In my experience, and in the experience of many others as well, unfocused attempts at visualization over raw, unreduced data produce visualizations that are not particularly useful for security operations. Visualization does have tremendous potential to bring value to security operations when leveraged properly. Performing data reduction by posing specific, targeted, incisive queries into the data provides a good starting point for producing visualizations of high value to security operations. Get the picture?
The same is true for eDiscovery data. I’ve seen many a user go straight to a visualization of email connections, for example, over their entire dataset, and then dismiss the use of visualizations because there’s nothing useful in it. Which, of course, there isn’t. You need to define what kinds of connections you’re looking for (Over a date range, to/from one particular custodian of interest, etc.) before you start looking at the pictures that are going to show them to you.