Optimizing cybersecurity through visual analytics
Six hours without Facebook, Instagram and Co.: For the US-based Meta Inc. this meant losses in the billions. But how do such problems occur and how can they be identified as quickly as possible? ATHENE researchers at Fraunofer IGD have been working on this complex of issues for several years with the goal of making network data more understandable. This will enable more people to assess what is happening in their own network. Current and future possibilities for visual analysis should simplify the work of security experts.
"The mass of warnings displayed to ensure greater cybersecurity is almost unmanageable in corporate networks," says Prof. Dr. Jörn Kohlhammer, ATHENE researcher at Fraunhofer IGD. The problem here, he says, is that a large proportion of the messages consist of warnings that come about as a result of harmless peculiarities in the network traffic. "This can lead to the messages that actually require action being lost in these false positives. Uncertainty about which alerts to address first is a pressing problem here."
Another example of confusing masses of data is the Border Gateway Protocol (BGP). This is the routing protocol that connects autonomous systems and enables the Internet's cross-border data traffic. The importance of this was demonstrated by the outage of Facebook services in early October. Due to maintenance on Facebook's side, the DNS servers' connections to the data center were interrupted. The latter then withheld BGP announcements, as there appeared to be a disrupted network connection. The servers were unreachable for a longer period of time. This could have been prevented with a better overview of the BGP announcements.
The lack of transparency makes it difficult, especially for smaller companies, to maintain an overview of their cybersecurity. In Fraunhofer IGD's view, the solution is the targeted visualization of security-relevant data and information, because: The simpler network data is made understandable, the more people can assess what is happening in their own network.
As part of ATHENE, Fraunhofer IGD is working on solutions for the visualization of cybersecurity data. Manufacturers of cybersecurity software can benefit from this expertise: Software solutions that already have good functionalities can increase effectiveness and user satisfaction through improved visualization. The goal is to create user interfaces that support the use of very large amounts of data and are specifically geared to the tasks of network administrators and security experts.
Further information.show all news