Cyber Warfare Membership Profiles.Final

THE FREEDOM TO EXPLORECYBER WARFARE LINKED IN MEMBERSHIP PROFILES & CYBER SECURITY VISUALIZATIONS

2THE FREEDOM TO EXPLORE

JULY 1ST 2009www.centrifugesystems.com 571-830-1390 Mclean, Virginia

NOTES ABOUT THIS PRESENTATION

This presentation was created for the Cyber Warfare Linked In membership group.Profiles developed used the first 1200 members. No confidential information was used in developing these profiles.Profiles show the membership by industry, location and company and use a variety of visualizations.Visualizations were created by Centrifuge Systems using their Interactive Analytics (IA) technology.This same technology can be used to identify cyber crime.Sample visualizations which show how Interactive Analytics can analyze cyber data are at the end of the presentation.

http://www.centrifugesystems.com/



INTERACTIVE ANALYTICS




Top 10 Geographic Locations

Washington DC,San Francisco &

Boston top the list.




Top 10 Industries

The two top industries withthe highest membership counts are:

1)Computer & Network Security2)IT and Services




Member Count by Industry & Location




Military Members by Location

Military membersare also concentrated inD.C. with small pockets

scattered throughout the USand in select cities worldwide.




Top Member Counts by Company

Many membershave not specified a company.Other companies have more

than one member.I wonder if the multi-member

companies are focused on one or more industries?




Company Membership by Industry

Booz Allen has membersacross 5 industries with the

highest concentrationin IT & Services.




Member counts in the form of “Heat Maps”

Heat maps show “hot-spots”of member activity. Hot colors like

orange have different membercounts than the cool colors.




Top 5 Industries Linked to Member Location

Links can be set to show the relationships between entities. For example, this link analysis shows locations linked to the top 5 industry groups. Each

globe is a location and can have more than one member. Notice some locations are linked to more than one industry. Let’s zoom in.




Member Locations and Industries

Notice how locations have more than one member and these membersare linked to multiple industries. Let’s select this cross section and just

analyze these members.




Select Nodes to Analyze Further

The nodes highlighted in orange have been

selected. They can be “spun off” so that we can analyze just these

records.




Member Locations & Industries

Some locations (Orlando, Madres Area in India, others) are linked toone industry (Computer and Network Traffic). Other areas (Providence and

Houston) have members from multiple industries. The counts in the “tool tips” are the member counts.




Only Computer & Network Security Members

If we only analyze the Computer and Network Security membership base, we can see that some companies (Mitre and BAE, as examples) have members in

different geographic locations. Let’s see how this technology can analyze Cyber Security data...


THE FREEDOM TO EXPLORETHE USE OF INTERACTIVE ANALYTICS TO DETECT AND PREVENT CYBER ATTACKS



Connecting to Data

Network traffic data can be analyzed in a variety of forms. This is theTable View and shows Source and Destination IP addresses plus additional

information on ports, attachment file size, payload and much more… Connecting to this data is very easy.




Charting Communication Types

Charting can be used to analyze traffic by communication type and other attributes. These profiles lead to

deeper investigations.




Identifying “Hot Spots” using Heat Maps

You can analyze payload by ISP and originating Source to identify

unusually high payloads that may indicate a presence of malware. This

could also be done by destination computer or server. Heat Maps and charts allow analysts to explore the

data in a highly interactive way.




Link Analysis shows Relationships

Link analysis can show the relationships between entities while also displaying key facts in the form of tool tips. Here we see where a source organization (location 6)

is generating more traffic than others. File attachment size and links to other computers or servers could also be shown.




Extending the Analysis

This link analysis shows which sources are communicating through Globelink (ISP). It also shows the linkage between the destination organization and internal

addresses. This can be useful in identifying computers “at risk”. Centrifuge allows you to customize the look & feel of the visualization.




Different Layout Algorithms

Analysts can visualize the data in different forms very quickly. This example shows the link analysis in a linear hierarchy format. This can be useful in quickly

identifying key points of origin and the links to destination addresses.




Access Other Sources of Information

It is essential that analysts stay within the same analytical tool. This speeds up the investigation and allows the analyst to maintain a consistent “train of thought.” Repositories, URLs, unstructured text or any other data source can be accessed

from within Centrifuge.




Share Insights in Real Time

Centrifuge allows analysts to publish these results to a repository of “live assets” and also send them through secure RSS feeds. The live assets can be updated by

other analysts. This form of collaboration facilitates communication and knowledge transfer.


TONY AGRESTA

Office: 571.830.1390Mobile: 443.253.6810Email: [email protected]

VP OF MARKETING

For additional information, visit centrifugesystems.com or contact:

Documents

Cyber Warfare Membership Profiles.Final