2 of 2 people found the following review helpful
Excellent emphasis on embedding security visualization,
This review is from: Applied Security Visualization (Paperback)
Last year I rated Greg Conti's Security Data Visualization as a five star book. I said that five star books 1) change the way I look at a problem, or properly introduce me to thinking about a problem for which I have little or no frame of reference; 2) have few or no technical errors; 3) make the material actionable; 4) include current research and reference outside sources; and 5) are enjoyable reads. Raffy Marty's Applied Security Visualization (ASV) scores well using these measures, and I recommend reading it.
Previous reviews offered lengthy analysis of the book, so I'll only add a few comments. I liked the author's careful organization of the book and the emphasis on embedding visualization in the reader's security work (p xiv). I appreciated many of his insights, such as the comment that tool developers usually don't know security visualization and security visualizers usually don't develop tools (p 7). I welcomed the realization that helpful security visualizations don't spring forth from the mind of the analyst beautiful and fully-formed, but may require iterations to communicate the desired information.
As far as presenting the material, I could tell how color really helped Greg Conti's book. I imagine it would have been exceptionally costly to print Raffy's 500+ page book in color, but the result is that some of the images are less engaging than they might have been. The color insert at the center of the book was a creative approach to this problem.
The only technical nit I could pick involved advice in ch 6 to send Snort output directly to a MySQL database. Using an intermediary like Barnyard is the preferred method in any installation beyond rudimentary testing.
I think ASV is a great book on security visualization, but it will also help general security practitioners. The author must gather useful data in order to visualize it, so that process should assist even those not seeing to render information graphically. To achieve a complete "visualization experience," I would bundle ASV with Andrew Jaquith's Security Metrics and a book on statistics. Inclusion of the DAVIX live CD was a great touch, since it allows users to immediately work with data and not worry about software installation. If you've already read Greg Conti's book, you'll still enjoy ASV; read Mr. Conti first then Mr. Marty.