When creating secure computing systems and networks, it is imperative to understand the current threat landscape. Knowledge of what threats are currently able to compromise systems allows network operators and denizens to utilize resources in the most efficient manner possible when employing defensive measures to protect against compromise. Many network operators only are informed of current threats after user reports of machines being infected or otherwise compromised.
Information about cyber threats and vulnerabilities come from a wide variety of sources, from news reports, the CVE database, emails, and many others. Some of this information comes well after cyber threats have propagated across the internet, and others disseminate information before exploits are even released. It is very difficult for network operators to be constantly monitoring all sources for this information, and various visualizations may help operators to obtain a better sense of the current threat landscape and possible trending security incidents or exploits.
Argonne will utilize open source mailing lists, threat sharing technologies, databases, and other sources as appropriate to create a visualization of real time warnings, incidents, and traffic across the globe that will allow for network security analysts, system administrators, and users, to quickly identify the current state of the security world without the need to root around in copious numbers of sources.