Google Maps is really cool, no doubt.
I happened to check out two separate incident databases recently (one datalossdb, the other a private beta), and both have leveraged Google Maps. I guess what I am struggling with is the utility of the feature. With physical incidents, it seems useful to track threat trends – terrorist / pirate hotspots, etc. – so that we can act in accordance with our risk tolerance levels.
While we may find geographic patterns in cybersecurity, these patterns rarely if ever reflect a concentration of threat – this being one of the significant differences between physical and logical attacks.
I don't think the value is nearly as high, and given the screen real estate required to display it, I am not sure using geographic maps is beneficial. Even the maps of things like worm/virus spreading across a globe are more about computer usage patterns (e.g. follow the sun) than anything meaningful (I think).
So I am curious what use cases you can come up with for geographic maps in the cybersecurity realm. Here are some ideas:
- Wireless hotspots showing areas of high/low concentration of vulnerable areas.
- Jurisdictional use – identifying countries or regions that have various differing compliance regimens.
What benefits do you see with geographic mapping in cybersecurity? Or put differently – what geographic information would provide input into a cybersecurity decision you need to make?
Commercial companies are having some success selling it:
http://www.quova.com/page.php?id=10
A title for one of http://www.the451group.com’s reports is “Digital Resolve’s fraud detection blends IP geo-location and behavior analysis”. I don’t have access to it, but the title purports to the utility.
Geographic information can be useful to answer questions like:
- should anyone be successfully VPNing into our corporate network from IP addresses outside of the US
Maybe the distinction here is between possessing geo-tagged IP data versus using actual maps?