Turning Threat Visualization into an art form

Cybersecurity Threat Visualization Artwork

As a cybersecurity professional and a hobbyist painter, I recently revisited one of my past works ‘Cyberattack’ and started to think about IoT security and the power of visuals a bit differently. Some key questions I’ve been tackling: 1) knowing that even vivid contrasting colors can blend to form shadows, how might we identify cyberattacks sooner considering they impact distinct areas of a complex system yet are leveraged collectively in an attack? 2) can AI-ML (Artificial Intelligence and Machine Learning) be applied in a more creative way to identify/prevent cyber-attacks sooner?

Cyberattacks are abstract, we are not “seeing” them right

In my daily work I speak with some of the brightest industry leaders committed to protecting their companies, institutions, and/or customers in this challenging digital age. They often seek future-proof security (for data, applications, and infrastructure), even though they don’t have a holistic view of their ecosystem and threat landscape. Thinking about threat visualization, I wonder (and though its painfully cliché), if ‘a picture is worth a thousand words’ how many lines of code, session calls, apps, network authorizations, and database locks might one be worth?

If we consider the sophistication of modern attacks, I believe new methods for visualizing them should play a central role in the defense strategies of the future. It’s no longer enough to use bundled graphical elements or layered schematics in the monitoring system to map an eco-system today. Cyberattacks are abstract and need to be rendered accordingly.

A complex, fluid threat landscape is like an abstract painting

What if in the future, visualizations could be more fluid, or blended like a painting, to show complex interactions between components which may not be obvious? A blurred swirl could link to repeated (malicious) attempt to recover a key, a questionable access request could appear as an isolated shape, while the primary data still unscathed remains a cool/safe blue in the background – at least temporarily.
Gone too far?

Considering how rapidly AI-ML is advancing, I believe that in addition to viewing threats in real time, we will be able to map all possible outcome scenarios of a potential attack – pending its execution path through a complex eco-system. But how to best visualize this? What if we (digitally) paint the entry-point of an attack as a concrete object, and then use an abstract visual to represent the potential impact on the rest of the system components? With a better way to “see” the threat and match it closer to the real world today, we can take preemptive measures to restrict attack momentum and de-risk a negative outcome from any suspicious activity. Due to the sheer amount of data, volume of scenarios and potential outcomes, AI-ML (and some serious computational power) would be required – but ultimately for a better defense.

You can’t fight what you can’t see

If we map out systems and interactions in a more abstract way, while linking to the hard data/scenarios in the background, perhaps we can identify attacks faster and design solutions differently. Furthermore, we’d learn about the nuances of attacks, timing, flows, and how to preemptively strike.

It may seem like a fantasy but rapid developments in AI-ML are creating new possibilities – for both hackers and security professionals. I, for one, am hopeful the future is bright – and full of color!