Welcome to Diana Initiative 2021 Virtual Conference schedule.
For more information, please see our virtual conference page here :
Back To Schedule
Saturday, July 17 • 11:30am - 12:00pm
On the Hunt for the Unknown Unknowns

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Cybersecurity is a difficult business problem. A business doesn’t gain any additional income by having good security (compared to developing new features), but if a security incident occurs it could cause a business to permanently close. Over the last few years, the industry has made great strides in promoting cyber security and increasing cyber resiliency by adding cyber into the initial budget and scheduling estimates, beginning to test earlier in the development process, employing bug bounty programs, and so on. However, one common solution to cyber is to collect as much data as possible. Based on an example in a Solar Winds whitepaper, a 1,000-employee company with a standard IT setup (computer for every employee, a few firewalls, one VPN server, a few domain servers, etc.), stores anywhere from 3GB to 113GB per day of log files . To make matters worse, many companies have a non-functional requirement to keep the logs files anywhere from one to seven years. Even on the low end, 3GB per day stored for one year is still 1.1 terabytes that get stored over the course of the year. This is an excellent idea in theory, however, 68% of data available to a company doesn't get used whether it's due to time and budget constraints, lack of education in big data and data analytics, or lack of tools. Thankfully, in the last few years more tools are getting released that help automate data ingestion and allow searching. However, searching implies that you know what you are looking for: whether it’s a certain packet, a certain IP, users working at an odd time of day, and so on. That is beneficial for finding common cybersecurity telltale signs of an exploit but how would a cyber analyst find attackers using cutting-edge strategies?

Data visualization provides the user the opportunity to look at millions of records in one place to see outliers and patterns. The goal of this presentation is to provide the audience with a better understanding of data visualization and how it can be used to increase cyber resiliency by finding correlations and outliers in mass amounts of data. This presentation will include different state-of-the-art methodologies, common tools used in industry, and a technical walk-through of data visualization applied to log data.

Keywords: Threat Hunting, Big Data, Data Analytics, Data Visualization, Log Analysis, Cybersecurity, Known Knowns vs Known Unknowns vs Unknown Unknowns

1 Hale, B. (n.d.). Estimating Log Generation for Security Information Event and Log

Management [PDF]. SolarWinds.

2 Seagate. (n.d.). Rethink Data: Put More of Your Business Data to Work— From Edge to Cloud

[PDF]. Seagate.

avatar for Addy   Moran

Addy Moran

Software Engineer, Pacific Northwest National Laboratory
Addy Moran is a Software Engineer at Pacific Northwest National Laboratory (PNNL) where she specializes in automation, data analytics and visualization, and cyber security. Addy has more than four years of experience in research and development, where she has focused primarily on... Read More →

Saturday July 17, 2021 11:30am - 12:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13