Information Security: Visualization as a Tool for CISOs

Visualization software may help CISOs identify information security threats and prevent attacks on their organizations.

Leading companies use visualization software to better understand the meaning locked inside volumes of customer data. Through heat maps, geospatial visualizations, and animation, these tools help companies answer questions like: What customers am I at risk of losing? Who are my highest value customers?

Now, some large organizations are looking to use visualization software to answer questions about information security, according to JR Reagan, a principal with Deloitte & Touche LLP and leader of its Highly Immersive Visual Environment (HIVE), a demo and development center for clients.

“When a company experiences a high-profile data breach, other organizations wonder if they’re next, if they’ve already gotten hit, and if so, what information has been compromised,” he says. “They may not be able to answer those questions with their existing tools.”

The problem with current solutions—such as log management software that collects data from firewalls, routers, servers, PCs, and other IT infrastructure components—is the spreadsheet-like format in which they present data: the rows and columns make it difficult for security analysts to identify patterns among the millions of log events that take place each day, according to Reagan.

“Traditional dashboards don’t typically provide the level of visualization required to solve today’s complex security problems,” says Reagan, who holds three security certifications.

Applying visualization technologies to information security may allow organizations to respond more quickly to threats.

“The goal is to move from reactive to proactive to preemptive and even to predictive,” he says. “If organizations can identify patterns of attack, they can potentially detect an imminent breach, and take measures to thwart it.”

By combining data from a range of systems, visualization software can display, for example, a map that shows where attacks originate, which individuals or servers have been targeted, and where data has leaked out of the organization.

Reagan says the U.S. military, public utilities, and power companies are currently using visualization technology to identify security threats, and that large technology companies are seeking help to visualize their massive amounts of cyber data.

He adds that emerging security tools are more visual than previous generations of security software. Some provide alerts pertaining to particular servers, geographies, or functions. Others can show when someone logs into a server to unlock an office thousands of miles away, indicating that an individual in a foreign country may be trying to devise a plan to break into a company.

These new systems aren’t yet in widespread use because many companies have made significant investments in existing systems that they’re reluctant to replace, according to Reagan. He notes that open source visualization tools are inexpensive and can be applied to information security, but their development requires design and data visualization skills that many information security functions lack. Nevertheless, Reagan believes the field of information security should become more visual.

“We can no longer rely on a bunch of security analysts sifting through logs to identify potential breaches,” he says. “The problem is too widespread and complex, and we can’t keep adding bodies to solve it. We have to start addressing information security in a fundamentally different way.”

http://deloitte.wsj.com/cio/2013/01/24/information-security-visualization-as-a-tool-for-cisos/