Tuesday, October 22, 2013

Digital Attack Map - DDoS Attack

Thought of sharing this interesting Google's project, Digital Attack Map. This is a live data visualisation of active DDoS attacks around the globe. This is one of the initiatives from Google Idea and Arbor Networks.

I will let you explore the website to understand more about it. By looks of it (not sure data could be exported - which could then be useful for enterprises to concert with internal data source), it appears to be quite useful from the following perspective -

  1. It will provide "close to real-time" information about active DDoS attacks across different geographies.
  2. Historic data/events can be leveraged on to predict or produce actionable intelligence.

Here is the website - Digital Attack Map

Friday, October 4, 2013

Threat Intelligence - Cyber Attackers Threat Feed


I have been thinking to improve the ThreatIntel heat map for quite some time, and finally it's Friday night - and made that happen.

The following image provides "close to" real-time threat feeds (refreshes in every ~5 mins) on Cyber attackers - based on IP addresses and Geo Locations. The time zone is GMT.

Here is the old one (if you'd like to see) - which I do plan to change in near future.

Wednesday, October 2, 2013

Cyber Threat Intelligence Framework - Sharing threat intelligence across industries


I'd like to share my thoughts/idea on an approach/framework which would enable organisations to obtain threat intelligence information across different industries.

As described on my previous post, there is a mechanism/approach which an organisation could leverage to obtain threat intelligence from different data sources.

The idea is to share certain feed/s (from an organisation - risk based decision again) to a "centralised/external" repository aka "Collaborative Threat Intelligence Platform (CTIP)" which would not only just receive "similar" data feeds from other organisations, but also provide Intel/information back to them.

Following is the framework which an organisation may choose to collaborate with other industries - to achieve a collaborative threat intelligence framework.