Raffael Marty

Raffael Marty

Security Visualization. Data Science. Big Data. Insights.

  • @raffaelmarty

San Francisco, California

Areas of Expertise:

  • big data
  • analytics
  • data science
  • security
  • visualization
  • visual analytics
  • consulting
  • speaking
  • programming
  • training
Raffael Marty is one of the world's most recognized authorities on security data analytics and visualization. Raffy is the founder and CEO of pixlcloud, a next generation visual analytics platform. With a track record at companies including IBM Research and ArcSight, he is thoroughly familiar with established practices and emerging trends in big data analytics. He has served as Chief Security Strategist with Splunk and was a co-founder of Loggly, a cloud-based log management solution. Author of Applied Security Visualization and frequent speaker at academic and industry events, Raffy is a leading thinker and advocate of visualization for unlocking data insights. For more than 14 years, Raffy has worked in the security and log management space to help Fortune 500 companies defend themselves against sophisticated adversaries and has trained organizations around the world in the art of data visualization for security. Zen meditation has become an important part of Raffy's life, sometimes leading to insights not in data but in life.

The Security Data Lake The Security Data Lake
by Raffael Marty
April 2015
Ebook: $0.00

Raffael blogs at:

February 22 2016

read more

Raffael Marty blogs at:
http://raffy.ch/blog/

Startup Marketing

2017-12-11 09:15:31

You are an enterprise software startup. You are in the security space. Your company is still early, trying to sign its first 10, maybe 40 customers. What should you be doing for marketing? What works? What doesn’t? What approaches yield the biggest return for your investment? These are some questions that I have been pondering […]

An Incomplete Security Big Data History

2017-12-06 13:15:28

Earlier today I was giving the keynote at ACSAC 2017. This year’s theme of the conference is big data for security. As part of my keynote, I talked about the history of big data in security. Following is the slide I put together: This is by no means a complete picture, but I tried to […]

Security Chat 4.0 in Zurich

2017-11-24 17:15:33

Last week I organized the 4th iteration of the Security Chat – an informal gathering of security people in Zurich. The format are 10-15 minute presentations that anyone can submit for. In good tradition, we had a great line up again: Steve Micallef – OSINT and The New Perimeter – his tool is available for […]

Unsupervised Machine Learning in Cyber Security

2017-10-22 13:15:27

After my latest blog post on “Machine Learning and AI – What’s the Scoop for Security Monitoring?“, there was a quick discussion on twitter and Shomiron made a good point that in my post I solely focused on supervised machine learning. In simple terms, as mentioned in the previous blog post, supervised machine learning is […]

Machine Learning and AI – What’s the Scoop for Security Monitoring?

2017-10-13 17:15:26

The other day I presented a Webinar on Big Data and SIEM for IANS research. One of the topics I briefly touched upon was machine learning and artificial intelligence, which resulted in a couple of questions after the Webinar was over. I wanted to pass along my answers here: Q: Hi, one of the biggest […]

Visualization – Big Data – Analytics – BlackHat US Workshop

2017-02-26 17:15:25

Visual Analytics Workshop at BlackHat Las Vegas 2017. Sign up today! Once again, at BlackHat Las Vegas, I will be teaching the Visual Analytics for Security Workshop. This is the 5th year in a row that I’ll be teaching this class at BlackHat US. Overall, it’s the 29th! time that I’ll be teaching this workshop. Every […]

Threat Intelligence – Useful? What’s The Future?

2016-08-13 15:15:24

Threat intelligence (TI) feeds, the way we know them today, are going to go away. In the future it’s all about fast and sometimes anonymous sharing of IOCs with trusted (and maybe untrusted) peers. TI feeds will probably stay around, but will be used for contextul information around our data. For the past couple of […]

What Would The Most Mature Security Monitoring Setup Look Like

2016-02-24 19:15:23

  Visual Analytics Workshop at BlackHat Las Vegas 2016. Sign up today!   Okay, this post is going to be a bit strange. It’s a quick brain dump from a technical perspective, what it would take to build the perfect security monitoring environment. We’d need data and contextual information to start with: Any data: infrastructure […]

2016-02-22 15:15:26

  Visual Analytics Workshop at BlackHat Las Vegas 2016. Sign up today!   A week ago I was presenting at the Kaspersky Security Analyst Summit. My presentation was titled: “Creating Your Own Threat Intel Through Hunting & Visualization“. Here are a couple of impressions from the talk:   Here I am showing some slides where […]

Creating Your Own Threat Intel Through Hunting & Visualization

2016-02-09 07:15:28

  Visual Analytics Workshop at BlackHat Las Vegas 2016. Sign up today!   Hunting has been a fairly central topic on this blog. I have written about different aspects of hunting here and here. I just gave a presentation at the Kaspersky Security Analytics Summit where I talked about the concept of internal threat intelligence […]

Dashboards – Let’s Talk About Graph Widgets

2016-02-02 13:15:30

  Visual Analytics Workshop at BlackHat Las Vegas 2016. Sign up today!   Recently I have been getting a number of questions about dashboards. I have written about them before (here and here). Given all the questions and a couple of recent consulting gigs where I built dashboards for different companies and purposes, I wanna […]

Internal Threat Intelligence – What Hunters Do

2015-10-16 17:15:14

  Hunting is about learning about, and understand your environment. It is used to build a ‘model’ of your network and applications that you then leverage to configure and tune your detection mechanisms. I have been preaching about the need to explore our security data for the past 9 or 10 years. I just went […]

Who Will Build the Common Backend for Security?

2015-10-12 19:15:17

  VCs pay attention: There is an opportunity here, but it is going to be risky 😉 If you want to fund this, let me know. In short: We need a company that builds and supports the data processing backend for all security products. And I don’t think this will be Cloudera. It’s too security […]

What You Should Know About MonetDB

2015-06-21 15:15:05

I have been using MonetDB for a month now and have to say, I really like it. MonetDB is a columnar data store and it’s freaking fast. However, when I started using it, I wasn’t on very good terms with my database. Here are the three things you have to know when you use MonetDB: […]

Hunting – The Visual Analytics Addition To Your SIEM To Find Real Attacks

2015-06-07 17:15:06

Hunting in your security data is the process of using exploratory methods to discover insights and hopefully finding attacks that have previously been concealed. Visualization greatly simplifies and makes the exploratory process more efficient. In my previous post, I talked about SIEM use-cases. I outlined how I go about defining detection use-cases. It’s not a […]