Daedalus is a cyber-attack alert system developed by the Japanese National Institute of Information and Communications Technology (NICT). It provides awe-inspiring visualizations of cyber information. Security professionals will be quick to remind us that any visualization is only as good as the data that feeds it, but this visualization is so cool you have to check it out. My sense is it can really help analysts working real time issues, assuming well instrumented networks are being monitored.
Check out the video below or at this link:
Here is more from: http://www.diginfo.tv/v/12-0116-r-en.php
Daedalus renders attacks on networks visible in real time. The sphere in the center represents the Internet, and the circles moving around it represent networks under observation. The state of an attack is shown using 3D graphics, and can be viewed from any perspective.
“We previously created a system called nicterfor observing cyber-attacks. We also built an observation network in Japan, called the Darknet Observation Network, to cover IP addresses not used in nicter. Now, we’re observing 190,000 IP addresses in Japan. Daedalus is an alert system using that observation network.”
Today’s cyber-attacks breach boundary defenses from inside and outside organizations, including the spread of malware via USB memory sticks and mail attachments, as well as zero-day exploits. So, using Daedalus together with conventional boundary systems is expected to improve network security within organizations.
“The blue part in this organization shows IP addresses that are used, and the black part shows addresses that are not used. This character indicates an alert. When you click on the alert, a message showing the cause appears. In this case, only two packets have been sent. But because the packets go from an address that’s used to an address that’s not used, this indicates that a virus is starting to spread within the organization.”
“If this kind of situation is input to our observation network, we can observe it, and find out things like that. The system automatically sends an alert, saying, ‘This IP address of yours is spreading a virus using this protocol at this time’.”
The technology for this system will be transferred to clwit, which will include it in a commercial alert service called SiteVisor. NICT also provides the system free of charge to educational institutions where nicter sensors can be installed.
Related Reading:
Important Observations on Pentagon IT from Arthur Herman and John Scott