ThreatSTOP will be implementing changes to our severity labels to be consistent and clearer throughout our policies. We are not changing the policies themselves. Some targets, however, will have different severities and that may impact the volume of alerts you see in your portal account. Accordingly, we wanted to communicate those changes and the rationale behind them.
At a high level, we will be keeping the same severity 0-5 ranking that we have today.
- Severity 0 is for “no threat” targets (for instance, geo targets, whitelists, etc.).
- Severity 1 is for “policy violation” targets like tor usage, ad tracking, anonymizers, and the like.
- Severity 2 is for various forms of spam, scanning, and reconnaissance activity.
- Severity 3 is for minor attacks like cryptomining, brute force attacks, and other non-specific threats.
- Severity 4 is for serious attacks such as phishing, exploit kits, and infection sites.
- Severity 5 is for indications of full adversarial control such as command and control domains and for DNS exfiltration.
Using this system required us to change some targets to higher or lower severity, and very loosely starts to align our targets with the ATT&CK framework. As our list of targets is quite large and has been developed over years, there were some inconsistencies in how targets were labeled with respect to severity. This change normalizes all of our targets, and the above creates an easy to understand decision making tree for how we will label targets in the future.
With these changes we are adding additional threat types to allow for a more granular approach to your policy. For instance, we are adding a cryptomining target type that you can elect (or not) to put into your policy. The idea is to give you an easier way to understand control over your policy customization decisions.
If you’re a current ThreatSTOP customer and have any questions about these severity levels, please feel free to reach out to us.
If you’re interested in learning more about how ThreatSTOP protects you against attacks at every level, check us out below. Try us out for 14 days free, request a quick demo or just see what we’re about.