The key to more accurate vulnerability assessment
In cybersecurity, exploiting vulnerabilities in software and systems has become the #1 attack vector for threat actors. This creates an enormous challenge for security teams. It takes an average of 12 days for teams to coordinate and apply a patch across all devices, consuming a great deal of time and IT resources. More than 18,000 new vulnerabilities were discovered in 2021 alone, on top of tens of thousands of vulnerabilities already documented in the National Vulnerability Database (NVD). Because security teams simply can’t patch every vulnerability, vulnerability assessment and prioritization has become a business-critical task.
The trouble is, traditional methods for prioritizing vulnerabilities are based on severity – how much damage an attacker could do with it – rather than how likely attackers are to use a particular vulnerability. This means that security teams are likely to prioritize patches for vulnerabilities that are theoretically more severe over vulnerabilities that threat actors are actually intending to use.
Cybersixgill offers a simple yet powerful solution for more accurate vulnerability assessments. The Cybersixgill DVE Intelligence solution predicts the immediate risk of a vulnerability based on the intent of threat actors, according to comprehensive data and intelligence collected from the clear, deep and dark web.
The challenge of assessing vulnerabilities
In the role of vulnerability assessment, most prioritization is driven by scores determined by the Common Vulnerability Scoring System (CVSS). This open framework scores common vulnerabilities and exposures (CVEs) based on the ease of exploiting a vulnerability and on the potential severity of an attack.
While the CVSS is helpful in understanding the potential impact of vulnerability exploitation, there are several critical issues with this framework.
- Lack of likelihood assessment. A CVE rating from CVSS does not adequately factor in the question of how likely a vulnerability will be exploited.
- Static scores. CVSS scores rarely change, often resulting in outdated scores that can delay an organization’s response, even as vulnerabilities become increasingly popular among threat actors.
- Lag in scoring. While many CVSS scores are assigned within a few days, some cases can take far longer to evaluate, lagging up to two weeks, leaving security teams with a limited understanding of their risk environment.
As the number of vulnerabilities continues to grow each year, these issues with the CVSS make vulnerability prioritization ever more difficult. As a result, security teams are often more reactive than proactive, and more tactical than strategic.
To enable security teams to prioritize patches as quickly and effectively as possible, you need a solution that that performs a more accurate vulnerability assessment. The ideal solution would actively incorporate attacker capability, intent and interest, delivering real-time threat intelligence for more effective vulnerability management. That’s exactly what you get with Cybersixgill.
Vulnerability assessment with Cybersixgill
Cybersixgill is dedicated to protecting organizations from malicious cyberattacks that come from the deep and dark web, before they actually materialize. The Cybersixgill Dynamic Vulnerability Exploit (DVE) Intelligence solves the challenges of vulnerability assessment by evaluating vulnerabilities based on the intent of threat actors, in addition to potential severity.
To determine the probability of a vulnerability being exploited in the near future, we look for threat intelligence in the place where threat actors go to communicate, collaborate, gather tools and plan their attacks anonymously: the dark web. DVE Intelligence leverages continuous, AI-driven, real-time analysis of dark web discourse, including limited access web forms, elicit underground markets, invite-only instant messaging groups, paste sites, and code repositories, as well as clear websites and social media platforms. Our fully automated collection and source infiltration technology can scrape data that’s inaccessible to other vendors, such as high-value sources with complex CAPTCHA tests. Using advanced AI and ML algorithms, our technology automatically indexes, correlates, analyzes, tags and filters raw data to produce critical insights in the form of DVE Intelligence.
Benefits of DVE Intelligence
- Real-time insight. Know when an exploit is published or a vulnerability is discussed, even before threat actors even think of using it.
- Comprehensive data. Leverage scores that are based on the largest collection of threat intelligence related to vulnerabilities.
- Probability predictions. Track threats from CVE’s that have a higher probability of being exploited by active threat actors.
- Easier prioritization. Leverage insights to proactively remediate vulnerabilities and prevent attacks.
How a DVE score is calculated
The Cybersixgill DVE Score is based on several parameters.
- Publishing date of a CVE. CVEs published more recently have a higher probability of being exploited by threat actors.
- Proof-of-concept (POC) exploit code. When POC exploit codes for a vulnerability exists in code repositories like GitHub, the vulnerability is more likely to be exploited soon.
- POC exploit codes on underground forms. When exploit codes are bought and sold on dedicated markets on the dark web, less sophisticated actors are more likely to execute advanced attacks.
- Dark web discussions. CVE’s that are the subject of discussions on the deep and dark web have a higher probability of use in the near future.
- Reputation of dark web forms. Certain forums on the dark web attract threat actors with more dangerous reputations, giving conversations around CVEs on these forms more weight.
- Threat actor reputation. DVE scores include a calculation of the reputation of threat actors, including their tenure, their social network, and the level of threat they pose.
DVE Intelligence delivers greater accuracy in vulnerability assessment with a predictive model based on proven data science techniques that have been tested and validated in many security and non-security use cases. This model automatically evaluates the chronology of each CVE as it evolves, determining scores in near real time and updating scores frequently to provide security teams with the latest intelligence.
The Cybersixgill difference
Cybersixgill has taken a quantum leap into the next stage of evolution in threat intelligence. Unlike other solutions that rely heavily on humans, our collection and correlation is 100% automated to minimize human error, reduce false positives and increase analyst productivity.
Cybersixgill technologies increase security teams’ confidence in their ability to fight fraud, detect fishing, identify data leaks, prioritize vulnerabilities and amplify incident response in real time to successfully fight cybercrime.
Along with DVE Intelligence, our platform includes:
- An underground threat intelligence feed with a datastream of indicators of compromise (IOC’s) via API. Our threat intelligence maximizes analysts’ performance with a stream of malicious hashes, URLs, domains and IP addresses – before they are deployed in the wild.
- Investigative Portal, delivering access to the most comprehensive, automated collection of closed underground sources from the clear, deep and dark web. The Investigative Portal gives security teams unrestricted access to our full body of threat intelligence, with real-time contacts, actionable alerts and the ability to conduct covert investigations.
What is a CVE?
In cybersecurity, CVE stands for common vulnerabilities and exposures. The CVE definition includes both the wide range of vulnerabilities and exposures that create risk for organizations as well as the Common Vulnerabilities and Exposures database of publicly known vulnerabilities.
What is a vulnerability assessment?
As a growing number of vulnerabilities in software and systems are discovered, vulnerability assessment is critical to helping IT teams understand which vulnerabilities pose the greatest risk to security.
What is vulnerability prioritization?
Vulnerability prioritization is the practice of addressing the most dangerous vulnerabilities first, since it’s impossible for IT teams to patch and remediated every known vulnerability.
Cybersixgill’s end-to-end Dynamic Vulnerability Exploitation takes a contextual, more accurate approach to vulnerability management and prioritization. This year, back-to-school time coincides with increased cyberattacks against higher education instit …Read more
Russian dark web actors use underground markets to move money and purchase illicit goods, despite the Western embargo. When a banned product is in high demand, there is opportunity for a black market to thrive. Considering the extent of Western governm …Read more
Compromised university credentials and endpoints on the dark web could cost students and schools millions. Introduction Possession of a student’s university account is desirable for threat actors. It enables them to impersonate the student and steal th …Read more