Managing networks through context: Graph visualization and exploration

With the increasing prevalence of multi-user environments in distributed systems, it has become an increasingly challenging task to precisely identify who is doing what on an enterprise network. Current management systems that rely on inference for user identity and application are not capable of accurately reporting and managing a large-scale network due to the coarseness of the collected data or scaling of the collection mechanism. We propose a system that focuses data collection in the form of local context, i.e. the precise user and application associated with a network connection. Through the use of dynamic correlation and novel graph modeling, we developed a visualization tool called ENAVis (the work appeared in earlier form in [1] and received USENIX best paper award). (Enterprise Network Activities Visualization). ENAVis aids a real-world administrator in allowing them to more efficiently manage and gain insight about the connectivity between hosts, users, applications and data access offering significant streamlining of the management process.