sicher im Netz
  • Security Visualization - Learning From The New York Times, a video produced for Source Boston 2008.
  • My GCIA paper. This paper shows how I analyzed a dataset given by SANS. I used graphing techinques, GraphViz and other tools, to automatically generate visual images of the dataset. I was a bit too enthousiastic and wrote way too much. The additional chapters are therefore published here.
  • I was one of the co-authors of Design of an Intrusion-Tolerant Intrusion Detection System, a long-term research project funded by the European Union under the Information Society Fifth Framework Programme.
  • NIST 800-41, contributed to the Guidelines on Firewalls, and Firewall Policy.
  • NIST 800-92, contributed to the Guide to Computer Security Log Management
  • Thor: A Tool to Test Intrusion Detection Systems by Variations of Attacks.
  • My second term project I was working on was to improve an anonymity network by adding so called mixes. Read more on the Mixer page.
  • My first term project I wrote at the Institute of Robotics at the ETH. My task was to develop a device driver for a PCMCIA Adapter and on top of that I had to implement the FAT-Filesystem in order to access ATA-compatible drives. Check out the special page to find out more.
  • During a seminar that I attended while studying computer science, I worked together with Robert Hass on the topic: "IP over Everything". It's about the network layers IP works on, with a strong emphasis on the core-network technologies. Further we present a couple of services which use IP and what functionalities these services will demand from IP. In the services chapter I wrote a paragraph about security in the near future and what criterias the IP protocol will have to fullfill. Further there is another interesting chapter about VPNs. The presentation is available online as well.


  • AfterGlow - A tool to help visualize graphs.
  • SecViz - A place to share and explore security visualization.
  • DAVIX - A live CD for security visualization.

Contact Me