View
417
Download
1
Category
Preview:
DESCRIPTION
This set of slides covers two topics: 1) In support of the Cyber Warfare linked In membership group, I developed profiles for the membership base using Interactive Analytics from Centrifuge. 2) I have included some samples of how Centrifuge can be used to analyze cyber network traffic in support of cyber crimes analysis.
Citation preview
THE FREEDOM TO EXPLORECYBER WARFARE LINKED IN MEMBERSHIP PROFILES & CYBER SECURITY VISUALIZATIONS
2THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
NOTES ABOUT THIS PRESENTATION
This presentation was created for the Cyber Warfare Linked In membership group.Profiles developed used the first 1200 members. No confidential information was used in developing these profiles.Profiles show the membership by industry, location and company and use a variety of visualizations.Visualizations were created by Centrifuge Systems using their Interactive Analytics (IA) technology.This same technology can be used to identify cyber crime.Sample visualizations which show how Interactive Analytics can analyze cyber data are at the end of the presentation.
3THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
INTERACTIVE ANALYTICS
4THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Top 10 Geographic Locations
Washington DC,San Francisco &
Boston top the list.
5THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Top 10 Industries
The two top industries withthe highest membership counts are:
1)Computer & Network Security2)IT and Services
6THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Member Count by Industry & Location
7THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Military Members by Location
Military membersare also concentrated inD.C. with small pockets
scattered throughout the USand in select cities worldwide.
8THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Top Member Counts by Company
Many membershave not specified a company.Other companies have more
than one member.I wonder if the multi-member
companies are focused on one or more industries?
9THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Company Membership by Industry
Booz Allen has membersacross 5 industries with the
highest concentrationin IT & Services.
10THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Member counts in the form of “Heat Maps”
Heat maps show “hot-spots”of member activity. Hot colors like
orange have different membercounts than the cool colors.
11THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Top 5 Industries Linked to Member Location
Links can be set to show the relationships between entities. For example, this link analysis shows locations linked to the top 5 industry groups. Each
globe is a location and can have more than one member. Notice some locations are linked to more than one industry. Let’s zoom in.
12THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Member Locations and Industries
Notice how locations have more than one member and these membersare linked to multiple industries. Let’s select this cross section and just
analyze these members.
13THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Select Nodes to Analyze Further
The nodes highlighted in orange have been
selected. They can be “spun off” so that we can analyze just these
records.
14THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Member Locations & Industries
Some locations (Orlando, Madres Area in India, others) are linked toone industry (Computer and Network Traffic). Other areas (Providence and
Houston) have members from multiple industries. The counts in the “tool tips” are the member counts.
15THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Only Computer & Network Security Members
If we only analyze the Computer and Network Security membership base, we can see that some companies (Mitre and BAE, as examples) have members in
different geographic locations. Let’s see how this technology can analyze Cyber Security data...
THE FREEDOM TO EXPLORETHE USE OF INTERACTIVE ANALYTICS TO DETECT AND PREVENT CYBER ATTACKS
17THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Connecting to Data
Network traffic data can be analyzed in a variety of forms. This is theTable View and shows Source and Destination IP addresses plus additional
information on ports, attachment file size, payload and much more… Connecting to this data is very easy.
18THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Charting Communication Types
Charting can be used to analyze traffic by communication type and other attributes. These profiles lead to
deeper investigations.
19THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Identifying “Hot Spots” using Heat Maps
You can analyze payload by ISP and originating Source to identify
unusually high payloads that may indicate a presence of malware. This
could also be done by destination computer or server. Heat Maps and charts allow analysts to explore the
data in a highly interactive way.
20THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Link Analysis shows Relationships
Link analysis can show the relationships between entities while also displaying key facts in the form of tool tips. Here we see where a source organization (location 6)
is generating more traffic than others. File attachment size and links to other computers or servers could also be shown.
21THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Extending the Analysis
This link analysis shows which sources are communicating through Globelink (ISP). It also shows the linkage between the destination organization and internal
addresses. This can be useful in identifying computers “at risk”. Centrifuge allows you to customize the look & feel of the visualization.
22THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Different Layout Algorithms
Analysts can visualize the data in different forms very quickly. This example shows the link analysis in a linear hierarchy format. This can be useful in quickly
identifying key points of origin and the links to destination addresses.
23THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Access Other Sources of Information
It is essential that analysts stay within the same analytical tool. This speeds up the investigation and allows the analyst to maintain a consistent “train of thought.” Repositories, URLs, unstructured text or any other data source can be accessed
from within Centrifuge.
24THE FREEDOM TO EXPLORE
JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia
Share Insights in Real Time
Centrifuge allows analysts to publish these results to a repository of “live assets” and also send them through secure RSS feeds. The live assets can be updated by
other analysts. This form of collaboration facilitates communication and knowledge transfer.
TONY AGRESTA
Office: 571.830.1390Mobile: 443.253.6810Email: aagresta@centrifugesystems.com
VP OF MARKETING
For additional information, visit centrifugesystems.com or contact:
Recommended