Eighty percent of input to the brain is visual, and comes directly through the eyes. We humans are incredible machines with the ability to recognize patterns instantaneously. Machine technology is not capable of matching humans, and won’t be for many decades. Security data visualization translates complex data relationships into meaningful visual patterns that humans can quickly interpret. The book Security Data Visualization: Graphical techniques for network analysis by Greg Conti and published by No Starch Press answers the important and core question: can visualization help with security? The answer is a resounding “yes”.

The book’s cover

The book is well thought out. The author has chosen examples with great precision and thought: for example screen grabs of visual cryptanalysis (chapter eleven) easily save a couple of thousand extra words each.

The contents

The book is 272 pages. Though I should not admit this in public (where my boss can read this review) I personally learnt some tricks of the trade and found myself trying to use the ideas in my daily business life as a developer/problem solver/handyman.

Greg Conti’s has divided the book into twelve chapters and a conclusion. He builds up the underlying story via numerous basic concepts from binary file visualization, port scan visualization, vulnerability assessment, intrusion detection etc. From the list you can immediately see the potential practical value of visualization to such a deep layer of data complexity and richness.

You can immediately see from the list the potential practical value of visualization to such a deep layer of data complexity and richness

Chapter two was easily my favourite because of the elegant simplicity of the example. Self-made tools visualize Microsoft office files before and after password protection and then again after strong encryption. It becomes graphically obvious that password protection is very poor in defence.

The author wrote the tool rumint, an abbreviation for rumor intelligence, which he more than adequately described during the ebb and flow of the chapters.

Chapter 12, “Teaching yourself”, provides a decent set of books, paper and on line links to pull yourself up the difficult knowledge ladder.

The lure of visualization and dashboard building is huge, and thus the obvious attractiveness of the book’s many graphics. To act as a counter balance for developers who have the potential to grow addicted to the surface, I can but quote from Greg Conti himself:

I caution you not to fall into the trap of just creating pictures. Instead, seek to address problems only where it makes sense”.

Who’s this book for?

If you want to be a top-notch security expert, visualization of large data sets is an emerging skill to master. Further, if you are into Search Engine Optimization and into the analysis of trends through application logs (such as the access log for Apache), this book may generate some seriously lateral thinking and motivate original solutions.

If you want to be a top-notch security expert, visualization of large data sets is an emerging skill to master

Relevance to free software

The author discusses a number of pieces of software in this book, some free as in GPL or like-minded license, and some not. Greg Conti has a strong and positive bias toward free software, and only uses other software types when necessary. Free software worth mentioning includes Freeciv, wireshark, Rumint (written by the author), snort, treemap, etc.

Pros

Security Visualization is an emerging field that needs a good set of guides. This book is an excellent start.

Cons

Walk before you run; if you wish to master the security field and have not fully understood how the TCP/IP stack is constructed, you should read other books first.

In short