The CTU Cyber Security Index (CSI) is a threat-based, color-coded system provided to notify customers about threats that might require protective measures. The CSI is evaluated daily by CTU researchers and updated when necessary.
The threat landscape exhibits typical levels and types of malicious activity. The tenor of recent disclosures, malware activity, and security updates warrants a Guarded standard of vigilance.
Low to average amounts of malicious activity. Typical network mapping, vulnerability scanning, and recon. Normal malware incidence. Isolated intrusions and denial-of-service attacks. No specific action is recommended.The CTU will continue to protect customers by maintaining vigilance and using standard operating procedures.The CTU will operate in a tight awareness loop with the SOC and other sources to gather and disseminate actionable intelligence and countermeasures.
The CTU Cyber Security Index is a threat-based, color-coded system provided to assist in implementing protective measures to reduce the likelihood or impact of an attack. The Cyber Security Index is evaluated daily by the CTU and updated as appropriate based on current threat activity. A “reason” provided for the index’s current status will typically include reliable and actionable information about a threat targeting software, networks, infrastructures or key assets (included in our Global Threat Intelligence service).
While the primary decision point for the Cyber Security Index is a “Daily Security Roundup and CSI Threat Level” discussion, the CTU can make a decision (with input from other senior security personnel from our Security Operations Centers, our CISO and other individuals) at any time day or night, depending on what events we see occurring or imminent.
When there is significant debate on what threat activity corresponds to which Cyber Security Index level, the CTU will refer to the criteria in the Cyber Security Index definitions to make judgment. The CTU takes a very serious and judicious approach when determining the Cyber Security Index.
Level 1 - Guarded
Low to average amounts of malicious activity. Typical network mapping, vulnerability scanning, and recon. Normal malware incidence. Isolated intrusions and denial-of-service attacks. No specific action is recommended.
The CTU will continue to protect customers by maintaining vigilance and using standard operating procedures.
Level 2 - Elevated
Elevated levels of malicious activity. Large-scale brute force, SQL injection, RFI, etc., attacks. Elevated incidence of one or more known malware families or signs of new malware. DDoS attack against a high-visibility service that impact customers either directly or through their reliance on a site or service.
Specific action may not be appropriate in the case of high activity for known or existing threats, but action items may be given for new threats.
The CTU will operate in a tight awareness loop with the SOC and other sources to gather and disseminate actionable intelligence and countermeasures.
Level 3 - High
High levels of malicious activity. Clear and present danger that requires immediate action to prevent significant impact on the confidentiality, integrity, or availability of customer information systems. Zero-day. Active exploitation of a critical, unpatched vulnerability in widely used software. Widespread or uncontrolled distribution of a new worm or virus. Coordinated DDoS attacks on key Internet resources or which are of a scale that impacts public network infrastructure.
The CTU will diligently work to produce effective countermeasures and workarounds and get actionable intelligence to customers and the public.
Level 4 - Critical
A high level of danger to customer networks and systems, and public infrastructure. Indicates the need for immediate mobilization and realignment of security resources and a requirement for quick action. Active, large-scale use of attack tools or tactics that render existing controls useless, widespread distribution of a dangerous cross-platform worm, exploitation of a flaw in the design or common implementation of the technological underpinnings or routing fabric of public IP networks all constitute possible justification for raising the Cyber Security Index to Critical.
The CTU will apply all resources at its disposal and take extraordinary measures to protect customers and the public, counter the threat, and return to a lower Cyber Security Index rating.