The Ultimate Guide to Cyber Threat Maps Usage
A cyber threat map, also known as a cyber attack map, is a real-time map of the computer security attacks that are going on at any given time. One of the most famous was released by the company Norse and went so viral, even among non-hackers, that it got its own story in Newsweek in 2015.
The map itself looks like a global game of laser tag. Beams of light, represented by different colors, shoot across a darkened screen showing where an attack comes from and where it is going. When it first caught the public eye, captivated audiences watched hackers wage cyber-war across hundreds and thousands of miles.
How Does A Cyber Threat Map Work?
If cyber attacks are sneaky mice – or, more appropriately, giant rats – then cyber attack maps work like the mousetrap.
Norse, for example, maintained a global threat intelligence network of more than 8 million sensors and “honeypots” in 47 countries across the world. These tools impersonated thousands of applications and devices that are common targets of hackers.
When a hacker hits a Norse sensor, the hacker believed that it had breached a system. Instead, Norse collected information about the hacker’s toolkit, including his or her IP address. This information then manifested as data on the cyber attack map.
This model has continued past the demise of Norse to power live maps like Cyberthreat, ThreatCloud, and Fortinet. Some companies claim that these are real-time cyber attacks, but most are more like selections of recent attacks.
What Are They Good For?
First of all, anyone can look at a cyber threat map and understand something about current attacks. For laypeople, it might just be an understanding of how prevalent these attacks are.
For pros, a cyber threat map can provide data that can lead to the discovery of a potential new attack. Even though these maps don’t really show cyber attacks in real-time, they give you information, and a cybersecurity pro can never have too much of that.
The Best of the Best in Cyber Threat Maps
Not all cyber threat maps are created equal. Some are great eye candy for pen test companies, but others do offer good functionality. A few even let you manipulate the map to focus on its most useful information.
This one isn’t quite as customizable as Cyberthreat, but it’s informative enough to warrant runner-up honors. The main map color codes its attacks by severity to make it easier to focus on the most critical situations, coded in red. The details of these attacks scroll quickly along the bottom of the map, where the viewer can identify the threat type and location.
Fortiguard clients have a bit more freedom in terms of map design. By placing a tool known as the ThreatGate, users can monitor the threats approaching a particular location.
Kaspersky’s cyber threat map may be the best in the business in terms of interactivity and visual appeal. It’s also mobile optimized so you can show it to clients or colleagues from anywhere. And if you want particular data, the site offers you the option to find it.
Narrowing It Down
Kaspersky’s Cyberthreat also offers useful statistics about current cyber attacks. Through its website, you can learn about:
- Vulnerabilities identified
- Most widespread threats
- Botnet activity trends
- Prevalence of infected mail and spam
You can find this data for a specific country or look at it on a worldwide level.
Taking first prize for visuals and interactive displays is the Kaspersky “Cyberthreat Real-Time Map” – complete with global rotation and zoom.
The attacks shown on the Kaspersky map are taken from on-demand and on-access scans, as well as web and email detections. But it isn’t clear just how real-time, the real-time presentation is.
The Best of the Rest
Each of these maps presents its data in a slightly different format and with a slightly different emphasis. Take a look, try them out, and find out which one will work best for you.