Date post: | 10-Jul-2015 |
Category: |
Technology |
Upload: | opendns |
View: | 7,471 times |
Download: | 2 times |
1 CONFIDENTIAL
Paris, France, November 2014 Dan Hubbard, CTO OpenDNS
VizSec 2014
2 CONFIDENTIAL
Security people have a legacy of being curious.
3 CONFIDENTIAL
We pull things apart.
4 CONFIDENTIAL
we break them
5 CONFIDENTIAL
we explore
6 CONFIDENTIAL
we discover
7 CONFIDENTIAL
we defend.
8 CONFIDENTIAL
We are curious explorers.
9 CONFIDENTIAL
Turns out curious explorers makes for good defenders.
10 CONFIDENTIAL
Since the mid 80’s
11 CONFIDENTIAL
Yes, 30 years now
12 CONFIDENTIAL
We have been defending through gaining knowledge (samples), exploring them (RCE), and creating vaccines (updates) .
13 CONFIDENTIAL
As the problem scaled we scaled with more curious explorers.
14 CONFIDENTIAL
And more…
15 CONFIDENTIAL
And more…
16 CONFIDENTIAL
And more…
17 CONFIDENTIAL
We got to a point where we could not hire enough defenders.
18 CONFIDENTIAL
So, we automated.
19 CONFIDENTIAL
Hashes, fingerprints, behavior analysis, sandboxing
20 CONFIDENTIAL
Then signatures, heuristics, and anomalies.
21 CONFIDENTIAL
But we still could not scale!
22 CONFIDENTIAL
And along the way we lost our curiosity and we stopped being explorers.
23 CONFIDENTIAL
Meanwhile other industries starting understanding the value of data.
24 CONFIDENTIAL
And the value of large scale compute.
25 CONFIDENTIAL
The information age started
26 CONFIDENTIAL
And we created a culture with an unlimited thirst for data.
27 CONFIDENTIAL
Our appetite for data skyrocketed.
28 CONFIDENTIAL
And the “Big Data” movement started.
29 CONFIDENTIAL
Big Data gave us the ability to absorb a massive amount of data and query it with meaningful results.
30 CONFIDENTIAL
Data helped us solve BIG PROBLEMS.
31 CONFIDENTIAL
Creating cures for disease.
32 CONFIDENTIAL
Mapping critical genomes.
33 CONFIDENTIAL
Predicting natural disasters.
34 CONFIDENTIAL
The world became a lot different.
35 CONFIDENTIAL
Google, Facebook, Amazon, Twitter
36 CONFIDENTIAL
Meanwhile…….
37 CONFIDENTIAL
Security made incremental attempts at better mousetraps.
38 CONFIDENTIAL
Whitelisting, HIPS, Containerization.
39 CONFIDENTIAL
“Next Generation” this.
40 CONFIDENTIAL
“Cyber Defender” that.
41 CONFIDENTIAL
Bottom line…
42 CONFIDENTIAL
We lost pace with technology.
43 CONFIDENTIAL
Which in turn, left us a long way behind in defending.
44 CONFIDENTIAL
And we suffer massive decreases in our efficacy.
45 CONFIDENTIAL
So, lets get back to our roots.
46 CONFIDENTIAL
Embrace the Big Data movement.
47 CONFIDENTIAL
Innovate in Security Visualization.
48 CONFIDENTIAL
And get back to being the curious explorers were are.
49 CONFIDENTIAL
How ?
50 CONFIDENTIAL
To start you need some data to explore.
51 CONFIDENTIAL
More = better
52 CONFIDENTIAL
Diversity in data is important.
53 CONFIDENTIAL
Don’t underestimate the ability to query that data!
54 CONFIDENTIAL
Remove all data silos.
55 CONFIDENTIAL
API’s are critical.
56 CONFIDENTIAL
Science and Art come together.
57 CONFIDENTIAL
Security Visualization Today
58 CONFIDENTIAL
We have made some progress in 2D Security Viz.
59 CONFIDENTIAL
Examples.
