About the Threat Level

Threat Indicators

Our threat level now includes three indicators:
1. Web, reflecting the volume of malicious URLs on the Internet.
2. Spam, reflecting the volume of spam in circulation.
3. Malware, reflecting the volume of malicious files.

These three indicators reflect the reality of our complex threat environment. The majority of today's threats are Web borne. Typical threat infection scenarios include malicious URLs, spam driving recipients to malicious URLs, or malicious files downloaded from spam or from the Web. These three indicators comprehend the breadth and depth of both infection vectors and infections.

Threat Levels

Normal

There is regular threat activity but no major network incidents or malicious activity with escalated or severe risk assessments. This condition warrants routine monitoring of tiered network security levels preferably via a centrally managed console.

Elevated

There are known vulnerabilities and other conditions that may precede an attack; reported targeted attack incidents interspersed with normal network activity; and/or identification of critical vulnerabilities on popular applications and operating systems. This condition warrants close monitoring of security information channels, automatic deployment of relevant patches, engaging preventive technologies, and monitoring for security lapses.

High

Several high profile threats have been identified and/or critical network infrastructure is currently at risk. With this level in effect all relevant patches must have already been deployed in expectation for further hotfixes, network infrastructure must be locked down and/or partitioned, and pro-active preventive technologies should be deployed.

Severe

Several global critical network infrastructure threats are present with no patch or fix imminent. Discretionary measures of threat containment via network partition and throttling of resource availability to main the network is advised.