[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: hitb cinema :: lock picking village :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Conference Materials: http://conference.hitb.org/hitbsecconf2007kl/materials/

Official Photos: http://photos.hitb.org

Raffael Marty (Manager, Strategic Application Solutions, ArcSight Inc.)

Filed under: Main Page — Administrator @ 2:56 pm

Presentation Title: Insider Threat Visualization
Presentation Details:

Insider Threat has become an increasingly discussed topic in the past months. Information leaks, sabotage, and fraud have been reported all over big organizations. One way to address the insider problem is to analyze log files and find suspicious behavior before it results in direct or indirect financial loss for a company.

Signs of suspicious behavior or users lend themselves very well to visualization techniques. Visualization of data has proven to be the approach generating the best return on investment when it comes to complex data analysis problems. This talk takes a step-by step approach to analyzing signs of insider threat. I will use open source tools to process the information and generate visual representations. Among them is a tool called AfterGlow (afterglow.sourceforge.net) which was written by the submitter. It is a very simple tool to visualize preprocessed information. The analysis I will go through will show how early warning signs of insider activity manifest in log files, making it possible to prevent further damage and assess the impact of the activities. Information leaks and sabotage activity can be visualized in the same ways using mainly line graphs and treemaps.

The goal of the talk is to leave the audience with the knowledge and tools to do visual log analysis on their own data. The main tool used for the talk is AfterGlow, which in his current version supports a diverse set of operations to ease the analysis of log data.

About Raffael

Raffael Marty, GCIA, CISSP manages the solutions team at ArcSight, the global leader in Enterprise Security Management. Raffy’s information security expertise includes log management, intrusion detection, insider threat, regulatory compliance and security data visualization. He is involved in security industry initiatives and standards efforts, such as the open vulnerability and assessment language (OVAL). Raffy has written a number of automation and visualization tools such as Thor (http://thor.cryptojail.net) and AfterGlow (http://afterglow.sourceforge.net) and is the founder of the security visualization portal http://secviz.org. Raffy has served as a contributing author to several security books including the Snort book and also presents on the topic of visualization at various occasions around the world. Before joining ArcSight, Raffy used to work as an IT security consultant for PriceWaterhouse Coopers and previously was a member of the Global Security Analysis Lab at IBM Research, where he participated in various intrusion detection related research projects.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Microsoft Corporation

Gold Sponsors


Official Airline Partner

Internet Bandwidth Sponsor

Global Transit

CTF Sponsor

Scan Associates

CTF Prize Sponsor

Scan Associates

Sponsor for Zone-H/HITB Hacking Challenge


HITB Cinema Sponsor

Avenuz Sdn. Bhd.

Official Creation Station

The Womb.com

Our Speakers are Supported By

F-Secure Corporation

Arbor Networks


Bellua Asia Pacific


Mozilla Corporation

Mu Security

Supporting Media:

Virus Bulletin

Virus Bulletin (VB)

InfoSec News

(ISN) InfoSec News

InfoSec News

XAKEP (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations

Chaos Computer Club

ISECOM - Insititue for Security and Open Methodologies


IT Underground

X-Focus China

Zone-H Defacement Mirror

Xatrix Security

Special Interest Group in Security & Information InteGrity Singapore