Computer networks are growing larger and more complex as commercial and government entities have increasingly come to depend on the cyber infrastructure. Against this backdrop of increased complexity and reliance on the network infrastructure, the number of cyber attacks against critical cyber-infrastructure have also increased. The stakes have increased as well. The 2007 Russian cyber attack against Estonia hinted at the future of cyber warfare: coordinated bots can attack and cripple the cyber-infrastructure of a nation.
To combat this threat and others like it, the Secure Decisions division of Applied Visions Inc. has developed technologies for cyber defenders to facilitate the discovery, analysis and understanding of cyber attacks. This collaborative visual analytics platform, VIAssist™, enhances Situational Awareness, facilitates collaboration and enables the analysis and understanding of cyber events. VIAssist™ links multiple visualizations into a multi-display system that enhances SA through multiple levels of visual analysis, from a high-level dashboard overview to powerful visualizations to the low-level textual details of cyber-related data. This enables analysts to view network and event data from multiple perspectives and levels of details.
A Cognitive Task Analysis (CTA) of cyber defenders in commercial and military environments helped in forging the system’s design; for example, motivating the collaborative and reporting functionality that differentiate VIAssist™ from other visualization systems. Based on the results of the CTA, we know that cyber defenders need to be able to understand the big picture, to answer questions they didn’t know they had, to put events into their larger context, to collaborate and generate hypotheses with other cyber defenders and to clearly and accurately report their hypothesis and findings. VIAssist™ provides an intuitive, customizable dashboard to provide a big picture view. Multiple visualizations are linked together to facilitate exploration and discovery. Different kinds of visualizations are provided to enable the analysis of events in network, temporal, and geographic contexts.
Collaboration is supported in multiple ways: through shared lists of critical and potentially malicious IP addresses, annotations, workspaces, and expressions. Embedded communication and reporting tools enable analysts to easily create and reuse templates that allow less-technical users to understand findings through the visualizations.
- VIAssist™ was demonstrated at the 2006 Coalition Warrior Interoperability Demonstration, where it was named one of the “Top Technology Trials” for that important annual international military exercise.
- VIAssist™ was a Long Island Science and Technology Network (LISTNet) 2007 Long Island Software Award (LISA) Best Software Product winner. VIAssist™ was recognized at annual awards banquet for excellence among Long-Island based software technology offerings.
VIAssist was built with support from the Department of Defense, Air Force Research Lab (AFRL) FireStarter program “Cyber Operations Technical Transition”, Contract# FA8750-10-C-0201.
Frequently Asked Questions
- ›What is VIAssist™?
VIAssist™ is a visual analysis platform to help network security analysts protect their networks. It provides visual tools for the evaluation of network flow and security data. VIAssist™ presents multiple, coordinated views to provide different visual perspectives of the data. These views transform network data into a collection of interactive visualizations that make it easier to analyze data, to see patterns and trends, and to identify risks and actionable information.
- › What discriminates VIAssist™ from other visualization tools?
By visualizing security information, VIAssist™ makes it easier for users to visually correlate large volumes of network security data and see the threats hidden in the haystack of data. VIAssist™ simplifies the analysis of security data for network professionals, and makes the information more accessible for those less skilled. Tools for coordinating visual views of the same data, managing large data volumes, collaboration and reporting of results streamlines the analysis process and leads to better, more informed decisions. The result is improved efficiency and accuracy in managing network security risks, reducing overall costs.
- › What collaboration and reporting tools are available in VIAssist™?
VIAssist™ provides support for analytical workflow. Collaboration and reporting tools make it easier to share, compare and report information. Data Annotations and eDiary tools help record analysts discoveries, track the progression of evaluations and enable sharing of findings. The VIAssist™ Report Generator creates quick and accurate reports using an advanced template-driven report building technology and drag-n-drop functions to easily and seamlessly incorporate important visualizations into security incident assessment reports. This technology significantly reduces human error in reporting, streamlines report generation and abbreviates the time to complete them.
- › What types of data sources and tools does VIAssist™ currently support?
VIAssist™ currently supports the analysis of a wide range of data sources and tools:
- Netflow data
- Netezza TwinFin
- Narus Insight
- Intrusion detection data
- Proprietary database formats
Secure Decisions will interface VIAssist™ functionality to other data sources to meet the needs of our users and the information security community. For a most up to date list of supported tools or custom development for specific applications, contact us at (631) 754-4920.
- › Who are the targeted users of VIAssist™?
VIAssist™ is a government-sponsored software application developed in close collaboration with government and commercial security professionals who use analytical tools and intrusion detection systems. Users include:
- Network Administrators
- Incident Response Teams
- Correlation & Threat Analysts
- Forensic Investigators
- Vulnerability Assessors
- CISOs and Commanders
- › Do you have any current customers who are using the product?
Yes, we have government users who are using VIAssist™. References can be provided on a per request basis.
- › What edition of VIAssist™ is currently available?
The current version of VIAssist™ is Version 2.6, released late in 2011. Both the 32-bit version and the 64-bit version of the VIAssist™ Visual Analytic Toolkit are provided.
- ›How can I request a trial copy of VIAssist™?
Requests for a trial copy of VIAssist™ can be made by contacting us at (631) 754-4920 or by sending a message through our contact page. Please provide your full name, organization, organization email address, and phone number. Typically we will provide evaluators with a CD or a private download area. The evaluation version of VIAssist™ is a fully functional, limited-time duration application, accompanied by a demonstration database of sample network security data.
- › What are the minimum hardware requirements for installation of VIAssist™
No special hardware is needed to run VIAssist™ other than a typical PC (desktop or laptop). We currently recommend the following minimum system requirements to run VIAssist™:
- 2.5 GHZ CPU or better
- 4 GB RAM or better
- Ethernet adaptor
- 1 GB disk space
- ›What are the minimum software requirements for installation of VIAssist™?
VIAssist™ supports the following Windows Operating Systems:
- Windows XP Pro (With appropriate Service Packs applied)
- Windows Vista (With appropriate Service Packs applied)
- Windows 7 (With appropriate Service Packs applied)
The following are documents related to VIAssist™:
PostgreSQL ODBC Driver Installation Guide for VIAssist™
Download PostgreSQL ODBC Driver Installation Guide
User Guide for Version 2.6
Download User Guide
Admininstration Tool User Guide for Version 2.6
Download Admin Tool User Guide
Installation Guide for Version 2.6
Download Installation Guide
Metadata Builder User Guide for Version 2.6
Download Metadata Builder User Guide
Sample Database Guide for Version 2.6.3
Download Sample Database Guide
Windows Server 2008 Additional Instructions
Download Windows Server 2008 Instructions
Download VIAssist™ Datasheet