Canadian Information Processing Society (CIPS)
 
 

CIPS CONNECTIONS

INTERVIEWS by STEPHEN IBARAKI, FCIPS, I.S.P., MVP, DF/NPA, CNP

Raffael Marty, Leading Security Strategist and Author

This week, Stephen Ibaraki has an exclusive interview with Raffael Marty.

Raffael MartyAs chief security strategist and director of application product management, Raffy is customer advocate and guardian - expert on all things security and log analysis at Splunk. Starting with IBM Research and Price Waterhouse Coopers Consulting, then ArcSight and Splunk, Raffy has been in the log management and analysis world for many years. He has built numerous log analysis systems and implemented use-cases for hundreds of customers that deal with log management challenges on a daily basis. Currently he uses his skills in data visualization, log management, intrusion detection, and compliance to solve problems and create solutions for Splunk customers. Fully immersed in industry initiatives, standards efforts and activities, Raffy lives and breathes security and visualization.

His passion for visualization is evident in the many presentations he gives at conferences around the world and his book: "Applied Security Visualization". In addition, Raffy is the author of AfterGlow, founder of the security visualization portal http://secviz.org, and contributing author to a number of books on security and visualization.

To listen to the interview, click on this MP3 file link

The latest blog on the interview can be found in the IT Managers Connection (IMC) forum where you can provide your comments in an interactive dialogue.
http://blogs.technet.com/cdnitmanagers/

DISCUSSION:

Interview Time Index (MM:SS) and Topic

:00:36: What triggered your initial interest in technology?
"....When I was exposed to my first computer, an Apple II, I was fascinated by being able to teach this machine what to do...."

:01:29: How did you get to your current position and please share your essential career and technology tips from this journey?
"....I studied computer science(focus on cryptography) and got interested in applied security....I was always driven by curiosity....I always felt a sense of "ownership" for certain topics during my career and wanted to learn everything about it...I started with security, then... intrusion detection, correlation, anomaly detection, visualization....Most recently, I am moving more into the business side and am interested in the strategic and market analysis of business markets and products and the problems which businesses need to solve and how to resolve them...."

:07:00: Please share some lessons from your various roles. What do you hope to accomplish in your current role and can you overview your key initiatives?
"....In my various roles, I've always tried to see what is coming next and where is it going....You can't just wait and hope that it happens....Move in the direction (of new things) and don't be afraid of the goal being too far away....I am currently leading the application development efforts and helping to define the applications and the markets...."

:11:33: How would you define Security Visualization and what are its benefits?
"....A picture is worth a thousand log records....Visualization, in the security sense, is the process of generating a picture based on log records...."

:13:28: Can you talk more about data sources?
"....No data, no image...It is the basis for visualization....We are trying to work to standardize the log records....We are trying to bring industry together with customers to define these log records....The effort is called the Common Event Expression (CEE) hosted by MITRE...."

:15:40:  What are the best ways for representing data and why?
"....This really depends on the problem. In some cases the best way to represent the data is textual....Graphs are being abused a lot....The challenge happens when you have highly dimensional data...."

:17:02: Can you overview the steps from data to graphs?
"....Define the problem...Assess available data....Filter....Parsing/Normalization....Visual transformation....View transformation....Interpret and decide...."

:19:26: What are the important lessons behind visual security analysis?
"....The visualization mantra as Ben Shneiderman calls it: look at an overview first, then zoom in on the areas that are important, then look at details on demand...."

:20:45: Can you talk more about perimeter threats?
"....Perimeter threats are things that are trying to attack your organization from the outside...It's the traditional network security use cases....The problem for perimeter threat analysis is to consolidate a lot of these things and to try to visually represent the vulnerabilities and exposures that the network has right now...."

:22:21: Looking at this from a global standpoint, how does this influence compliance?
"....Compliance is shifting towards continuous monitoring...."

:24:25: Provide your best practices around insider threats?
".....There are products now that try to detect certain kinds of insider threats. But in the end there will never be a tool and there is no tool that flags insiders when they become active or commit a crime....What do you do to detect them?....My approach to this is to try to define certain pre-cursors...."

:29:02: What are your recommended Data Visualization Tools?
"....AfterGlow....Treemap....Excel...ChartDirector....DAVIX (Data Analysis Visualization Linux) http://davix.secviz.org...."

:30:55: Please share your picks for the top trends in IT?
"....Virtualization (operational and security impact)....Application security monitoring...."

:32:36: What you do see as the top trends in Business?
"....Consolidation....A need for more metrics and more data....GRC (Governance, Risk and Compliance) is now a part of the project itself and not an afterthought...."

:34:29: What do you see at the top tends in security education?
"....I don't know if I can see any trends but there are certain needs out there....IT environments are getting incredibly complicated. If you want to become a really good security analyst today and understand the different things that can happen to your environment, you need to be an expert in many areas...."

:35:51: What are the major disruptive forces that IT practitioners and managers need to highlight as their top priorities? Why do you spotlight these areas?
"....Integration...the Green Initiative....Web as a platform...."

:38:20: What are your top recommended resources and why?
"....Co-workers....Conferences..."

:38:28: Can you share stories centered around one or more of these themes: Amusing, Surprising, Inspirational, Disruptive, Historical?
"....The human species is capable of doing so much and you can do things that seem absolutely impossible if you put your mind to something and you really try...."

:41:30: The UN-founded International Federation for Information Processing or IFIP has their Professional Practice Partnership Program which received full ratification at the world general assembly in August 2007 with their first implementation meeting in Montreal hosted by CIPS in October. This marks an historical inflection point and speaks to IT as a recognized profession with global standards, profession-based code of ethics, and widely adopted professional certification-all happening in 2009. Can you comment on the benefits of this global initiative?
"....International standards will help bring everybody on the same level, which will make it more fair for people.....A common education and certification will help establish a common standard that facilitates interdisciplinary work...."

:46:43: What question would you ask and what would be your answer if you were doing this interview?
"....What prompted you to write the book, "Applied Security Visualization"?...."