Analyzing & Visualizing Networks: The Powerful Combination of Poseidon & CRviz

Analyzing & Visualizing Networks: The Powerful Combination of Poseidon & CRviz


Cybersecurity is hard. Network defenders are bombarded with information and the environments they work in can be incredibly complex. Modern computer networks house tens of thousands of devices and these networks are constantly changing. Complicating matters is the fact that technology advances at a dizzying pace but cybersecurity challenges continue to linger. It feels like we read about new data breaches every day. All of these factors lead to a surprising reality: many IT teams don’t know what actually is on their networks. and it’s difficult to protect what you don’t know about. The Cyber Reboot team set out to tackle this challenge to help network defenders answer the question: what is on my network? To do this we had to answer two questions. One: how can we collect and analyze information about a network in real time, and two: how can we display that information visually so that humans can explore the data and organize devices in a way that makes sense. To address these problems we released two open source projects that work together. A network analysis tool called Poseidon and a browser-based visualization tool called CRviz. Let’s start with Poseidon. Poseidon automatically discovers and collects traffic data from devices on the network and sends that data to machine learning models. Those models then make predictions about what those devices are. Is that a laptop, a printer, a file server, or perhaps a phone. Poseidon then outputs these predictions so they can be used in a visualization tool like CRviz. CRviz is a web application that uses an interface technique called circle packing to represent the items found in a dataset. CRviz lets you organize these items based on attributes in the data so you can answer questions such as how many devices are on my network and what are they doing? How many different operating systems do I have on my network? And which subnets are they on? Or say you heard that a certain hardware vendor had a recent firmware Trojan and you wanted to know how many Acme Ethernet addresses were in your environment. CRviz and Poseidon were designed to work together but can be run independently. We want to empower defenders to make their jobs easier and we encourage you to download these projects and try them for yourself. we’re IQT Labs doing research for the common good.

Leave a Reply

Your email address will not be published. Required fields are marked *