Huntsville – Although current intrusion detection systems (IDS) do a good job of collecting large quantities of security event data, they are inadequate when it comes to presenting this data in a useful way. Data representing thousands of events are presented in a line-by-line textual format. For any individual event, the presentation is clear, but reaching an understanding of the context and interrelationships among these events is a daunting task, requiring greater time and effort than is available in a rapidly developing security situation.
To address this problem, Sentar is developing a new kind of visualization system. this system will provide a unified view, presenting relevant information clearly, providing access to details on demand, while eliminating useless noise. Sentar’s approach utilizes a three-dimensional dynamic environment to represent information visually through familiar, recognizable objects. The security situation will be contextualized, allowing for high flexibility and rich intuitive interaction. This will enable security analysts to be more effective, to visually correlate network events in ways that go beyond rule- and query-based correlations, and to seamlessly integrate macro- and micro-level knowledge in an efficient and effective manner. We call this technology Visual Net Defender (VND). More to come.