Resources and Tools for Measuring Security Threats
Accurate numbers about security are tough to come but I still like to find and track them as much as possible. We can tell from war stories shared with colleagues that malware, spyware and phishing seem to be getting worse, but I want to know how much worse. There's an old adage in management that if you can't measure it, you can't manage it. I don't think this is totally true for security but I think it's still useful to keep in mind.
So, where can we get the measurements? Here are some pointers:
Thanks to Infosecwriters.com for posting about Daniel James' Statistical Analysis of Internet Security Threats. It's a good overview and not too technical. I like this one because it is written for the average Internet user, not the security or IT professional. This can help with user awareness.
For more up to date tracking of threats on the Internet, the is the Microsoft Malware Protection Center. It's new and more will be coming, but it gives a quick summary of what most active threats. McAfee, sponsor of this community, has a similar site; I especially like the global virus map.
What I'd like to see, but haven't found yet, it up to date information on malware infected Web sites and P2P networks. I've wondered before if Google would get into the business of tracking malware infected sites and I just found a company called Robot Genius which has a Web crawler building a database of malicious executables on the Internet. Good luck. Maybe their software with Googles hardware could do a decent job of it. I think this is an area we need more concentrated effort. We need for options for identifying threat-hosting sites. Daniel James' paper argues for safer surfing to control the spread of spyware but we need tools.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
