Our platform relies on a key feature: data mining through visualisation. We felt it was important to explain in more detail our idea of cyber exploration through visualisation and how we implemented it in Malizen to accelerate cyber teams in their daily work.
The famous dashboards
Well known to everyone, dashboards are data visualisation grids. Each visualisation is a specific view of the data. This data comes from a query and the data visualisation must then be configured and laid out by an individual. Today, dashboards are an integral part of the management of many companies, from the moment they have to analyze data, regardless of its type. Thus, in cybersecurity, these famous dashboards have become indispensable management tools! This is especially true when teams use SIEMs, for which these dashboards have become essential elements. Dashboards provide a broader view of the data. This is no doubt about it. But even when a dashboard is ready to be used, it provides only a limited view depending on what has been set up before. Dashboards are good for some things but they’re also badly used for many others.
Ideally, an analyst configures and sets up his various dashboards and can easily and skilfully analyse his data for clear and timely reporting. Typically, an analyst maintains a series of dashboards and will juggle between them to find the right information by checking different viewpoints. We believe that dashboards should be used mainly for two things : reporting and monitoring. They allow us to "freeze" a configuration of data for which we want to monitor and report on.
An underlying duality
Despite good monitoring and reporting, dashboards don't contain all the necessary information for all situations. It is important to keep in mind that dashboards only show one point of view. This means that if you are looking for something, a certain data, you have to juggle between several different tables. A bit like Five Nights at Freddy's. Indeed, depending on the different configurations, some data isn't shown on the tables at all. Also, dashboards are not that useful when you don't know exactly what you're looking for or when the situation is new to you. Indeed, most of the time the configuration and set up of dashboards is very personal so getting to grips with an already set up dashboard can be tricky.
Hunting with data visualisation rather than dashboards
At Malizen, we have a good knowledge of visual investigation as Christopher, our CEO, has a PhD in cybersecurity data visualization. In fact, this is the starting point of the whole Malizen adventure. How to investigate cybersecurity data differently and faster? Our answer: Dataviz.
But data visualization and a dashboard are the same? Not so much! We could spend hours on the topic, but to recap, data visualization is the process of presenting information in a visual form to make it quick and easy to understand. A dashboard is only a partial snapshot of a large set of information.
With Malizen, there is no need for dashboards!
But before you can explore and visualize your data, you need to collect it. Our platforme allows you to connect and combine your data sources from SIEMs, CTIS, Case Managements, SOARs… and virtually any data source with a data API. Our knowledge Graph reliably correlates across your many types of tools and data sources. Our on-the-fly enrichment avoids harmonisation issues from different data sources but also over time. You can now explore contextualised data.
Malizen replaces complex command line queries with intuitive data visualization and a drag&drop interface that allows you to easily find incident scenarios. This makes it easier for analysts to do their jobs without having to waste time configuring and setting up various dashboards. Malizen automatically generates visuals that express your data in the most efficient way. Because we know that choosing the right data visualisation takes time, Malizen automatically proposes the best visualisation for for each type of data. The objective is to investigate following your intuition.
And because we don't do dashboarding but dataviz, our tool allows you to switch data sources on the fly and launch a new analysis very quickly. This avoids the context switching that drives you crazy during a cyber investigation!
So our advice: keep your dashboards for monitoring and use Malizen to hunt threats ;)