I've seen maps like this discussed[0] on /r/netsec/ and other similar forums and from my understanding, they are mostly useless. It's aggregates some data to make a very pretty site, but doesn't really give you anything actionable. Normally you need to run it through real monitoring tools with various thresholds configured so you can alert the proper teams to act when something odd is going on.
The Norse Map used to have a little "about" section that explained how the map is a general aggregation of data and designed to show at a very high level what is going on, but doesn't provide any deep insight into each attack. The famous disclaimer "for entertainment purposes only" comes to mind, but in reality I think the Norse Map is just a really neat and sort-of functional advertisement for the capabilities of Norse. If you go to http://norsecorp.com, you'll see that the company behind the map is a security firm that wants you to pay for "real-time visibility into global cyber attacks", which means either signing up for their service that alerts you of weird activity on your network, or purchasing their appliance that can help block attacks at the point of entry. I'd conclude that the map is not really meant to actually provide real threat warnings, but rather a way to see into what the Norse Intelligence Service is capable of monitoring.
Norse is generally considered a joke by all the professionals I know in the infosec and threat intelligence industries, and not just for their silly map. Even moreso after their recent Iran report, done in conjunction with the political thinktank American Enterprise Institute. No bias there at all.
Are there any open source map platforms like this for integrating into real time data feeds (i.e. if we want to track sales by region etc...) onto a map?
I know about http://cesiumjs.org/ but it was extremely resource intensive heavy last time I tried to use it.
You could use Logstash and Kibana to make a similar looking map from actual logs, but i don't think you'd be able to do the shooting animation, but I'm not too well versed in Kibana. Maybe with a plugin?
LOL, I had the same initial reaction. Apparently Norse monitors global cyber attacks[1]. So the real question is not why they hate St. Louis but why does China hate St. Louis?
I found the link while reading conspiracy theories about the NYSE shut down this morning[2]. I have no idea about the quality of the data. I just thought the visualization was cool.
Norse Corp. is a threat intelligence company. I believe one of their HQ is located in St. Louis and is where they currently host many of their honeypots. That is why you see St. Louis being attacked a lot.
That's because of all the defense / Intel work in St. Louis (Scott afb etc). And to the other commenter talking about Kirksville, that's where the JSS is.
If Norse wanted to make this data useful, they'd present it as a CSV, too. How else could I determine if one entity owns all the St. Louis targets??? :)
Their homepage says "Norse Tracks over 200,000 tor exit nodes". Tor metrics [1] says there exist 1,000 ish Tor exit nodes. So is Norse's statement a blatant lie?
I don't know much about network security. Is there a difference between the kind of attacks that would be caught by honeypots vs targeted attacks? Do these statistics depend heavily on how they setup their honeypots, which I assume is limited by the company's logistics.
[0] http://www.reddit.com/r/netsec/comments/2xuai9/pewpew_your_v...