ThreatSTOP will be implementing changes to our severity labels to be consistent and clearer throughout our policies. We are not changing the policies themselves. Some targets, however, will have different severities and that may impact the volume of alerts you see in your portal account. Accordingly, we wanted to communicate those changes and the rationale behind them.
At a high level, we will be keeping the same severity 0-5 ranking that we have today.
Using this system required us to change some targets to higher or lower severity, and very loosely starts to align our targets with the ATT&CK framework. As our list of targets is quite large and has been developed over years, there were some inconsistencies in how targets were labeled with respect to severity. This change normalizes all of our targets, and the above creates an easy to understand decision making tree for how we will label targets in the future.
With these changes we are adding additional threat types to allow for a more granular approach to your policy. For instance, we are adding a cryptomining target type that you can elect (or not) to put into your policy. The idea is to give you an easier way to understand control over your policy customization decisions.
If you’re a current ThreatSTOP customer and have any questions about these severity levels, please feel free to reach out to us.
If you’re interested in learning more about how ThreatSTOP protects you against attacks at every level, check us out below.