The types of threats displayed in the system include malicious objects detected during on-access and on-demand scans, email and web anti-virus detections, as well as objects identified by vulnerability and intrusion detection sub-systems.
“Where do the attacks come from? Where do users click on malicious links most often? Which types of malware are the most prevalent? These are the sort of questions being asked by lots of users,” said Denis Zenkin, head of corporate communications at Kaspersky Lab, in a statement. “Our new map of the cyber-world threat landscape allows everyone to see the scale of cyber activity in real time and to get a taste of what it feels like to be one of our experts.”
Users can rotate the globe and zoom in to any part of the world to get a closer look at the local threat landscape. Different types of threats detected in real time are marked with different colors. The user can bring a description of each threat up on the screen or disable the display of threat types.
In addition to share buttons for users of social networking sites, there are buttons to switch the background color, the language interface and the display mode (flat map or rotating globe). There is also a handy link to check if a computer is infected with malicious software.
The tool uses Kaspersky Lab’s globally distributed cloud-based infrastructure, known as the Kaspersky Security Network (KSN), which helps Kaspersky Lab products receive information about new suspicious files and other threats after they appear.
"Every day Kaspersky Lab handles more than 300,000 malicious objects,” said Zenkin. “Three years ago the figure was just 70,000 but antivirus technologies have also changed with the times and we have no problem coping with this huge stream of traffic.”
Internal KSN mechanisms summarize the data sent automatically from thousands of protected devices whose users consented to share information about any suspicious programs they encounter. After comparing the behavior of the file on different computers, checking it against a database of hundreds of thousands of legitimate applications and using heuristic algorithms, the system issues a preliminary verdict on whether or not the object is malicious. If it is malicious, access to the object is promptly blocked for all other Kaspersky Lab users.
Information about security incidents is added to a map of the world in real time so that anyone can view the wide variety of threats, and the speed at which they spread.
The launch is the latest analytics tool for tracking the cyber-landscape. Barracuda recently launched an online malware detection engine, Threatglass, which leverages heavyweight virtualization to detect web-based malware through the analysis of millions of websites each week, sourced from multiple data feeds including the Alexa top 25,000 websites, social feeds and suspicious websites from Barracuda Labs' customer network, consisting of more than 150,000 organizations worldwide. In addition to screen-captures of the infections, Threatglass displays various representations of network traffic including DNS, HTTP, and netflow in both graphical and textual formats.
Facebook also recently launched its own threat information network, dubbed ThreatData, which is a framework for collating information on internet threats and making it accessible for both real-time defensive systems and long-term analysis. It’s a bespoke effort comprised of three high-level parts: feeds, data storage and real-time response.