Dark Web Education Hub

What is vulnerability intelligence?

More resources

Protect your organization with vulnerability intelligence

Vulnerability exploitation is now the most common attack vector for cybercriminals. This type of cyberattack exploits a flaw or weakness in an application, allowing attackers to disrupt business, shut down systems or gain unauthorized access to an IT environment.

While software vulnerabilities can be patched with updates from the manufacturer, the sheer number of vulnerabilities makes it impossible for security teams to fix every flaw. To effectively prioritize vulnerabilities for remediation, security teams need intelligence that can help them determine which flaws are the most dangerous and should be addressed first.

Cybersixgill’s Dynamic Vulnerability Exploit (DVE) Intelligence delivers real-time vulnerability intelligence that is automated, comprehensive and highly accurate. Using threat intelligence gathered from the deep and dark web, a DVE score reveals which vulnerabilities are most likely to be utilized in an attack in the near future, assisting teams with their patching cadence and the remediation of emerging threats.

The trouble with traditional vulnerability intelligence

Over the past two decades, security teams have turned to the Common Vulnerability Scoring System (CVSS) for vulnerability intelligence. CVSS is an open framework for identifying and rating the severity of software vulnerabilities based on the damage they can do. However, a CVSS score doesn’t represent an accurate picture of risk, since only a small fraction of the nearly 200,000 known vulnerabilities are likely to be exploited. This means security teams may end up prioritizing a severe vulnerability that has almost no chance of being used in an attack, while failing to remediate a less severe vulnerability that is currently favored by attackers.

Additionally, CVSS scores are not always assigned immediately to newly discovered vulnerabilities. In some cases, it may be days or weeks before a vulnerability is scored, leaving security teams without any vulnerability intelligence they can use to prioritize patches. In addition, CVSS scores rarely change over time, even when a vulnerability that was once seldom used become a frequent part of complex cyberattacks.

To protect their organizations more effectively, security teams need real-time and accurate vulnerability intelligence that considers the likelihood a specific vulnerability will be used in the near future. With this insight, teams can direct resources to remediating the software flaws that truly represent the greatest risk.

DVE Intelligence simplifies vulnerability prioritization

Cybersixgill is a threat intelligence platform that captures, processes and alerts teams to emerging threats and indicators of compromise as they surface on the clear, deep and dark web. Our fully automated intelligence collecting capabilities covertly scrape and extract data from a wide range of sources, including limited-access deep and dark web forums, illicit underground markets, invite-only message groups, paste sites and code repositories, as well as blogs and social media on the clear web. 

The data on these sites reveals a great deal about cybercriminals’ plans, intentions, tools and previous exploits as well as their latest tactics, techniques and procedures (TTPs). Vulnerability exploits are often preceded by certain signals on the dark web, extending from chatter on underground forums or an escalating interest in proof-of-concept code written by threat actors. 

Cybersixgill DVE Intelligence monitors, collects, and interprets these data points from the dark web to produce contextual vulnerability intelligence that accurately predicts risk based on the intent of threat actors. A DVE score can accurately predict which vulnerabilities will be targeted up to 90 days before it happens, allowing security teams to proactive prioritize remediation and prevention efforts.

Additional solutions from Cybersixgill

In addition to vulnerability intelligence, Cybersixgill offers threat intelligence to assist with threat monitoring and cyber threat management,  helping security teams to expose risk earlier, pre-empt threats and integrate intelligence throughout the organization’s security stack.

An underground threat intelligence feed

Cybersixgill’s vast collection of cyber threat intelligence data can be consumed via an application programming interface (API) that integrates directly into existing workflows and system architectures to address multiple use cases & functionalities. The API offering supports database queries and query-based notifications, actionable alerts tailored to your organizational assets, automated feed of malicious IOCs, detection of leaked user credentials, real-time feed of CVE-related events and developments, multi-tenant (MSSP) configurations and more. A new integration per customer request can be created within a week.

A portal for hunting threats

The Cybersixgill Investigative Portal is a threat intelligence platform that empowers security teams with the insights they need to proactively protect their business-critical assets, prevent fraud and data breaches, protect their brand, minimize the attack surface and conduct real-time investigations into the evolving threat landscape. With the Investigative Portal, analysts can easily search and deep-dive into unmatched intelligence data, prioritizing and responding to threats that may target business-critical assets and systems. Actionable insights include intelligence on the most effective ways to mitigate and remediate threats, while profiles for more than 7 million threat actors reveal motives, intentions, history, arenas of activity and connections to other threat actors.

Why Cybersixgill?

Cybersixgill is dedicated to protecting organizations against malicious cyberattacks that originate in the deep and dark web. Our technology automates dark web monitoring to advance vulnerability management, cyber threat prevention and incident response capabilities. By collecting and monitoring a broader range of closed sources and extracting data faster than our competitors, we help organizations successfully fight cybercrime, prevent phishing, stop data leaks, mitigate ransomware and amplify incident response in real time.

The Cybersixgill’s threat intelligence enables security teams to:

  • Uncover the earliest signs of attack and indications of risk. Our threat intelligence uncovers threat actor activity in any language, format or platform. With fully automated collection and source infiltration technology, we scrape data that’s inaccessible to other vendors such as high-value sources with complex CAPTCHA and posts that have since been deleted.

  • Preempt and block threats as they emerge, before they can be weaponized in an attack. Using AI and machine learning algorithms, we quickly prioritize, enrich and score data, swiftly publishing profiles and identifying behavioral patterns that enable security teams to proactively remediate areas of risk.

  • Seamlessly correlate, remediate and integrate threat intelligence according to the unique assets, needs and workflow of each customer. Our threat intelligence data is available via 40 APIs, simplifying integration with existing workflows and system architecture.


What is a vulnerability?

In cybersecurity, a vulnerability is a flaw or weakness in a software program that can be exploited by attackers to break the program or to gain unauthorized access to an IT system.

What is vulnerability remediation?

Vulnerability remediation is the act of applying an update or patch to a software program to fix or eliminate a vulnerability.

What is vulnerability intelligence?

Because there are too many known vulnerabilities to patch at once, security teams must prioritize the most severe or dangerous software flaws first. Teams rely on vulnerability intelligence to determine which flaws represent the greatest security risk. Vulnerability intelligence based on dark web monitoring can reveal which weaknesses are most likely to be targeted in the near future, and how to best remediate them.