Visualisation of two weeks of IPS data

Critical and high significant IPS events detected on a public facing Palto Alto device, visualised using Microsoft Excel Power Map for a period in November and December 2013.

The data is taken from daily detection summaries so although it covers a nearly two-week period has 24 hour time resolutions.

The attacks are differentiated between Spyware and Vulnerability.

Note the fairly constant levels of vulnerability attacks from China, Turkey & Indonesia.

The practical application of such a visualisation in detecting or preventing attacks is limited, however, it provides an effective mechanism to explain the level of attack (directed and random) against the organisation on a pretty much constant basis.

 

 

Visualisation of 24 hours of IPS data

Critical and high significant IPS events detected on a public facing Palto Alto device, visualised using Microsoft Excel Power Map for a 24 hour period on the 10th and 11th December 2013.

The source data is per event detected over that 24 hour period.

The attacks are differentiated between Spyware and Vulnerability.

The video shows two types of visualisation, first a “phased decay” where the attack is plotted and then fades away if not detected. This shows the attacks coming and going across the globe with the exception of China which is fairly constant source of attack.

The second segment shows a continuous growth in the sizes of the attack bubbles over the period. This illustrates the overall relative number of attacks from the various sources.

Note the main sources of vulnerability attacks being China, Turkey, Argentina & Indonesia.

The practical application of such a visualisation in detecting or preventing attacks is limited, however, it provides an effective mechanism to explain the level of attack (directed and random) against the organisation on a pretty much constant basis.

 

Tags: Excel, IDS, IPS, Palo Alto, Power Map, Security, visualisation, visualization

Categories: Research, Security

---