1 CONFIDENTIAL

Paris, France, November 2014 Dan Hubbard, CTO OpenDNS

VizSec 2014

2 CONFIDENTIAL

Security people have a legacy of being curious.

3 CONFIDENTIAL

We pull things apart.

4 CONFIDENTIAL

we break them

5 CONFIDENTIAL

we explore

6 CONFIDENTIAL

we discover

7 CONFIDENTIAL

we defend.

8 CONFIDENTIAL

We are curious explorers.

9 CONFIDENTIAL

Turns out curious explorers makes for good defenders.

10 CONFIDENTIAL

Since the mid 80’s

11 CONFIDENTIAL

Yes, 30 years now

12 CONFIDENTIAL

We have been defending through gaining knowledge (samples), exploring them (RCE), and creating vaccines (updates) .

13 CONFIDENTIAL

As the problem scaled we scaled with more curious explorers.

14 CONFIDENTIAL

And more…

15 CONFIDENTIAL

And more…

16 CONFIDENTIAL

And more…

17 CONFIDENTIAL

We got to a point where we could not hire enough defenders.

18 CONFIDENTIAL

So, we automated.

19 CONFIDENTIAL

Hashes, fingerprints, behavior analysis, sandboxing

20 CONFIDENTIAL

Then signatures, heuristics, and anomalies.

21 CONFIDENTIAL

But we still could not scale!

22 CONFIDENTIAL

And along the way we lost our curiosity and we stopped being explorers.

23 CONFIDENTIAL

Meanwhile other industries starting understanding the value of data.

24 CONFIDENTIAL

And the value of large scale compute.

25 CONFIDENTIAL

The information age started

26 CONFIDENTIAL

And we created a culture with an unlimited thirst for data.

27 CONFIDENTIAL

Our appetite for data skyrocketed.

28 CONFIDENTIAL

And the “Big Data” movement started.

29 CONFIDENTIAL

Big Data gave us the ability to absorb a massive amount of data and query it with meaningful results.

30 CONFIDENTIAL

Data helped us solve BIG PROBLEMS.

31 CONFIDENTIAL

Creating cures for disease.

32 CONFIDENTIAL

Mapping critical genomes.

33 CONFIDENTIAL

Predicting natural disasters.

34 CONFIDENTIAL

The world became a lot different.

35 CONFIDENTIAL

Google, Facebook, Amazon, Twitter

36 CONFIDENTIAL

Meanwhile…….

37 CONFIDENTIAL

Security made incremental attempts at better mousetraps.

38 CONFIDENTIAL

Whitelisting, HIPS, Containerization.

39 CONFIDENTIAL

“Next Generation” this.

40 CONFIDENTIAL

“Cyber Defender” that.

41 CONFIDENTIAL

Bottom line…

42 CONFIDENTIAL

We lost pace with technology.

43 CONFIDENTIAL

Which in turn, left us a long way behind in defending.

44 CONFIDENTIAL

And we suffer massive decreases in our efficacy.

45 CONFIDENTIAL

So, lets get back to our roots.

46 CONFIDENTIAL

Embrace the Big Data movement.

47 CONFIDENTIAL

Innovate in Security Visualization.

48 CONFIDENTIAL

And get back to being the curious explorers were are.

49 CONFIDENTIAL

How ?

50 CONFIDENTIAL

To start you need some data to explore.

51 CONFIDENTIAL

More = better

52 CONFIDENTIAL

Diversity in data is important.

53 CONFIDENTIAL

Don’t underestimate the ability to query that data!

54 CONFIDENTIAL

Remove all data silos.

55 CONFIDENTIAL

API’s are critical.

56 CONFIDENTIAL

Science and Art come together.

57 CONFIDENTIAL

Security Visualization Today

58 CONFIDENTIAL

We have made some progress in 2D Security Viz.

59 CONFIDENTIAL

Examples.

