How an Illumio Engineer is Shaping the Future of Security Visualization
Kuhu Gupta, a senior member of technical staff at Illumio, turned the project from her summer internship with Illumio into a peer-reviewed research paper featuring an innovative network visualization technique.
This October, Kuhu will present her research findings as part of the IEEE Symposium on Visualization for Cyber Security at VizSec 2022.
We sat down with Kuhu to learn more about her research, the future of network visualization, and how Illumio supported her years-long research project from intern to full-time employee.
How would you explain your research to someone unfamiliar with network visualization?
Network visualization as a phrase might sound profound, but it just means visualizing relationships between data elements and being able to take actionable insights.
I've developed a novel traffic visualization tool called Portola that lets customers view their traffic data in a new light. It visualizes the communications between workloads, associated labels and ports, and where ports would lead the show.
Portola uses the same data Illumio already gathers for its Illumination application dependency map but allows you to see the data from the perspective of the ports rather than the applications. It shows how ports are connected to workloads or the associated labels with the workload.
Portola helps solve some critical segmentation problems:
- It provides an overview of the network topology. And while viewing the entire network topology, users can drill down on elements of interest. This allows them to identify connections and further drill down on the network nodes, ports, and connections.
- The port-focused view allows users to identify core computing services running on these ports and their associated connections, which will allow them to make better segmentation policies.
- Users can also identify anomalies in the connections and visually explore many-to-many or one-to-many relationships within the network to see if something looks suspicious.
- It shows the most-to-least vulnerable ports by overlaying vulnerability data on traffic data. This can help identify the workload and the segment vulnerability which could be beneficial in understanding attackers’ potential pathways for moving laterally within a segment label.
What inspired you to begin this research?
I joined Illumio as a summer intern in 2019 with the data experience/UI team. My internship project was to create a new visualization technique for Illumio’s specific use cases.
Network security was new for me at the time, so I reached out to different team members on the data experience/UI team as well as the UX team to understand the data architecture of the traffic data use at Illumio. I also wanted to know how Illumio’s users use the existing data visualization tools and what tasks they’re trying to accomplish with them.
Learning this information helped me develop my internship project. And over the last 3 years, this project has turned into ongoing research resulting in this paper.
Illumio has encouraged me to develop this research further, from my internship to full-time employment.
Why does network visualization need to evolve?
Visualizing and organizing information has been around really since humans existed.
It took off during the 17th, 18th, and 19th centuries when scientists were just trying to understand one variable influence over another. Then we moved to an era of problems of disorganized complexity which was the first half of the 20th century.
Today, we live in an era of problems of organized complexity where we come across these complex systems with many highly interconnected, interdependent variables in our day-to-day lives. A good amount of academic research has been done in this area.
The bigger question is how do we find new ways to use these network visualization techniques and principles which have been around for so long in the security industry?
The data we use has highly interconnected, highly interdependent variables. Today’s customers need dynamic, real-time, actionable insights from data. To offer that, we need to provide a cohesive view of the traffic data. Having the complete picture allows customers to build and test security segmentation policies.
That is why network visualization is a critical field and still has room to evolve to meet today’s data needs.
What is the future of your research?
This research is a stepping stone for building a new generation of visualization techniques for segmentation. The process of building this tool has helped me build a framework to solve segmentation and traffic visibility problems moving forward.
I plan to continue my research and work on new features that could be useful for Illumio’s customers. I also want to develop new visualization techniques for other use cases that our customers might have. Now that I’ve built this framework, I can use it to build these new techniques.
How has Illumio and your team supported you through this research?
My biggest reason for returning to Illumio as a full-time employee after my internship was my experience working on this research.
At headquarters in Sunnyvale, the data experience team sits against a whiteboard wall where I have sketched my research over time. The entire wall is full of my sketches and stayed up even during the pandemic. If you’re in HQ, you can see it on the second floor!
As I would draw my ideas on the wall, people from all over the organization would pass by and ask what I was working on or if I had thought about it another way. Even if they weren’t familiar with data visualization, they offered their expertise. It was really helpful for me.
Illumio has created an environment where you can go up to anyone, ask any question, and get a kind, thoughtful answer in return. It’s exciting to me that I can continue the research I started in grad school and help move the security industry forward into the future.
To learn more about Kuhu’s work, you can register to attend VizSec 2022 conference online or in-person.