Every moment, hackers and their enslaved computers wage an epic invisible war online. To make this war less abstract, Norse has made a "live attack map," which shows in real time cyber attacks from malicious IP addresses

To obfuscate the origin of the attack, hackers will use computers from non-malicious users (e.g., a neighbor down the street) to host a cyber attack on a desired entity (E.g., the IRS).

Norse has developed a proprietary system to track these cyber attacks, which it calls the IP Viking. The IP Viking is one of the first cyber risk intelligence system s that is able to monitor cyber risks as they happen, in real-time.

Tommy Stiansen, Norse's CTO, says that they use the system to track as much of the "dark side of the internet" as possible, which includes general web traffic, to peer-to-peer networks, to IRC networks, to TOR.

Additionally, Norse sets of "honeypots," which are traps designed to lure hackers to gain additional informationa bout them. These honeypots may look like bank infrastruture or other attractive systems, and using these, Norse is able to dupe hackers to release information about themselves, like IP addresses.