Computer networks are growing larger and more complex as commercial and government entities have increasingly come to depend on the cyber infrastructure. Against this backdrop of increased complexity and reliance on the network infrastructure, the number of cyber attacks against critical cyber-infrastructure have also increased. The stakes have increased as well. The 2007 Russian cyber attack against Estonia hinted at the future of cyber warfare: coordinated bots can attack and cripple the cyber-infrastructure of a nation.
To combat this threat and others like it, the Secure Decisions division of Applied Visions Inc. has developed technologies for cyber defenders to facilitate the discovery, analysis and understanding of cyber attacks. This collaborative visual analytics platform, VIAssist, enhances Situational Awareness, facilitates collaboration and enables the analysis and understanding of cyber events. VIAssist links multiple visualizations into a multi-display system that enhances SA through multiple levels of visual analysis, from a high-level dashboard overview to powerful visualizations to the low-level textual details of cyber-related data. This enables analysts to view network and event data from multiple perspectives and levels of details.
A Cognitive Task Analysis (CTA) of cyber defenders in commercial and military environments helped in forging the system’s design; for example, motivating the collaborative and reporting functionality that differentiate VIAssist from other visualization systems. Based on the results of the CTA, we know that cyber defenders need to be able to understand the big picture, to answer questions they didn’t know they had, to put events into their larger context, to collaborate and generate hypotheses with other cyber defenders and to clearly and accurately report their hypothesis and findings. VIAssist provides an intuitive, customizable dashboard to provide a big picture view. Multiple visualizations are linked together to facilitate exploration and discovery. Different kinds of visualizations are provided to enable the analysis of events in network, temporal, and geographic contexts.
Collaboration is supported in multiple ways: through shared lists of critical and potentially malicious IP addresses, annotations, workspaces, and expressions. Embedded communication and reporting tools enable analysts to easily create and reuse templates that allow less-technical users to understand findings through the visualizations.
VIAssist was demonstrated at the 2006 Coalition Warrior Interoperability Demonstration, where it was named one of the “Top Technology Trials” for that important annual international military exercise.
VIAssist was built with support from the Department of Defense, Air Force Research Lab (AFRL) FireStarter program “Cyber Operations Technical Transition”, Contract# FA8750-10-C-0201.
VIAssist was a Long Island Science and Technology Network (LISTNet) 2007 Long Island Software Award (LISA) Best Software Product winner. VIAssist was recognized at annual awards banquet for excellence among Long-Island based software technology offerings.
VIAssist is a visual analysis platform to help network security analysts protect their networks. It provides visual tools for the evaluation of network flow and security data. VIAssist presents multiple, coordinated views to provide different visual perspectives of the data. These views transform network data into a collection of interactive visualizations that make it easier to analyze data, to see patterns and trends, and to identify risks and actionable information.
By visualizing security information, VIAssist makes it easier for users to visually correlate large volumes of network security data and see the threats hidden in the haystack of data. VIAssist simplifies the analysis of security data for network professionals, and makes the information more accessible for those less skilled. Tools for coordinating visual views of the same data, managing large data volumes, collaboration and reporting of results streamlines the analysis process and leads to better, more informed decisions. The result is improved efficiency and accuracy in managing network security risks, reducing overall costs.
VIAssist provides support for analytical workflow. Collaboration and reporting tools make it easier to share, compare and report information. Data Annotations and eDiary tools help record analysts discoveries, track the progression of evaluations and enable sharing of findings. The VIAssist Report Generator creates quick and accurate reports using an advanced template-driven report building technology and drag-n-drop functions to easily and seamlessly incorporate important visualizations into security incident assessment reports. This technology significantly reduces human error in reporting, streamlines report generation and abbreviates the time to complete them.
VIAssist currently supports the analysis of a wide range of data sources and tools:
Intrusion detection data
Proprietary database formats
Secure Decisions will interface VIAssist functionality to other data sources to meet the needs of our users and the information security community. For a most up to date list of supported tools or custom development for specific applications, contact us at (631) 754-4920.
VIAssist is a government-sponsored software application developed in close collaboration with government and commercial security professionals who use analytical tools and intrusion detection systems. Users include:
Requests for a trial copy of VIAssist can be made by contacting us at (631) 754-4920 or by sending a message through our contact page. Please provide your full name, organization, organization email address, and phone number. Typically we will provide evaluators with a CD or a private download area. The evaluation version of VIAssist is a fully functional, limited-time duration application, accompanied by a demonstration database of sample network security data.