Stephen | Full Stack Developer

A detection threshold is the point where threat analysis systems flag activities as malicious or not. A high threshold equals more false positives ie flagging activities that are not malicious but would also catch threats more…a lower threshold on the other hand gives fewer threat alerts but is more likely to miss an actual threat… The line for deciding on a viable threshold that allows easy and efficient use of systems without exposing a larger attack surface comes from threat modeling to understand what you want.. the answers lie in the questions… 1. What are you aiming to build? 2. Are there other administrative users and what can they do? 3. What assets are most valuable? 4. Would this hurt if it’s lost or stolen or taken down? 5. What are potential threats? 6. What tactics is this system vulnerable to? 7. How severe to me would it be if something is damaged or stolen? 8. What controls and protocols are in place to handle such events and minimize loss? 9. How easy would this be for an attacker? When you can answer these questions, you can easily manage your sensitivity threshold for your threat detection system while retaining full functionalities and accessibility.