60 CONFIDENTIAL

Red October Infrastructure

61 CONFIDENTIAL

SEA: Twitter, Huffington Post, NY Times Hijack

62 CONFIDENTIAL

Moneypak 1

63 CONFIDENTIAL

Moneypak 2

64 CONFIDENTIAL

Kelhios

65 CONFIDENTIAL

Customer Botnet Connections

66 CONFIDENTIAL

Clusters of Algorithmic Scores

67 CONFIDENTIAL

Image are great because they tell a story.

68 CONFIDENTIAL

But its at best a short story.

69 CONFIDENTIAL

Its actually more like a magazine than a book

70 CONFIDENTIAL

Image sequences.

71 CONFIDENTIAL

72 CONFIDENTIAL

This is OK, but it limits our exploration capabilities.

73 CONFIDENTIAL

So we can add context to the visuals.

74 CONFIDENTIAL

75 CONFIDENTIAL

This is a LOT better than “flat” images.

76 CONFIDENTIAL

Helps tell a more complete story.

77 CONFIDENTIAL

But does not open up enough exploration.

78 CONFIDENTIAL

And two dimensions limits the representation and exploration of the data.

79 CONFIDENTIAL

So, how can we REALLY explore the data in a meaningful way?

80 CONFIDENTIAL

We need to be able to interact and explore the data.

81 CONFIDENTIAL

3D models and Interactive visualization allows us to do this.

82 CONFIDENTIAL

Examples.

83 CONFIDENTIAL

These are best viewed in the keynote recording here:

http://labs.opendns.com/2014/12/01/vizsec2014

84 CONFIDENTIAL

Kelhios BotNet

85 CONFIDENTIAL

Kelhios BotNet Over Time

86 CONFIDENTIAL

Red October APT Infrastructure

87 CONFIDENTIAL

Customer BotNet Connection / Relationships

88 CONFIDENTIAL

Ukraine Networks

89 CONFIDENTIAL

Cryptolocker Co-occurrences

90 CONFIDENTIAL

Lets Explore!

91 CONFIDENTIAL

Future Present.

92 CONFIDENTIAL

What if the interface was the visualization?

93 CONFIDENTIAL

What if the interface was the visualization?

94 CONFIDENTIAL

Through the visualization you could manipulate the data.

95 CONFIDENTIAL

Assign  Malware    

96 CONFIDENTIAL

Assign  Malware    

97 CONFIDENTIAL

Lastly…

98 CONFIDENTIAL

Viz. is also very good at two key areas in security.

99 CONFIDENTIAL

Education

100 CONFIDENTIAL

Awareness

101 CONFIDENTIAL

People like art.

102 CONFIDENTIAL

All people are curious!

103 CONFIDENTIAL

OpenGraphiti Art

104 CONFIDENTIAL

105 CONFIDENTIAL

106 CONFIDENTIAL

107 CONFIDENTIAL

OpenGraphiti Art Experiment

108 CONFIDENTIAL

109 CONFIDENTIAL

110 CONFIDENTIAL

111 CONFIDENTIAL

112 CONFIDENTIAL

113 CONFIDENTIAL

114 CONFIDENTIAL

115 CONFIDENTIAL

116 CONFIDENTIAL

117 CONFIDENTIAL

The art project was so popular we use it in marketing material.

118 CONFIDENTIAL

And the images are talking points of interest.

119 CONFIDENTIAL

What’s next?

120 CONFIDENTIAL

People like new interfaces.

121 CONFIDENTIAL

Leap Motion

122 CONFIDENTIAL

Oculus Rift

123 CONFIDENTIAL

Predictive modeling with Viz.

124 CONFIDENTIAL

Pour conclure…

125 CONFIDENTIAL

Security needs to get back into the forefront of innovation.

126 CONFIDENTIAL

Embrace the Big Data movement.

127 CONFIDENTIAL

And not just become leaders in Security Visualization

128 CONFIDENTIAL

But innovators in the entire visualization movement.

129 CONFIDENTIAL

Merci Beaucoup

Dan Hubbard dan @ opendns.com Opengraphiti.com

Opendns.com