Using Data In-Sight
The Data In-Sight visualization enables the user to profoundly examine a sequence of events that are captured by the Guardium system. It provides a comprehensive picture of activity in a specific time window, and helps to detect unusual behaviors.
About this task
Data in-sight introduces a revolutionary paradigm that uses human visual capabilities to gain an overall view on data transactions and identify unexpected behaviors. Guardium already provides robust machine learning and data-analysis features to assist audits and detect attacks. Algorithms, data analysis, and charts are designed based on accumulated experience and knowledge. Data in-sight uses the flexibility of human vision perception to spot associations and movements in the raw data that does not fit a pattern of known attacks that would otherwise be unnoticed. The tool presents various aspects of the data in a complex visual scenario, and provides the observer with tools to directly explore large amounts of complex data.
Data in-sight converts audited data to a 3-D chronological visualization of data flow, from sources to destinations, showing data transactions unfold exactly as they occurred.
The visualization space contains two planes, each represents entities of the audit domain of a specific type. Every entry in the audit data is represented as a moving ‘flash line’ from an object of the upper plane (for example, client IPs) to an object of the lower plane (for example, databases). The flash line between the source and the destination leaves a trail (a dotted line) indicating the presence of interaction between the specific source and destination, which gradually fades into the background. The trails form an overview of the interaction between sources and destinations in the selected time period. The size of each source and destination is relative to their level of activity. The sources are located near their destinations, and near other similar sources. The display can be modified in various ways, giving additional information or aspects on the data. You can view data in-sight with vr headsets.
Data in-sight is an answer to this constantly changing paradigm. It adds the flexibility of human visual perception to spot associations and movements in the raw data, irrespective of known attack types, that would otherwise be unnoticed.
Data in-sight converts audited data to a 3-D chronological visualization of data sources and destinations, showing data transactions unfold exactly as they occurred. The visualization space contains two planes, each represents entities of the audit domain of a one type. Each entry in the audit data is represented as a moving ‘flash line’ from an object of the upper plane (client IP, OS user, DB user, or source program) to an object of the lower plane (database, object, or server). The flash line between the source and the destination leaves a trail (a dotted line) indicating the presence of interaction between the specific source and destination, which gradually fades into the background. The flash line has the same color as the destination database. The trails form an overview of the interaction between sources and destinations in the selected time period. The sources are located near their destinations, and near other similar sources. The size of the destination entity is proportional to the volume of transactions relative to the other destination entities. There a many ways of modifying the display, including: color-code the top entity (color changes as data source details change), filter from the data in-sight chart, and the investigation dashboard facets. You can also view data in-sight with vr headsets.