The Threat Visualizer envisions the evaluation of attacks on systems operated by Securepoint. Securepoint operates systems throughout Germany that simulate lucrative targets in order to attract potential attackers.
As soon as one of these so-called honeypots is attacked, useful data about the attacker, such as IP addresses and actions, is analysed and stored in our databases.
In addition to the honeypots, we also operate the Securepoint Threat Intelligence Feed, a regularly updated list of IP addresses categorised as malicious.
This TIF list is based on threat analyses and includes known command-and-control servers, malware distributors and other malicious infrastructures.
The threat intelligence filter is used in the Securepoint services.
This filter uses the TIF list to recognise, log and block connections to these IP addresses – regardless of the protocol used. In the Threat Visualiser, the threat data from the threat intelligence feed is displayed visually as a heat map on the map and as top lists in tables.
The live data comes from our honeypots and is continuously fed into the threat analysis.
To see the overview, the Threat Visualizer must be started using the Start Threat Visualizer button.
notempty
All data on this page refers to so-called "honeypots" that are targeted for attack. Not the current tenant.
Threat Visualizer starten
Traffic map
Traffic map
This world map shows real-time attacks on our honeypots worldwide. Hovering over a country displays information from the Threat Intelligence Feed (TIF). You can toggle the view to a heatmap using the Toggle Heatmap button. Countries with the highest number of threats are highlighted. (See next image)
Heatmap
Traffic map Heatmap
The mode can be changed again using the Toggle Heatmap button.
Live data
Live data
This table provides a real-time overview of registered attacks based on geo-IP data. It lists the source IP addresses, the protocol being attacked, and the time of the attack. This information is continuously updated.
Geo-IP range: Country from which the attack originated
Suspicious IPs: IP address that sent the attack
Protocol: Port on which the attack was launched
Time: Time at which the attack was launched
TIF ranking
TIF ranking
The TIF rankings provide a dynamic overview of the latest data from the Threat Intelligence Feed (TIF). It provides information on blocked IP addresses worldwide. This list allows for the analysis and monitoring of potential threats by geographic region.
Country attack statistics
Country attack statistics
This histogram shows the live data for the last 100 hours. The slider allows you to scroll through the data sets hourly. Clicking the switch in the top right corner () displays the current data set as a table (see next image).
Table view
Country attack statistics table
Geo-IP range: Country from which the IP addresses originate
Suspicious IPs: Number of suspicious IP addresses
The view can be changed again using the button .
Port attack statistics
Port attack statistics
This histogram shows the attacked ports and protocols for the last 100 hours. The slider allows you to scroll through the data sets hourly. Clicking the switch in the top right corner () displays the current data set as a table (see next image).
Table view
Port attack statistics table
Port: Port being attacked
Logged ports: Number of attacks on this port
Percent: Percentage of these attacks compared to all attacks
