Information about "most popular" threats - ATLAS
Introduction
Note that all links in this article open separate browser windows.
Most vendors of security programs as well as other security organizations of various kinds have information about the threat situation. The information differs from general evaluation of current threats, to more in-depth analysis based on various traffic analysis systems.
Do we need another one to complicate matters even further?
Active Threat Level Analysis System (ATLAS)
The short answer to the question above is YES.
The Active Threat Level Analysis System (ATLAS) collects data from Internet providers around the world, analyses the data and presents aggregated data to the public (and more in-depth analysis to some). ATLAS views computer attacks from a global perspective and helps users predict future network attacks. It does this by analyzing data gathered from a variety of sensors.
ATLAS is created and maintained by Arbor Networks, a provider of security solutions to ISPs around the world. According to Arbor's web site, 70% of the worlds ISPs are among the company's customers, which should provide quite extensive data for the analyses. More than 100 ISPs participate in the ATLAS system and send anonymous data each hour, which should ensure that the available information is close to real-time.
Types of statistics and analyses available
The statistics available from ATLAS show which exploits that are among the most popular on the Internet, which ports/services that are most often scanned etc. Also available are short descriptions of the different types of attacks, with references (links) to more extensive information from lots of other security sources. Since the ATLAS system collects data from all over the world, one may also see which countries and domains / IP ranges that are most active in different types of malicious activity (e.g. most popular areas for phishing web sites, most popular areas for botnet servers).
As could be expected, ATLAS also provide a threat level assessment, with focus on general malicious global activity. As of this writing, ATLAS' threat index is Normal.
Usage and future development
The value of this plethora of information for the common Internet surfer is limited (nor is he the target for the information, presumably). For security professionals however, it is interesting to view this type of aggregated information as one of many tools available to protect and advice customers.
As a means for pinpointing criminal elements with subsequent prosecution and conviction, the ATLAS initiative may be very useful.
ATLAS is quite a new service available to the public (press release from Arbor was issued 10 march this year). There are however plans to extend the initiative:
Next steps for the ATLAS initiative include the availability of a subscription service for service providers and enterprises that contextualizes the intelligence based on physical (global, regional, country or city) and entity (service provider, ASN, organization, industry vertical, IP) perspectives. Additionally, the ASERT will overlay context to the content, transforming ATLAS-gathered data into actionable business intelligence for service providers and enterprises.
Hopefully these plans will be implemented, making the system even more valuable - and even more useful for IT professionals in their daily struggle to secure their systems.
More information
We recommend that you visit the ATLAS web site for more information, statistics and available analyses.