Plixer is pleased to announce a new weapon in the war against Internet threats: the all new Internet Threat Center (ITC). Based on hundreds of observation points deployed across the Internet, the ITC provides a near-realtime view of malicious actors across the globe. Plixer customers gain access to the ITC via regular updates to Internet host reputation data downloaded from the ITC to their Scrutinizer installations. NetFlow data collected from routers and switches within their network is compared to ITC data to alert when ITC suspects are active within the customer’s network environment.
This blog provides an overview of the Internet Threat Center and a brief tour of its features…
Internet Threat Center Walk-through
The Internet Threat Center dashboard can be accessed by clicking the link at the top of Plixer.com:
Internet Threat Center data is updated routinely throughout the day and includes details for thousands of threats located across the globe. The main ITC graphic at the top of the ITC is your primary workspace. The darker the color the higher the current Threat Index value for the given country:
Clicking on a country will give a pop-up drill down into each threat. You can then zoom into areas of the map that are of interest. Being from Atlanta, GA I’m curious to see my fellow Atlantians’ threat status. Note that you can click the individual threats for more details:
You can limit your view by filtering the map on individual threat types. The Internet Threat Center supports the following threat types:
In addition to the interactive global view, several additional charts give an overview of threat occurrences by country and by continent. The high level of connectedness and density of personal computers within the United States causes the US to appear at the top of list most of the time. The scrolling list in the bottom right quadrant shows the most recent posts to Plixer’s NetFlow Knights blog.
Finally, probably the most fun chart provided by the Internet Threat Center appears at the bottom of the page “Threat radar in your location”. The ITC uses your current location to build a display of Internet Threats closest to you. It’s often surprising how close a botnet controller is to your own home or workplace:
Using Internet Threat Center Data In Your Network
The ITC dashboard demonstrates the power of Internet threat data but to put this power to use you’ll need to enable NetFlow within your network then download and install Plixer’s Scrutinizer NetFlow Analysis System. Once installed, Scrutinizer will synchronize with the Internet Threat Center notifying you anytime a suspicious host becomes active within your network or if one of your own IPs shows up on the ITC watch list.
The ITC is new and we’re always looking for comments and observations. Drop a comment here or email us at [email protected] if you have any questions of suggestions.