Computer security systems often monitor computing devices and/or environments for potential security threats. For example, a traditional computer security system may collect information about suspicious activity from various computing devices within a computing environment. In this example, the traditional computer security system may analyze the information collected from the computing devices within the computing environment and then determine whether to classify any of the suspicious activity as malicious based at least in part on the collected information.
However, in addition to facilitating such analyses by the traditional computer security system, the collected information may serve various other purposes. In one example, the collected information may enable a human security analyst to gain certain insight into the suspicious activity. For example, the traditional computer security system may detect a download of an unfamiliar file to a computing device within the computing environment. In this example, rather than attempting to classify the unfamiliar file entirely on its own, the traditional computer security system may turn to the human security analyst for the final decision as to whether the unfamiliar file should be classified as malicious, clean, or unknown.
Unfortunately, while the human security analyst may have certain unprogrammable intuition and/or skill for making such security decisions, the traditional computer security system may fail to present the collected information to the human security analyst in an efficient, meaningful way. Additionally or alternatively, the traditional computer security system may be unable to winnow out the contextually relevant information from any contextually irrelevant information. As a result, the human security analyst may need to wade through a large amount of collected information (including, e.g., both relevant and irrelevant information) to gain enough insight to classify and/or address the unknown file's threat risk.
As another example, the collected information may enable a business executive to gain certain insight regarding high-level business decisions. For example, a security analyst may present a computer security demonstration involving the collected information to the board of directors of a company. In this example, the board of directors may ultimately rely on some of the collected information presented during the computer security demonstration to make certain high-level business decisions about the direction and/or fate of the company. Unfortunately, the traditional computer security system may be unable to output the collected information in a way that would be readily understandable and/or meaningful to the mostly non-technical board of directors. As a result, the security analyst may present a somewhat confusing demonstration of the collected information to the board of directors or, even worse, mislead the board of directors altogether as to the significance of the collected information.
The instant disclosure, therefore, identifies and addresses a need for additional and improved systems and methods for generating contextually meaningful animated visualizations of computer security events.