The Role of Security Mapping in Vulnerability Management

Feb 7, 2013
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

Increasingly, security management organizations are coming to rely on a unique type of geography to recognize where threats and vulnerabilities are active, and where security exploits are occurring. The geography in question maps fairly closely to the physical map of the world. Because Internet links that connect sites and users to service providers are involved, along with prevailing local Internet topologies between the edges of that global network and local elements of its core, this geography tends to be more compressed and to be subject to strange or interesting hops between locations. Of course, this reflects the peering partners at various points of presence for SONET and other high-speed infrastructures, and doesn’t always reflect the same kind of geographical proximity you might see on a country or continental map.

Nevertheless, keeping track of where threats and vulnerabilities are occurring is incredibly useful. By following lines of “Internet topography” spikes in detection (which indicate upward trends in proliferation, or frequency of attack) are useful in prioritizing threats based on location. For one thing, networks that are geographically nearby in the Internet topography are more likely to get exposed to such threats, so it makes sense to use this kind of proximity to escalate risk assessments of exposure. For another thing, traffic patterns for attacks and threats tend to follow other typical traffic patterns, so increasing theat or vulnerability profiles can also help to drive all kinds of predictive analytics as well.

It’s always interesting to look at real-time threat maps  or network “weather reports” from various sources to see where issues may be cropping up and how fast they’re spreading. Akamai’s Real-Time Web Monitor provides an excellent and visually interesting portrayal of this kind of monitoring and analysis at work. In the following screen capture for example, we see a handful of US States where attacks have been detected in the last 24 hours.

Akamai’s “Real-Time Web Monitor” Displaying a Security Map

In general, threat, vulnerability and attack mapping work well because such data makes for intelligible and compelling visual displays. Human viewers are familiar with maps, and quickly learn how to develop an intuitive sense for threat priority or urgency based on proximity and the nature of the threats involved. That’s why so many security service providers use maps to help inform security administrators about safety and security in their neighborhoods, and around the planet.

About the Author: Ed Tittel is a full-time freelance writer and researcher who covers information security, markup languages, and Windows operating systems. A regular contributor to numerous TechTarget websites, Tom’s IT Pro, and, and, Ed also blogs on Windows Enterprise Desktop and IT Career topics. His latest book is Unified Threat Management For Dummies. Learn more about or contact Ed at his website.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.