Increasingly, security management organizations are coming to rely on a unique type of geography to recognize where threats and vulnerabilities are active, and where security exploits are occurring. The geography in question maps fairly closely to the physical map of the world. Because Internet links that connect sites and users to service providers are involved, along with prevailing local Internet topologies between the edges of that global network and local elements of its core, this geography tends to be more compressed and to be subject to strange or interesting hops between locations. Of course, this reflects the peering partners at various points of presence for SONET and other high-speed infrastructures, and doesn’t always reflect the same kind of geographical proximity you might see on a country or continental map.
Nevertheless, keeping track of where threats and vulnerabilities are occurring is incredibly useful. By following lines of “Internet topography” spikes in detection (which indicate upward trends in proliferation, or frequency of attack) are useful in prioritizing threats based on location. For one thing, networks that are geographically nearby in the Internet topography are more likely to get exposed to such threats, so it makes sense to use this kind of proximity to escalate risk assessments of exposure. For another thing, traffic patterns for attacks and threats tend to follow other typical traffic patterns, so increasing theat or vulnerability profiles can also help to drive all kinds of predictive analytics as well.
It’s always interesting to look at real-time threat maps or network “weather reports” from various sources to see where issues may be cropping up and how fast they’re spreading. Akamai’s Real-Time Web Monitor provides an excellent and visually interesting portrayal of this kind of monitoring and analysis at work. In the following screen capture for example, we see a handful of US States where attacks have been detected in the last 24 hours.
In general, threat, vulnerability and attack mapping work well because such data makes for intelligible and compelling visual displays. Human viewers are familiar with maps, and quickly learn how to develop an intuitive sense for threat priority or urgency based on proximity and the nature of the threats involved. That’s why so many security service providers use maps to help inform security administrators about safety and security in their neighborhoods, and around the planet.
About the Author: Ed Tittel is a full-time freelance writer and researcher who covers information security, markup languages, and Windows operating systems. A regular contributor to numerous TechTarget websites, Tom’s IT Pro, and PearsonITCertification.com, and UpperTraining.com, Ed also blogs on Windows Enterprise Desktop and IT Career topics. His latest book is Unified Threat Management For Dummies. Learn more about or contact Ed at his website.