Visualizing Security Events and Information

Jonathan Trull, Chief Information Security Officer

Over Thanksgiving, I had the opportunity to play Call of Duty Black Ops 3 on my 10-year-old nephew’s Xbox. For those not familiar with the game, it’s a multiplayer game where teams remotely compete against one another in simulated battle. First, I’ll be completely honest with you – I stunk. The action was intense, and I simply couldn’t keep up. My opponents were faster than me, had better weapons, and were able to navigate the playing field much more effectively. As I lay dying from another attack, it dawned on me; this is how it often feels when you’re trying to defend your networks from cyber criminals – outpaced and outgunned.

I made another interesting observation. The onscreen layout for the game was truly amazing. Each player could see the surrounding terrain and in the top left corner of the screen was a radar-type map that showed your position relative to the other players and appropriately labeled them as friend or foe. Also, the controller allowed each player to quickly and seamlessly change weapons and access numerous other features to respond to the changing environment of the game.

Now, compare this to the typical tools and screens used by your cyber security professionals to defend their networks. First, there is never one tool or screen that allows you to understand what’s happening and to react appropriately. Typically, security staff are required to login to multiple systems to gain access to all of the information they require to respond appropriately. This often takes precious time, and it’s amazing how often security staff find themselves locked out of systems because they’ve either forgotten their password or haven’t used the account for an extended period of time. Next, the data contained in these disparate systems is typically formatted differently, which makes analysis and response difficult. Also, most of the security alert and incident data is displayed in text format as opposed to graphically. This creates issues, as humans tend to have a hard time contextualizing data presented merely as text. Finally, responding to a security alert is typically a very manual process that requires multiple steps and oftentimes involves writing custom signatures and configuration files.

At Regis University, information assurance is handled as a multidisciplinary field. One of the greatest advantages to this approach is that the faculty and students can pull from multiple fields of study to solve complex problems. In fact, we are seeing some of the best solutions to today’s security problems coming out of the fields of data science, graphic arts, web development, computer gaming, and human performance engineering. Join us at Regis and help build our country’s next generation of information security systems and tools.

Want to know more about the online MS in information assurance at Regis? Call 877-820-0581 or request more information.