Average Reviews:
(More customer reviews)Security Data Visualization (SDV) is a great book. It's perfect for readers familiar with security who are looking to add new weapons to their defensive arsenals. Even offensive players will find something to like in SDV. The book is essentially an introduction to the field, but it is well-written, organized, and clear. I recommend all security analysts read SDV.
I give five star reviews to books that meet certain criteria. First, the book should change the way I look at a problem, or properly introduce me to thinking about a problem for which I have little or no frame of reference. Although I have been a security analyst for ten years, I have little visualization experience. Author Greg Conti spent just the right amount of time explaining the field, describing key terms (preattentive processing, occlusion, brushing) and displays (star plots, small multiples, TreeMaps). I loved the author's mention of Ben Shneiderman's visualization mantra: "overview first, zoom and filter, details on demand" (p 14).
Second, a five star book should have few or no technical errors. SDV was as sound as they come, at least as far as the security and networking information goes. I can't comment on the author's synthesis of the visualization community. I also liked the case studies in Chs 3, 4, and 5. I liked reading the visualization methodology introduced in the chapter on analyzing firewall logs (Ch 7).
Third, a five star book will make the material actionable. I finished SDV thinking I could try at least some of what I read on my own network. Ch 10 talked about how to build your own visualization tool. I would have liked additional detail on using some of the tools in the book, so perhaps a future edition will expand on that point.
A fourth feature of great books is including current research and referencing outside sources. SDV cited many foundational papers and presentations on visualization in general and security visualization specifically. Chs 6 and 12 addressed these subjects in detail. Ch 11 presented readers with ideas for future projects.
Overall, it should be obvious I really enjoyed reading SDV. My only real complaint seems inherent to the field: how to analyze large data sets. The case study in Ch 5 ("One Night on My ISP") only looks at 303 packets. It is easy to dismiss it since there's hardly any data to analyze. However, I feel that the author's techniques can be creatively scaled if one maintains realistic expectations. SDV is an excellent introduction to the security visualization field and I hope to see other works from the author and others on this important topic.
Click Here to see more reviews about: Security Data Visualization: Graphical Techniques for Network Analysis
Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools - and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence.
Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities.
Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior - like how vulnerabilities are exploited and how worms and viruses propagate.
You'll learn how to use visualization techniques to:
Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document Gain insight into large amounts of low-level packet data Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks View and analyze firewall and intrusion detection system (IDS) logs
Security visualization systems display data in ways that are illuminating to both professionals and amateurs. Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective
No comments:
Post a Comment