Every piece of code is a potential source of vulnerabilities. This could be operating systems, containers, databases, web servers and the list just goes on. It also includes hardware devices like L2 / L3 network devices, healthcare devices, IOT devices and more. To further compound things, the rate at which vulnerabilities are discovered is growing every year. The chart below reflects the trend observed…

Vulnerability Exploitability Chart

Note that not all vulnerabilities make it to NVD and do not have a CVE number assigned. Our observation at ThreatWatch (TW) is that this is especially true for Free Open Source Software (FOSS). The above charts callouts the vulnerabilities which do not have presence in NVD and don’t have a CVE number assigned. Interesting to note that these “No CVE assigned” vulnerabilities have an upward trend over the years as well.

It is important to note that though the number of vulnerabilities discovered are fairly high and growing, not every vulnerability is weaponized. For a vulnerability to be weaponized, it should either have a known exploit or high probability of being exploitable. For the former i.e. known exploit for a vulnerability, things are easier. However how can one deduce what is the probability of a vulnerability being exploitable in the absence of any known exploits. This is crucial since how quickly the vulnerability can be weaponized into say a malware is directly related to its exploitability, read more in our earlier blog. We at ThreatWatch (TW) have been researching this to build a ML / AI model to determine this i.e. probability of a vulnerability being exploitable.

Ask any ML expert and the key thing is to curate the right data set to train & test the model. We leveraged our “Vulnerability Database” to identify relevant data to be used for training the ML model. Next part was to identify the right attributes of a vulnerability which affect exploitability aka features in ML parlance. Some obvious attributes which translate to features for the ML model are as below:

These features need to be correlated while making a decision on exploitability. For example a vulnerability that can be attacked remotely over the network is more valuable than a vulnerability which requires the attacker to be on the local network. Similarly an attacker would like to exploit a vulnerability which does not require any authentication for the attack. Similarly a vulnerability which has no special conditions is a better candidate. Now loop in the other features in the mix for a perfect recipe.

Vulnerability Exploitability Neural Net

Our ML model is a Neural Network which can predict exploitable vulnerabilities with an accuracy upward of 95%. This will make it easier to look for “ the needle in the haystack”. Couple this with:

This provides a complete and perfect solution for ThreatWatch users.

Interested in knowing more about how your organization can benefit from this and improve your security posture, write to us at info@threatwatch.io,  Or better simply take us for a spin by leveraging our Free Tier directly for a first-hand experience.

Leave a Reply

Your email address will not be published. Required fields are marked *