Alert Security Status
The SenseDeep dashboard is your top-level security overview and it provides you with clear, actionable information. Rather than presenting a long list of potential security threats, the security status is separated into three distinct areas:
Attacks indicate if you have been attacked and compromised. Threats indicate where you are vulnerable and what you need to look out for. Background events show the background internet threat environment of probes and scans in which your site is operating.
Your Attack status indicates if you have been compromised or not. It is your have I been hacked indicator. The gauage is color coded and the current value is displayed below the graph. The possible values of your attack status are:
- none — everything is normal
- targeted — your site has been targeted by hackers
- compromised — your site has been hacked
On the SenseDeep App dashboard, the attack status is mapped to a gauge value for display. The none value is displayed as 0%, targeted is displayed as 50% and compromised as 100%.
The Threats gauge indicates if you have vulnerabilities in your site. It shows if are you at risk of being hacked in the future. Like the attack status, the gauage is color coded and the current status and numeric value are displayed below the graph.
The threat status is a numeric value that indicates the extent of your site's vulnerabilities. When SenseDeep discovers configuration errors in your site, out-of-date software with known vulnerabilities, or other vulnerabilities, it increases the threat status.
SenseDeep performs a regular audit of your AWS site's configuration and utilizes event-based detectors to detect new vulnerabilities in real-time.
The Threat status is a numeric value between 0 and 100% with an associated word-based status. The following thresholds are to determine the status:
- < 10 — none — no vulnerabilities have been detected in your site.
- < 35 — low risk vulnerabilities have been found.
- < 65 — moderate risk vulnerabilities have been found.
- < 90 — high risk vulnerabilities have been found.
- >= 90 — critical risk vulnerabilities have been found.
If your Attack Status is targeted, you should ensure that you have no important threats as indicated by your Threat status. If your Threat status is non-zero, you should do the following to address the underlying issues in response to your threat status:
- low and moderate — Fix when you can.
- high — You should fix these very soon.
- severe — You fix these immediately.
Background events are security related events that do not result in a compromise or immediate vulnerability. Examples are the scanning and probing of servers that is normal and constantly occuring on the modern internet.
Background events are tracked so you can see the full environment in which your cloud service is operating. It is normal that your servers will constantly be probed and scanned. Consequently, it is important to ensure that you have the lowest Threat score possible. A higher threat score indicates you have open vulnerabilities to this background "radiation" of security attacks.
You can click on the Attack, Threat and Background gauges and graphs to see more detailed information about the source of the attack or threat.