Once the SIEM/LM data is centralised into the data lake, using a graph data visualisation solution like Linkurious to explore and investigate the data provides analysts with a real added value for their everyday operations. They are operational in real time, can visualise the data instantly and can carry out precise post-attack forensics analysis in much simpler ways than ever before. The detection of suspicious activity patterns can be largely automated using pattern recognition algorithms. That way, analysts can focus on investigating suspicious activity visually.
Visualisation is empowering for analysts as it resolves to a great extent the problem of having large amounts of data to interpret. Visualisation considerably reduces the scale and complexity of the analysis. It also allows companies to carry out most of their forensics analysis internally. With Linkurious’ advanced collaboration and security features, analysts are able to work together, share visualisations between them, and administer user access rights to the data. Finally, the advanced customisation possibilities that Linkurious offers allows its integration into internal security systems.
Next, we will demonstrate Linkurious’ possibilities using a real-life SIEM/LM dataset to see the advantages of graph visualisation technology to monitor networks in real-time and perform advanced forensics analysis.