Introducing Attenu8 platform to predict exploitability score for vulnerability to aid in prioritization
In InfoSec stress is a given, especially given that the InfoSec team needs to be right every time while bad actors need to be right only once. Vulnerability scanners overwhelm InfoSec teams, since these tools spew out a torrent of vulnerabilities. The whole scanning paradigm has outlived its value, but more about in a separate […]
FOSS vulnerability creep
It is estimated that Free and Open Source Software (FOSS) constitutes nearly 80-90% of any given piece of modern software. All sectors (public/private/tech/non-tech) have heavy reliance on software. It is imperative then to ensure health and security of open source software. Linux Foundation founded the Core Infrastructure Initiative (CII) back in 2014. CII members provided […]
Weekly Reserved CVE Actionable Insights ( June 23rd 2019 )
What are reserved CVE’s ? Reserved CVE’s are NVD records for confirmed vulnerabilities with little to no information. In most cases there is no information available. ThreatWatch’s prediction model, “Coeus“ goes through all the related information about these CVE like attack vector type, social chatter and vendor advisories, and arrives at a CVSS vector and […]
Manage the vulnerability deluge with “Actionable Insights”
The number of vulnerabilities being reported has just been growing over the years. The below chart help depict how the count of vulnerabilities has grown significantly (though not yet exponentially) over the recent years. Note it is apparent from the chart how ThreatWatch provides better overall vulnerability intel coverage, apart from standard sources like NVD. […]
Machine Learning (ML) powered vulnerability scoring for better prioritization
Most organizations face challenges with prioritizing risk from a new vulnerability or threat. At times, late breaking threats do not provide a severity assessment. The standard way to identify the key characteristics of a threat is using CVSS (Common Vulnerability Scoring System). CVSS provides a Vector (based on key dimensions / attributes of the threat […]