Has dummy-proof network forensics arrived? A recent YouTube video from network security software vendor NetWitness, which shows off one of the coolest UIs ever, makes that prospect seem likely.
The video is a promotional trailer for a new Visualize module for NetWitness' Informer product -- a kind of security information and event management product that works on top of NetWitness' network traffic capture platform. View it on YouTube and fast-forward to around the 3:50 mark to check out the bit on Visualize.
[ Also on InfoWorld: "Black Hat and Defcon to focus on critical infrastructure." | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
As the name suggests, the cool thing about Visualize is its ability to render network traffic graphically. Instead of merely logging that Paul was viewing his holiday photo album on Flickr or sending out a PDF over his Gmail account, or regurgitating the session data in a text file, an analyst using Visualize would see the session as the person who conducted it did -- viewing the actual photos and documents.
Visualize lets analysts do this across a swath of thousands of network sessions -- that is, individual sessions rendered not as abstract strings of binary or hexadecimal data, but as discrete blocks of "stuff," including images, application data, documents, VoIP sessions, and other rich media that can be manipulated, drilled into, and otherwise poked at.
Clicking on one of these blocks allows analysts to pivot to other related sessions and data (say, display all the images associated with this user or IP address). It all brings to mind that amazing scene from the movie "Minority Report" where Tom Cruise, playing Chief John Anderton, conducts a fast moving "pre-murder" investigation using a wall-size, touch-sensitive GUI that lets him manipulate images and video data and feeds from many sources with the aid of nothing more than a wacky, three-fingered glove.
That film, which came out in 2002, anticipated many of the advances in graphical interface and touch-sensitive displays that have appeared in the years that followed -- not least of which are the iPod Touch, iPhone, and iPad. But it has even more powerful devotees in circles like defense and computer security, where adaptive, persistent adversaries like those behind the "Aurora" attacks on Google and other prominent Western firms put the focus on correlating discrete bits of data that can identify the who (hacker, terrorist, state actor) and not just the what (virus, bot, Trojan).