DarkMatters Threat Thursday: Announcing the New Norse Attack Map


The Norse blog is meant to be a destination for those interested in learning about advanced threats and cyberattacks, threat intelligence, and the trends shaping and moving the industry towards more intelligence-based approaches to security and fraud prevention. Over the past few months, our Threat Thursday series has covered a variety of threat oriented topics in posts such as; being hacked in 276 seconds, securing the Internet of Things, the SANS-Norse healthcare IT report, and others.

As we begin to expand the Norse blog, we've decided to take the Threat Thursday series in a little bit of a different direction. In the coming weeks we'll be transitioning to a new format that will provide readers with a recap of the week's news regarding threat intelligence, attacks and data breaches, and other notable events. We will also begin to provide insight, commentary, and visualizations of threat data and trends the Norse Intelligence Platform. Additionally, we will continue to develop and post content to the Norse blog outside of the Threat Thursday series.

Introducing the new and improved Norse Live Attack Map

Today, we'd also like to announce the availability of a completely new and updated version of the Norse Live Attack Map. When we posted our first map back in late 2012, we did not really think much about it to be honest. Norse CTO Tommy Stiansen created it on a whim one weekend using mostly open source code, and attack maps are not necessarily a new concept. Like a lot of things, it was created out of a need for a quick and easy way for people to visualize the global and live nature of Norse's threat intelligence platform. While the activity on the map is just a small subset (less than 1%) of the total attack traffic flowing into the Norse platform at any point in time, map visualizations can be a powerful way to communicate time-based geographic data sets.

Over the past year, the reaction by all types of people to the map has been great and we've received a lot of requests for enhancements and new features. Like all early stage companies, we've had to focus our development efforts and resources. That meant that improvements to the map were often put on the back burner. Having a new and improved map in the Norse booth at RSA 2014 provided a great incentive and target date for the team however, and we showed a preview version at the show. Aside from the completely new visual design, here is a summary of the new features.

Live Attacks Data Window

The Attacks data window now provides more information about the attack such as the organization listed for the attacking IP and the service being targeted by the attack. The window can also now be collapsed to hide the data stream.

Live Attacks Data Window Image

Filter Attacks based on Country of Origin

Attacks can now be filtered based on the country of origin. Simply hover the mouse over the country to be viewed and the map will dynamically update to just show attacks from that country.

Filter Attacks based on Country of Origin Image

Filter Attacks based on the Country of the Target

Similar to the country of origin, you can now filter attacks based on the country of the target IP

Filter Attacks based on the Country of the Target Image

Filter Attacks based on the targeted Port/Service

You can also filter the attacks based on the Port/Service being attacked. This can be interesting to see how the types of attacks differ from country to country.

Filter Attacks based on the targeted Port/Service Image

Play/Pause Button

The map now has a Play / Pause button in the upper right-hand corner of the window that can be used to pause the map. As the data stream is live, it does not stop but rather queues the data. Pausing the map for a couple of minutes and then hitting play results in a rather entertaining flurry of activity reminiscent of the early 1980s video game Missile Command.

Play/Pause Button Image

We hope you enjoy the new map. We'll continue to add new features and enhancements and let you know about them through the blog. We would also like to acknowledge and thank ArtZub for inspiration and the luminous particle, d3, and the GoSquared Flag Icon Set.