Availability of data related to information security breaches as well as risk assessment used to be scarce. The Verizon Data Breach Investigations Report (DBIR) became a trend-setter for making real and authentic data available to the information security community. More and more organizations are now following the lead and making data available to the public.
In addition to the results of data analysis, some organizations have created online applications allowing visitors to analyze the data in their own way and visualize it. This blog posting is to introduce three online data visualization systems and how to utilize them.
VERIS Community Database
Vocabulary for Event Recording and Incident Sharing (VERIS) is a Verizon framework for sharing and analyzing information about data breaches. This framework is the foundation for analyzing data in Verizon’s annual Data Breach Investigations Report. The VERIS Community Database (VCDB) is an online web application that allows you to view the data, set filters to analyze the data using Actors, Actions, Categories, Timelines and other parameters. The data set includes publically-reported incidents and gives you a very good idea about the latest data breaches.
The VCDB web application is available at URL
http://public.tableausoftware.com/views/vcdb/Overview. The following screenshot shows the main page of the web application. The VCDB application enables drill-down capability and data filtering. For example, if you are a financial organization and want to view data only in the financial industry, you can select your industry in the screenshot below excluding all other data breaches and providing you tailored data visualization.
World’s Biggest Data Breaches
A title well matched with the blog post represents some of the biggest data breaches and timelines on the following web site:
This web application also allows you to filter data based upon a number of parameters including types of organizations and methods of data leak. Data filtering and analysis features on this web site are useful if you want to build a business case for a security project based upon real data and breach methods.
Getting detailed information about a particular breach is as easy as clicking a bubble on the screenshot shown below. Bubble sizes represent a selected parameter for data breaches. You can select a parameter of your choice that represents a bubble size. This enables you to create your own data visualization.
Palo Alto Networks Application Usage and Threats
Palo Alto Networks launched an online web application to analyze data related to usage and threats related to applications. The web application is available at the following URL.
A screenshot of the data visualization generated by the web application is shown below. You can mouse over a particular bubble to get more information. The application is useful to know common security issues with application like which applications are most commonly used for malware and which applications have most common exploits. The web site also provides interesting statistics about bandwidth utilization, file sharing, remote access and so on.
Data visualization is a great technique not only to better understand large amounts of data but to analyze it in different ways. Data visualization helps in knowing where to focus attention when doing risk analysis and allocate resources to improve risk posture. Availability of online data sets accompanied with a data visualization application will help the information security community to better understand risk and take actions that have bigger return on security investments.