Computer networks are growing larger and more complex as commercial and government entities have increasingly come to depend on the cyber infrastructure. Against this backdrop of increased complexity and reliance on the network infrastructure, the number of cyber attacks against critical cyber-infrastructure have also increased. The stakes have increased as well. The 2007 Russian cyber attack against Estonia hinted at the future of cyber warfare: coordinated bots can attack and cripple the cyber-infrastructure of a nation.
To combat this threat and others like it, the Secure Decisions division of Applied Visions Inc. has developed technologies for cyber defenders to facilitate the discovery, analysis and understanding of cyber attacks. This collaborative visual analytics platform, VIAssist, enhances Situational Awareness, facilitates collaboration and enables the analysis and understanding of cyber events. VIAssist links multiple visualizations into a multi-display system that enhances SA through multiple levels of visual analysis, from a high-level dashboard overview to powerful visualizations to the low-level textual details of cyber-related data. This enables analysts to view network and event data from multiple perspectives and levels of details.
A Cognitive Task Analysis (CTA) of cyber defenders in commercial and military environments helped in forging the system’s design; for example, motivating the collaborative and reporting functionality that differentiate VIAssist from other visualization systems. Based on the results of the CTA, we know that cyber defenders need to be able to understand the big picture, to answer questions they didn’t know they had, to put events into their larger context, to collaborate and generate hypotheses with other cyber defenders and to clearly and accurately report their hypothesis and findings. VIAssist provides an intuitive, customizable dashboard to provide a big picture view. Multiple visualizations are linked together to facilitate exploration and discovery. Different kinds of visualizations are provided to enable the analysis of events in network, temporal, and geographic contexts.
Collaboration is supported in multiple ways: through shared lists of critical and potentially malicious IP addresses, annotations, workspaces, and expressions. Embedded communication and reporting tools enable analysts to easily create and reuse templates that allow less-technical users to understand findings through the visualizations.
VIAssist was demonstrated at the 2006 Coalition Warrior Interoperability Demonstration, where it was named one of the “Top Technology Trials” for that important annual international military exercise.
VIAssist was built with support from the Department of Defense, Air Force Research Lab (AFRL) FireStarter program “Cyber Operations Technical Transition”, Contract# FA8750-10-C-0201.
VIAssist was a Long Island Science and Technology Network (LISTNet) 2007 Long Island Software Award (LISA) Best Software Product winner. VIAssist was recognized at annual awards banquet for excellence among Long-Island based software technology offerings.