Upload
infoseg
View
1.867
Download
1
Embed Size (px)
DESCRIPTION
Applications of Mind Mapping automation in the analysis of information security logs files. Example using Endpoint Protector log files.
Citation preview
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Mind Mapping automation in information security log analysis
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Manually reviewing log files has the following problems:
• Time consuming
• Monotonous
• Difficult to prioritize events
• Difficult to visualize important events
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Advantages of Mind Maps
• Visual display of information • Information grouped by device, date-time, type
of event and type of file • Flexible • Easy to add comments and callouts to the basic
Mind Map • Easy to share • Exportable to PDF, Word and HTML • Tree structure • Searchable
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Example of application of Mind Mapping automation
Endpoint Protector
Data Loss Prevention solution
“Make sure sensitive data does not leave your network whether copied on devices, clipboard or through applications, online services and even as screen captures.”
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Endpoint Protector
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Log generated by Endpoint Protector
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Example of a log file generated by Endpoint Protector
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Mind Maps generated
• Events by device
• Events by date-time
• Events by type of event
• Events by type of file
• Events by user
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
EVENTS BY DEVICE
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Log file processed with Mind Mapping automation
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Overview
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
USB – 1
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
USB – 2 (Events)
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
USB - 2
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Webcam
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Network Adapter
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
WiFi Adapter
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
CD-ROM
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
EVENTS BY DATE-TIME
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Level 1
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Overview
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Events in a day
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Events in a day
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Events in a day
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
EVENTS BY TYPE OF EVENT
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Overview
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Level 1
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
File read
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
File rename
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
File delete
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Enabled
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Disconnected
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
EVENTS BY TYPE OF FILE
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Overview
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Level 1
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
url file
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
AVI
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Application
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
EVENTS BY USER LOGGED
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Overview
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Level 1
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
User: Alice Johnson
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
User: John Smith
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
REVIEW PROCESS
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Review detail of a File delete
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Mind Map of the events to review by user logged
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Summary
• Mind Mapping automation is a very useful tool to analyze security logs
• It can be adapted to any type of log
• It reduces the analysis time
• It is very scalable
• It simplifies the analysis of log files
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
Contact Information
• José M. Guerrero
• Slideshare Presentations
(C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml