The challenges of the Common Vulnerability Scoring System
Vulnerability exploitation has recently become the most common vector for cyberattacks – serving as the initial means of infiltration for 1/3 of all cyber attacks in 2021. With nearly 200,000 vulnerabilities already identified and ~50 new CVEs released each day, security teams must prioritize remediation, focusing first on the vulnerabilities that represent the greatest risk.
Traditionally, security teams have relied on the Common Vulnerability Scoring System (CVSS) when prioritizing vulnerabilities for remediation. CVSS is a free and open industry standard that assesses the severity of a vulnerability should it be exploited. But CVSS scores offer only a partial view of risk. They don’t take into account the likelihood that a vulnerability is about to be exploited, and the scores rarely change even though the risk associated with vulnerabilities may significantly increase or decrease over time.
For security teams that want a more accurate, real-time assessment of the risk associated with vulnerabilities, Cybersixgill offers DVE Intelligence. By providing a real-time score based on the likelihood that a vulnerability will be exploited in the next 90 days, DVE Intelligence delivers a more detailed and accurate assessment than the Common Vulnerability Scoring System, helping to simplify and enhance vulnerability prioritization.
How the Common Vulnerability Scoring System works
The Common Vulnerability Scoring System was launched in 2005 to provide an open and universal standard to rate the severity of software vulnerabilities. A CVSS score is based on the damage that could be accomplished by attackers if they successfully exploit a given vulnerability. Scores are assigned to vulnerabilities that have been added to the list of Common Vulnerabilities and Exposures (CVE) and entered into the National Vulnerability Database (NVD).
While a rating with the Common Vulnerability Scoring System can be a helpful data point in the vulnerability management lifecycle, there are several reasons that CVSS scores alone can’t provide a full picture of the risk associated with each vulnerability.
A lag in rating time. While many CVSS scores are assigned quickly, some take far longer. Certain vulnerabilities may not be assessed for days or even weeks. During this lag, security teams have no idea about the risk that a newly discovered vulnerability represents.
Ratings rarely change. Ratings on the Common Vulnerability Scoring System are seldomly revised, even though a certain vulnerability may become much more widely exploited by cybercriminals in the time after its initial publication.
No probability assessment. CVSS scores are based solely on the potential damage that a vulnerability exploit could cause – the scores do not reflect the likelihood that threat actors will attempt to exploit a vulnerability. As a result, vulnerabilities with high CVSS scores may be extremely unlikely to be used in an attack, while vulnerabilities with a low severity rating may be used frequently by cybercriminals in coordinated attacks.
To protect their organizations more effectively, security teams need a better way to understand the risk associated with each vulnerability and prioritize remediation. That’s where Cybersixgill can help.
Prioritizing vulnerabilities with Cybersixgill
Cybersixgill empowers security teams with agile, automated and contextual cyber threat intelligence solutions to stop attacks before they materialize. Our technology is proven to have the broadest threat intelligence collection capabilities in the industry, enabling us to capture, process and alert teams to emerging threats, tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) as they surface on the clear, deep and dark web.
To drive rapid prioritization and mitigation of critical vulnerabilities, Cybersixgill’s Dynamic Vulnerability Exploit (DVE) Intelligence collects and analyzes data from the cybercriminal underground. DVE Intelligence relies on machine learning to quantify the intent of threat actors and to gauge the likelihood of whether a vulnerability will be exploited within the next 90 days. This unique, data-driven insight into the thoughts and plans of threat actors gives security teams a head-start on vulnerability management and accelerates threat response and decision-making.
In contrast to ratings provided by the Common Vulnerability Scoring System, DVE Intelligence scores are generated by continuous, AI-driven, real-time analysis of multiple threat intelligence streams. Our technology monitors dark web discourse, code repositories and invitation-only messaging groups – as well as social media, blogs and sites on the clear web – to predict the probability that a vulnerability will be exploited. Real-time context, actionable insights and dynamic attributes ensure that security teams have clear visibility into the reason behind the score. And with the Cybersixgill Investigative Portal, analysts can investigate further to learn more about the popularity, potential exploits and relevant actors related to each vulnerability listed in the CVE database.
