Imbalance between proactive and reactive cybersecurity

NIST Cybersecurity Framework (aka Framework for Improving Critical Infrastructure Cybersecurity) is an excellent resource for all organizations. There are 3 components to the framework as below: Core – Provides a set of desired cybersecurity activities and outcomes using common language that is easy to understand. Tiers – These implementation Tiers help assist organizations by providing […]

Improving efficacy of AI/ML model to predict exploitability score for vulnerabilities

In an earlier blog, I talked about how machine learning can help predict exploitability score for a vulnerability. In this blog, I will elaborate on some of the finer aspects before comparing with an alternative means available. From a machine learning angle, it is important to identify & include relevant features and use a balanced […]

Malware prediction

Data Science and commercially available AI/ML implementations now make it possible to predict whether a vulnerability can be weaponized into malware. This could be a critical moment in cybersecurity as it allows vulnerability management to be truly proactive and reduces the remediation workload. But why bother with this? And even if we did, how could […]

Need for machine curated vulnerability intelligence

It is my pleasure to share this blog article authored by Rohit Ghai, who we are fortunate to have as our advisor. Rohit is renowned in the industry and he currently serves as President, RSA Security. Recruiting machines to fight the vulnerability crisis A central pillar in any cyber resilience strategy is the idea of […]

Weekly Reserved CVE Actionable Insights ( June 23rd 2019 )

What are reserved CVE’s ? Reserved CVE’s are NVD records for confirmed vulnerabilities with little to no information. In most cases there is no information available. ThreatWatch’s prediction model, “Coeus“ goes through all the related information about these CVE like attack vector type, social chatter and vendor advisories, and arrives at a CVSS vector and […]

Machine Learning (ML) powered vulnerability scoring for better prioritization

Most organizations face challenges with prioritizing risk from a new vulnerability or threat. At times, late breaking threats do not provide a severity assessment. The standard way to identify the key characteristics of a threat is using CVSS (Common Vulnerability Scoring System). CVSS provides a Vector (based on key dimensions / attributes of the threat […]