• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
    • Get the 2022 Cloud Scurity Comparison Guide
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
      • Cyber Threat Categories and Definitions
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Research

Data in Movement: The Frenetic Dance of a State Machine

By Thibault Reuille
Posted on October 16, 2013
Updated on July 24, 2020

Share

FacebookTweetLinkedIn

Over the past few decades, the tech world has been investing quite a bit of time and effort into the creation of robust distributed cloud systems, and the increasing need for resources and performance leads us to a decentralized agglomeration of data acting transparently like a whole. This new face of the internet as we know it  involves many actors: some focus on storage, some may focus on routing, some are in charge of keeping the information up-to-date and finally, the users of such a system are the key agents that constantly create fresh content. We are building organized structures that are beginning to function more and more like primitive digital brains designed to perform specific tasks.

Visualization concept

These shared knowledge databases have brought a new challenge: how do we monitor the current state of such a dynamic system?

Indeed, it is not an easy task. Modern systems include billions of elements and in most cases users can add, delete, and modify items at any time. And because the data is decentralized, it can be pretty tricky to make sure we’re looking at an up-to-date version of the system. Last but not least, in many situations, we are interested in not only visualizing the current system, but also the evolution of that system over time. Depending on how the databases are built and how the various modifications are stored, this task can become extremely complex in terms of memory usage, processing time and data consistency.

Furthermore, what about the visualization perspective? How do we choose a layout that works for our needs? That is, how do we design a visualization technique that will be able to represent a structure constantly evolving over time?

Of course, we can’t answer those questions all at once; in this article we will focus on one part of the problem. We propose an idea that will help us form a visual representation of a general data flow inside a graph model. The basic idea is very simple indeed: each graph edge has an “Activity” attribute defined as a float value.

Then we setup a particle system to make small textures fly from the first edge node to the second one. Finally we use the “Activity” value to set the speed of each edge particle.

The result is an interactive representation of the activity of the whole system we want to monitor, giving us an easy way to spot the features of the global data flow.

Depending on the system we are trying to monitor, this can be applied to many different problematics:

  • Network traffic
  • Chat communication inside a social network
  • Users page transitions in a web site (Markov chain analysis)
  • Average path in a tree / graph (Decision tree monitoring)
  • And many others…

 Demo: A network activity simulation

Today we present a real-time simulation in WebGL showing a global edge activity in a graph model. For demonstration purposes, the data set and activity are randomized to illustrate the proof of concept.

 Controls

  • Hit play/pause to control the animation
  • Navigate with the mouse and arrows (FPS view)
  • Double-click on a node to zoom in and switch to a spherical view.
  • Click on an empty area to go back to standard FPS view.
  • Switch through the different layout modes in the menu.
  • Drag and drop nodes with the mouse to play with the physics engine.

 A bigger dataset in action

Of course, this article wouldn’t be complete without a concrete application on our Security Graph.

Here is what the same process looks like on a related domain graph extracted from a given domain.
To put it in a nutshell, when two domains are requested within a small time frame (1 second), we add a “related domain” link between them. This helps us understand which actors and services are at play when we access a given domain.

For example, here are the “www.youtube.com” related domains (click to enlarge):
Screen Shot 2013-10-09 at 5.16.06 PM

You may also notice that we count each related domain appearance. We can then calculate a normalized probability which we use to set the edge activity. In other words, it is like visualizing the markov chain of the related domains.

(These are gif animations. Click on them to open a new tab.)

This is what it looks like on a graph containing 1,455 nodes and 2,187 edges.

Edge-activity-level3

And the same result on a bigger graph: 11,779 nodes, 16,470 edges.

Edge-activity-level4

 Conclusion

In conclusion, monitoring a dynamic system leads to many new challenges, and not only in terms of graph activity. It opens the door to several new approaches and brings a lot of fresh questions. We’ll take a closer look at questions like these in the weeks to come:

  • How do we extract the global state of the graph activity?
  • What patterns can we find to help us improve the graph state?
  • And last but not least, how do we monitor and apply automatic retro-action on the system?

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella