Effective visualizations for information security data are challenging. Given the streaming nature of network data and the mix of numeric and categorical types (e.g. DNS records) visualizations that are meaningful and informative are often hard to find. Even highly successful application interfaces like Kibana and Splunk will often provide a simple set of volume-over-time histograms, pie/donut charts and line plots. Although these visualizations provide some information they are limited in application and fidelity.
In this presentation we’ll explore several novel visualization approaches for information security data. Our non-traditional approaches will explore dynamic updates, mixed categorical/numeric representations, animations and other experimental facets. We intend to present our findings ‘warts’ and all. The presentation will include approaches that worked reasonably well and those that flopped (which is often just as informative).