Over the last few years, the amount of cyber crimes has skyrocketed. The department of energy alone estimates they get attacked 10 million times every single day. Some of these are very simple scans, while others are high key attacks. When making these hacking attacks however, hackers don't use their own ip address. Instead they go through another device that is connected to the internet.
This latest string of hacks have revolved around the ease at which hackers can find other computers connected to the internet, hack into those, and use their computing power for help in the attack. A company called Norse Corp. has developed ways to monitor this traffic.
Norse corp was founded by Sam ...view middle of the document...
This programs can view hacking attacks as they are happening and is able to stop them. Norse Corp. has monitoring “agents” all over the world at different internet access points. These “agents” allow the company to monitor internet traffic at a rate of almost 20 terabytes every single day. Interspersed with these agents are networks known as honeypots. These honeypots emulate good targets for hackers such as ATMs or Microsoft exchange servers.
When hackers attempt to break into one of these honeypots, the Ip Viking is able to see identifying information about the hacker such as ip adresses. Once an illegal hack has been initiated, the Viking is able to figure out what systems are being attacked, and what computers have been compromised and used to assist in the attack. The companies' plans are that in the near future, Ip Viking will be able to tell you the name of the hacking organization carrying out the attack.
This, in addition to another 1,500 other components, such as other interaction that Norse has had with the ip address, will be used to assign every ip address in the world a threat level. These threat levels are known by Norse. as ipq's. The ipq will be shown to every company running Norse's program, whenever an ip address tries to connect to one of these companies.
One of the reasons Norse has for initiating the ipq system, is their newest product, Norse Darklist. Norse Darklist is a brand new technlology that acts like a normal blacklist with a few exceptions. Standard blacklists block selected Ip addresses from being able to connect to your network. While most blacklists consist of a couple hundred ip addresses, Darklist by norse has a database of approximately 3 million addresses. This is not the only enhancement Norse has made. Whenever a hacker try to break into one of Norse’s honeypots, his ip address, and the ip addresses of all the machines used in the attack are analyzed by Ip Viking. They are then assigned an ipq and added to the Darklist database. This means that the database for Norse Darklist is being constantly added to and revised. This ability of this database to be stored in the cloud allows for it to be updated constantly by Norse, and then the user can choose when to update their database to the online. This...