60 CONFIDENTIAL
Red October Infrastructure
61 CONFIDENTIAL
SEA: Twitter, Huffington Post, NY Times Hijack
62 CONFIDENTIAL
Moneypak 1
63 CONFIDENTIAL
Moneypak 2
64 CONFIDENTIAL
Kelhios
65 CONFIDENTIAL
Customer Botnet Connections
66 CONFIDENTIAL
Clusters of Algorithmic Scores
67 CONFIDENTIAL
Image are great because they tell a story.
68 CONFIDENTIAL
But its at best a short story.
69 CONFIDENTIAL
Its actually more like a magazine than a book
70 CONFIDENTIAL
Image sequences.
71 CONFIDENTIAL
72 CONFIDENTIAL
This is OK, but it limits our exploration capabilities.
73 CONFIDENTIAL
So we can add context to the visuals.
74 CONFIDENTIAL
75 CONFIDENTIAL
This is a LOT better than “flat” images.
76 CONFIDENTIAL
Helps tell a more complete story.
77 CONFIDENTIAL
But does not open up enough exploration.
78 CONFIDENTIAL
And two dimensions limits the representation and exploration of the data.
79 CONFIDENTIAL
So, how can we REALLY explore the data in a meaningful way?
80 CONFIDENTIAL
We need to be able to interact and explore the data.
81 CONFIDENTIAL
3D models and Interactive visualization allows us to do this.
82 CONFIDENTIAL
Examples.
83 CONFIDENTIAL
These are best viewed in the keynote recording here:
http://labs.opendns.com/2014/12/01/vizsec2014
84 CONFIDENTIAL
Kelhios BotNet
85 CONFIDENTIAL
Kelhios BotNet Over Time
86 CONFIDENTIAL
Red October APT Infrastructure
87 CONFIDENTIAL
Customer BotNet Connection / Relationships
88 CONFIDENTIAL
Ukraine Networks
89 CONFIDENTIAL
Cryptolocker Co-occurrences
90 CONFIDENTIAL
Lets Explore!
91 CONFIDENTIAL
Future Present.
92 CONFIDENTIAL
What if the interface was the visualization?
93 CONFIDENTIAL
What if the interface was the visualization?
94 CONFIDENTIAL
Through the visualization you could manipulate the data.
95 CONFIDENTIAL
Assign Malware
96 CONFIDENTIAL
Assign Malware
97 CONFIDENTIAL
Lastly…
98 CONFIDENTIAL
Viz. is also very good at two key areas in security.
99 CONFIDENTIAL
Education
100 CONFIDENTIAL
Awareness
101 CONFIDENTIAL
People like art.
102 CONFIDENTIAL
All people are curious!
103 CONFIDENTIAL
OpenGraphiti Art
104 CONFIDENTIAL
105 CONFIDENTIAL
106 CONFIDENTIAL
107 CONFIDENTIAL
OpenGraphiti Art Experiment
108 CONFIDENTIAL
109 CONFIDENTIAL
110 CONFIDENTIAL
111 CONFIDENTIAL
112 CONFIDENTIAL
113 CONFIDENTIAL
114 CONFIDENTIAL
115 CONFIDENTIAL
116 CONFIDENTIAL
117 CONFIDENTIAL
The art project was so popular we use it in marketing material.
118 CONFIDENTIAL
And the images are talking points of interest.
119 CONFIDENTIAL
What’s next?
120 CONFIDENTIAL
People like new interfaces.
121 CONFIDENTIAL
Leap Motion
122 CONFIDENTIAL
Oculus Rift
123 CONFIDENTIAL
Predictive modeling with Viz.
124 CONFIDENTIAL
Pour conclure…
125 CONFIDENTIAL
Security needs to get back into the forefront of innovation.
126 CONFIDENTIAL
Embrace the Big Data movement.
127 CONFIDENTIAL
And not just become leaders in Security Visualization
128 CONFIDENTIAL
But innovators in the entire visualization movement.
129 CONFIDENTIAL
Merci Beaucoup
Dan Hubbard dan @ opendns.com Opengraphiti.com
Opendns.com