Skip to main content

Threat types

About threats

Threat events are recognized by the GravityZone MTD, which is able to determine in real-time when a malicious event is happening.

Threats are events and are further classified by:

Severity - the following levels of severity are supported:

  1. Critical - This severity indicates that a real attack has occurred or is in the process of being attacked. This typically means a compromise of the network and/or the device. This level of threat requires immediate attention from the enterprise administrator for mitigation and action.

  2. Elevated - This severity is an identified risk, which may lead to an attack or a compromise of the network or device. This does not necessarily indicate that a threat attack occurred.

  3. Low - This severity indicates an informational event. This is an indicator of risk that can possibly lead to an attacker exploiting a vulnerability.

  4. Normal -This severity indicates a normal event occurring for actions such as a DNS change, proxy change, or a network handoff. These do not indicate an attack but can be a cause for analyzing the possibility of a threat.

Type - there are two types of threats:

  1. Singular - This is an individual threat event on a specific device.

  2. Composite - This is a collection of singular threat events that occurred in a given time frame on a specific device.

Enablement

An administrator can enable a threat for detection or leave it disabled.

MITRE tactics

For each threat, you can access MITRE information on the tactics that a potential adversary may employ for that threat.

About malware family classifications

These family classifications allow an administrator to take remediation actions at the device or app level that are based on the malware family classification. Then an administrator can inform the end user of the specific risks associated with each of the family classifications. If the app does not fall into specific family classifications, it by default belongs to the ‘generic malware’ family classification.