Visualizing Cyber Security Networks

What happens when you apply KeyLines to your cyber security data?

See how EclecticIQ use KeyLines to give their users a direct route to critical threat insight.

The challenges of visualizing cyber data

Cyber security data poses unique challenges. It is often automatically generated at millisecond levels of resolution and stored in different locations, making it unwieldy to manage.

We often speak to customers who need to detect unusual behavior inside terabytes of event and attribute data, including:

  • IP logs – detecting indications of infected machines or botnet zombies.
  • Network logs – uncovering applications or users that hog bandwidth so they can optimize systems and prioritize business critical applications.
  • Communications logs – for performing analysis to uncover sabotage, espionage or other unwanted activities.
  • Web server logs – managing and prevent external threats, such as DDoS attacks.

Working with enriched threat intelligence data

Another category of customer data we see is ‘enriched’ cyber security data – e.g. cyber threat intelligence data. This is where the information has been pre-processed and confirmed to include anomalous behavior.

The challenge is to reduce the scale and complexity to a more human level.

Network visualization techniques provide your analysts with an intuitive interface to explore this intelligence data, helping them to piece together a story, and communicate their findings with the rest of their team.

A KeyLines chart showing relationships between data breach attackers and their attack vectors.

A KeyLines chart showing relationships between data breach attackers and their attack vectors. Read more.

The limitations of your cyber security software

If you are part of a security-conscious enterprise, there is a good chance you already have a cyber security data analysis system in place. It is likely to be a ‘SIEM’ cyber security platform, a combination of ‘SIM’ and ‘SEM’:

  • SEM – Security Event Management: this monitors your network’s events in real-time.
  • SIM – Security Information Management: this provides longer-term storage and analysis of your collected data for querying and analysis.

If your SIEM solution is successful, it will help you understand threats and uncover vulnerabilities. Too often, however, SIEM systems fail to translate into real benefit due to a number of limitations:

  • Information overload: people are overwhelmed by poorly presented data.
  • Lack of human friendly features: Users struggle to interpret their data on anything but a superficial level.
  • Limited reach: SIEM systems place security completely in the IT department’s domain. Translating insight from these systems for wider consumption is difficult.
  • Difficult to manage: Most SIEM systems offer a complex web of specific rules. The result is brittle and complicated to manipulate.

White Paper: KeyLines for Cyber Security

Using real use cases from KeyLines customers, this whitepaper shows how network visualization can be used as part of a wider cyber security effort to increase efficiency and effectiveness.

Download the White Paper


The insight inside your cyber data

Network visualization helps simplify complex data into a human-friendly format that is more easily sharable – improving communication and working towards better organizational learning and security awareness.

KeyLines customers use the toolkit to build their own visualization applications for a whole range of use cases, including:

  • Navigating cyber security threat intelligence
  • Investigating incidents and managing responses
  • Detecting malware
  • Understanding dependencies and infrastructure vulnerabilities
  • Forensic analysis
  • General trend and pattern discovery
  • Training non-technical staff in cyber security issues

Why choose KeyLines?

Most cyber security dashboards offer a static snapshot of your cyber security system. That’s only a small part of the story. KeyLines lets you:

  • Put analysts in the driving seat – build a custom network visualization web application that allows your analysts to explore data at their own pace, and at their own scale.
  • Share your findings – the node-link model is a simple and intuitive approach that can be easily understood by non-technical colleagues and management.
  • Work on any machine – KeyLines works in any modern web browser on any device – including smartphones and tablets.
  • Use the best tools for the job – KeyLines includes a rich library of functionality available for you to deploy to your analysts, including network filtering, temporal analysis, geospatial visualization, social network analysis and node grouping.

Ready to give it a go? Request a free trial account of the KeyLines SDK.

Cyber Security on the KeyLines blog

Visualizing Cyber Security Graphs: Data Breaches

Visualizing the VERIS community database of data breaches: How graph visualization can help us extract insight from cyber security data.

Visualizing Cyber Security Data: Detecting Anomalies

There are lots of ways for a cyber security analyst to look at their data – as tables, bar charts,...

KeyLines 3.0: Supercharge your charts with WebGL

Introducing KeyLines 3.0: The new release of the network visualization toolkit incorporates huge performance enhancements to meet the scale and...

Visit the blog

Try KeyLines