I’m not sure exactly when, but the concept of situational awareness emerged out of the military community where giving a soldier or her command chain a complete sense of what’s going on right now and how we arrived here (e.g. the “situation”) could often mean the difference between a decisive victory and something bad happening. We've had a number of customers over the years, especially systems integrators (who are often working on projects they can’t tell us anything about) talk to us about so-called “war-rooms” in 3D environments which could be visited by multi-disciplinary teams of specialists to collaborate interactively with their various streams of content in hand - virtually of course. We showed off one of these war-room virtual spaces a while back in a public demonstration with Polycom where we fed in a live, interactive 3D virtual (Google) map of a hot zone rendered on the floor, streamed in a couple feeds of live video from the field, had a couple video conferences from room/telepresence systems and access to Microsoft SharePoint data repositories. Voice, IM and video were also supported by ProtoSphere leveraging enterprise unified-communications plumbing – Microsoft Lync in this case. In addition to military there are known use-cases for war-rooms in crisis management, law enforcement, disease and pandemic management.
But last week a customer asked me about using ProtoSphere for IT Network situational awareness. They asked me to visualize bringing a virtual object into ProtoSphere which is a 3D representation of intrusion log information from SNORT. By the way, SNORT is the open source network intrusion prevention and detection system created by SourceFire, who, interestingly, a couple weeks ago announced their intention to be purchased by Cisco Systems.
Situational Awareness is a big deal for modern IT security. Cyber-crime, cyber-espionage and cyber-terrorism are becoming the new battlefield for the 21st century. Having spent a chunk of my career in networking and IT security I know how complicated it is to pinpoint and correlate, in real-time, something unusual in a SNORT log or alert with other behaviors that may be going on in your network (e.g. the “situation”) in real time. Most of this time these feeds from various IT systems (SNORT, network admission control devices, MDM, firewalls, gateways, servers, switches, etc.) are textual streams from the various devices and it takes forever to correlate and spot a series of events that may represent a credible threat. Oftentimes this can only be done in arrears (e.g. forensics) after it’s too late and the bad guys have done their damage. And it’s even harder to quickly share one IT analyst’s view of the “situation” with those in the IT command chain or in the decision-making halls of the business responsible to make a risk-mitigation decision.
One thing that a 3D virtual environment is great at is giving a very visual emphasis to events – for example making it a bold color or animating it. We have the ability to allow an analyst choose (e.g. touch or click) an emphasized event to get “teleported” to another area, room or view representing a drill-down which has other 3D visual representations of resource state information that is occurring – right now. And IT analysts managing other enterprise systems may be standing by in that virtual room to assist with a more granular evaluation of the risk, as necessary- a lot faster than calling, emailing or IMing. ProtoSphere can allow specialist IT analysts to have access to different views (in various rooms) or provide a virtual dashboard zone where business executives take decisions on next steps.
I’m expecting this will be a breakthrough tool for cyber risk management in enterprise and service provider IT as the concept unfolds in ProtoSphere. To give some further credence that this isn’t just a virtual pipe dream, I found some academic research on the basic concept here: http://www.mit.edu/~kepner/pubs/HubbellKepner_2012_3DGame_Paper.pdf