How Cybersixgill gathers intelligence from the dark web
Cybercrime is big business and it thrives in web forums, instant messaging apps, and other closed sources on the dark web. This is where the tools for cyberattacks are sold and traded. From leaked information and compromised credentials to phishing kits and ransomware tools, the deep and dark web is the place where cyber criminals plan their malicious campaigns. For companies fighting cybercrime, it’s the best place to gain intelligence that can help to protect against external threats.
To determine the likelihood that a vulnerability will be exploited in the near future, our technology performs continuous, AI-driven, real-time analysis of multiple streams of threat intelligence. We gather intelligence from sources that include limited-access deep and dark web forms and markets, invite-only messaging groups, code repositories, paste sites, clear web platforms, social media platforms and illicit underground markets. Our fully automated collection and source infiltration capabilities allow us to scrape data that’s inaccessible to other vendors. Advanced AI and ML algorithms index, correlate, analyze, tag and filter raw data, combining it with comprehensive threat actor profiles to produce real-time intelligence about the likelihood that a vulnerability is about to be exploited.
This analysis allows us to catch events as they happen, before attacks are deployed or leaked credentials are sold. With unmatched extraction speed, Cybersixgill dark web monitoring and DVE Intelligence is the best source for real-time insight that can transform vulnerability prioritization.
DVE Intelligence vs. the Common Vulnerability Scoring System
DVE Intelligence offers considerable advantages over the Common Vulnerability Scoring System.
A broader view. DVE Intelligence is the only solution that provides security teams with complete context while predicting the immediate risks of a vulnerability based on the intent of threat actors. Scores are based on the most comprehensive collection of vulnerability-related threat intelligence.
A more accurate assessment. DVE Intelligence tracks threats stemming from CVEs that have a higher probability of being exploited but may be defined by other sources as irrelevant because the level of severity is lower.
Comprehensive context. With Cybersixgill, security analysts can take a deep dive into any CVE, learning more about threat actors, tools, dates, tags, mentions, languages and more.
Up-to-date evaluation. DVE Intelligence scores are assigned mere hours after the CVE is first published, and are updated frequently, taking the latest intelligence and dark web chatter into account when determining the likelihood of exploitation.
Why choose Cybersixgill?
Cybersixgill is dedicated to helping security professionals continuously expose the earliest indications of risk. Harnessing advanced AI and machine learning algorithms, we gather valuable intelligence from the clear, deep and dark web with the most extensive and fully automated collection capabilities available. Our automated crawlers infiltrate and maintain connections with limited-access sources that are inaccessible to other vendors. Our advanced collection mechanisms autonomously extract, process and index intel at scale, digesting tens of millions of intelligence items per day to deliver information that is relevant, timely and accurate.
With Cybersixgill, your security teams can:
Expose threat actor activity in any language, format or platform.
Preempt and block threats as they emerge, before they can be weaponized in an attack.
Streamline threat management by seamlessly integrating threat intelligence into existing security stacks according to the unique needs, assets and workflows of the organization.
What is a vulnerability?
A vulnerability is a weakness in a software program or system that may be exploited by malicious actors to harm or gain unauthorized access to an IT environment. Vulnerability exploitation has become the attack vector that is used most often by cybercriminals to launch cyberattacks.
What is the Common Vulnerability Scoring System?
The Common Vulnerability Scoring System, or CVSS, is an open framework for rating the severity of vulnerabilities, in terms of the damage that attackers could do if it were exploited. CVSS scores range from 0 to 10 – the higher the number, the greater the severity.
What are the drawbacks of the CVSS system?
In the past, security teams have attempted to manage risk by prioritizing vulnerabilities with higher scores for earlier remediation. Because CVSS scores do not calculate the likelihood of an attack, they do not represent a complete picture of risk. Consequently, many security teams are still struggling to accurately prioritize their vulnerabilities.