Efficient visualization of change events in enterprise networks

Abstract

Change is a crucial property from a security perspective. The detection of change underpins many of the operational security activities that organizations typically carry out. For example, the essence of security monitoring is to detect changes, then analyze those changes in the context of the applicable security policy. Security tools are available to perform change detection at a host level. Such tools typically employ a local software agent, and identify changes that occur in the filesystem of the host. We describe a tool that performs a similar role in a network environment. The tool employs a variety of visualization techniques to efficiently communicate changes that occur in enterprise networks