Securin Vulnerability Risk Score (VRS) is industry’s most accurate measure for emerging threats and weaponized vulnerabilities. VRS provides organizations with an undisrupted measure to quantify the risk posed by a vulnerability and understand their threat context, thereby empowering informed and contextual decision-making.
Fig 1: Vulnerability View from Securin VI
Securin VRS takes into account the NVD’s CVSS scores together with additional attributes that reflect a vulnerability’s impact in a given environment. Backed by 750+ sources that include vulnerability and threat intelligence feeds, social media discussions, hacker chatter, and years of pentesting experience, Securin VRS aims to overcome the challenges faced by security analysts by aiding them in effectively prioritizing the vulnerabilities to patch. To achieve this, VRS considers a multitude of factors, as indicated in the image below.
Fig 2: What Goes into Our VRS?
We will now look at the different facets of the VRS and understand how and where the ratings can be used.
Securin adopts multiple approaches to analyze a vulnerability in all its entirety by leveraging various authentic sources and years of pentester experience. The VRS handles threats already weaponized by attackers and those on their radar differently and attributes a comprehensive rating that considers both their existing threat and potential impact. The aim is to help security analysts and developers understand the criticality of every bug in the products they use and the code they develop.
Thus, the VRS is characterized by three dimensions which are intricately woven together to provide a comprehensive look into a vulnerability’s realistic severity and the impact it can have if exploited by malicious actors.
The definitive analysis deals with data and intelligence collated from multiple sources and is analyzed in detail for accuracy and to arrive at relevant metrics. The analysis encapsulates specific vulnerability and threat data that is continuously cleansed, enhanced, and validated by our researchers. This includes vulnerability information, linked exploits, threat actor or ransomware associations, and their exploitation trends, thus highlighting the risk presented by a vulnerability based on its history of exploitation.
The weakness analysis deals with computing the severity of a vulnerability influenced by its contributing weakness. The weakness dimension plays a silent contributing role to a vulnerability’s severity based on its exploit capability and the possible impact it can allow for. The analysis leverages the experience of pentesters to understand the weaknesses that hackers favor or can easily compromise. With the help of this information, a vulnerability can also be mapped to the ATT&CK techniques it could give rise to and help security teams thwart attacks by selectively prioritizing vulnerabilities with the most impactful consequences.
The predictive analysis aims to provide insights on emerging threats and is driven by Artificial Intelligence and Machine Learning (AI & ML)–based analytics. The idea is to capture the interest of hackers and is powered by an in-depth dive into the surface, deep, and dark web trends. The analysis lies in the answers to the following questions:
Has the vulnerability been exploited in the wild?
Is there any evidence of exploitability?
Has a proof of concept been published online?
Has the vulnerability been discussed on social media or hacker forums?
Has it been mentioned in a news article?
Is an exploit advertised for sale online?
Let us consider two examples to understand how the VRS uniquely provides a 360-degree view for every vulnerability.
CVE-2022-30190, the recently popular Follina vulnerability, is a Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution vulnerability rated high by CVSS V2 and V3 scales. However, owing to its ransomware, threat actor, and exploit associations having dangerous capabilities, VRS rates it as a critical vulnerability.
Fig 3: Definitive Details for CVE-2022-30190 from the Securin VI Platform
CVE-2010-0738 is a vulnerability affecting specific Red Hat applications with a medium CVSS V2 severity. Being an old vulnerability, it does not have a rating on the V3 scale. However, our research associates the vulnerability with Lucky, Satan, and SamSa ransomware groups and the threat actor group TG-3390. Additionally, it is also a CISA KEV and has been trending in the recent past. Thus, VRS marks it as a critical vulnerability on both definitive and predictive counts.
Fig 4: Vulnerability View for CVE-2010-0738 from the Securin VI Platform
How We Can Help
Our intelligence platform, Securin VI, continuously tracks and assesses a vulnerability’s real risk to an organization based on past and current events and attackers and APT groups’ interest in the vulnerability.