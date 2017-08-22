8 top cyber-attack maps and how to use them

Most of the cyber-attack maps online today are just eye candy, but there are some creative ways they can be used.



Cyber-attack maps can be fun to look at, but are they useful? As usual, when it comes to security context is key, so CSO looked at eight of the web's most popular cyber-attack maps. While the maps themselves are mostly eye candy with limited context, there are some creative ways they can be used.

Entrenched security professionals view cyber-attack maps with a somewhat jaded eye. They call them "pew pew" maps, mimicking a child-like sound to represent gunfire when playing with toys. In fact, one map actually uses these sounds to an amusing effect.

Some of the professionals CSO spoke with said they'll pop one of the maps up on a screen in the SOC (Security Operations Center) if they know a client is coming in, but only because of the eye candy factor. In fact, most of the professionals said they've used them, but other than "performance art," there isn't any real value in them.

"If I found one that'd add value, we'd use it," one security executive said on Twitter.

The common misconception with cyber-attack maps is that the data is live, or real-time. It isn't. Most are just a subset of recorded attacks or a playback of sanitized packet captures.

But don't discount how useful the eye candy factor can be: one security professional said he uses them to get high schoolers interested in the security industry. The concept is smart, as the visuals and datatypes on display can create discussion points on attack types, methods and threat actors.

Some SOC operators do the same thing for clients, using the maps to visualize attack types and try to answer customer questions. Again, the value of these cyber-attack maps isn't the data they're showing, it's how they can be used as a conversation starter. This is something the vendors that produce the maps know well, as the maps themselves are sales tools.

Norse

Probably the most well-known cyber-attack map is the one produced by Norse, a security firm that's had its share of problems over the last few years. Discussing the data shown on their map, Norse says the attacks are "based on a small subset of live flows against the Norse honeypot infrastructure…"

Interestingly enough, organizations can add their logo to the map when it is displayed at the office.



Kaspersky

Taking first prize for visuals and interactive displays is the Kaspersky "Cyberthreat Real-Time Map" – complete with global rotation and zoom.

The attacks shown on the Kaspersky map are taken from on-demand and on-access scans, as well as web and email detections. But it isn't clear just how real-time, the real-time presentation is.

