Visualizing Cyber Security Networks

What happens when you apply KeyLines to your cyber security data?

The challenges of visualizing cyber data

Cyber security data poses unique challenges. It is often automatically generated at millisecond levels of resolution and stored in different locations, making it unwieldy to manage.

We often speak to customers who need to detect unusual behavior inside terabytes of event and attribute data, including:

  • IP logs – detecting indications of infected machines or botnet zombies.
  • Network logs – uncovering applications or users that hog bandwidth so they can optimize systems and prioritize business critical applications.
  • Communications logs – for performing analysis to uncover sabotage, espionage or other unwanted activities.
  • Web server logs – managing and prevent external threats, such as DDoS attacks.

Working with enriched threat intelligence data

Another category of customer data we see is ‘enriched’ cyber security data – e.g. cyber threat intelligence data. This is where the information has been pre-processed and confirmed to include anomalous behavior.

The challenge is to reduce the scale and complexity to a more human level.

Network visualization techniques provide your analysts with an intuitive interface to explore this intelligence data, helping them to piece together a story, and communicate their findings with the rest of their team.

A KeyLines chart showing relationships between data breach attackers and their attack vectors.
A KeyLines chart showing relationships between data breach attackers and their attack vectors. Read more.

The limitations of your cyber security software

If you are part of a security-conscious enterprise, there is a good chance you already have a cyber security data analysis system in place. It is likely to be a ‘SIEM’ cyber security platform, a combination of ‘SIM’ and ‘SEM’:

  • SEM – Security Event Management: this monitors your network’s events in real-time.
  • SIM – Security Information Management: this provides longer-term storage and analysis of your collected data for querying and analysis.

If your SIEM solution is successful, it will help you understand threats and uncover vulnerabilities. Too often, however, SIEM systems fail to translate into real benefit due to a number of limitations:

  • Information overload: people are overwhelmed by poorly presented data.
  • Lack of human friendly features: Users struggle to interpret their data on anything but a superficial level.
  • Limited reach: SIEM systems place security completely in the IT department’s domain. Translating insight from these systems for wider consumption is difficult.
  • Difficult to manage: Most SIEM systems offer a complex web of specific rules. The result is brittle and complicated to manipulate.

White Paper: KeyLines for Cyber Security

Using real use cases from KeyLines customers, this whitepaper shows how network visualization can be used as part of a wider cyber security effort to increase efficiency and effectiveness.

Download the White Paper

The insight inside your cyber data

Network visualization helps simplify complex data into a human-friendly format that is more easily sharable – improving communication and working towards better organizational learning and security awareness.

KeyLines customers use the toolkit to build their own visualization applications for a whole range of use cases, including:

  • Navigating cyber security threat intelligence
  • Investigating incidents and managing responses
  • Detecting malware
  • Understanding dependencies and infrastructure vulnerabilities
  • Forensic analysis
  • General trend and pattern discovery
  • Training non-technical staff in cyber security issues

Why choose KeyLines?

Most cyber security dashboards offer a static snapshot of your cyber security system. That’s only a small part of the story. KeyLines lets you:

  • Put analysts in the driving seat – build a custom network visualization web application that allows your analysts to explore data at their own pace, and at their own scale.
  • Share your findings – the node-link model is a simple and intuitive approach that can be easily understood by non-technical colleagues and management.
  • Work on any machine – KeyLines works in any modern web browser on any device – including smartphones and tablets.
  • Use the best tools for the job – KeyLines includes a rich library of functionality available for you to deploy to your analysts, including network filtering, temporal analysis, geospatial visualization, social network analysis and node grouping.

Ready to give it a go? Request a free trial account of the KeyLines SDK.

Cyber Security on the KeyLines blog

Bringing time-series data to life with KeyLines

We integrate KeyLines with a time series database (TSDB) to see what the advanced time bar features can do.

Mapping a connected world: The value of geospatial graph visualization

With KeyLines, exploiting geospatial information has never been easier. This blog post describes three compelling use cases to help you get the most out of connected data on maps.

Become Education: a recommendation engine for 21st century careers

In this blog post, we’ll see how Become Education use graph visualization, powered by KeyLines, to equip children with the skills and knowledge to design their own lives.

Visit the blog

Subscribe to our newsletter

Get occasional data visualization updates, stories and best practice tips by email