{"id":14994,"date":"2023-02-16T10:13:19","date_gmt":"2023-02-16T17:13:19","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=14994"},"modified":"2023-04-06T15:15:21","modified_gmt":"2023-04-06T22:15:21","slug":"securin-vulnerability-risk-score-vrs","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/securin-vulnerability-risk-score-vrs\/","title":{"rendered":"Securin Vulnerability Risk Score (VRS)"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Securin\u2019s Vulnerability Intelligence (VI)<\/a> is a platform designed to provide your security team with an entire spectrum of vulnerability information. To know the real risk of each vulnerability, Securin VI applies a Vulnerability Risk Score (VRS), using an accurate threat assessment model that computes the risk posed by each vulnerability based on its exploitability, threat associations, and potential impact.<\/p>

Powered by artificial intelligence (AI) and machine learning (ML), the VRS attributes automated risk scores considering the maturity, exploit impact, trends, and associated threats to present security teams with an accurate measure of risk that would help them prioritize dangerous vulnerabilities for remediation.<\/p>

Securin VRS is the industry’s most accurate measure for emerging threats and weaponized vulnerabilities. VRS provides organizations with an undisrupted measure to quantify the risk posed by a vulnerability and understand their threat context, thereby empowering informed and contextual decision-making.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Fig 1: Vulnerability View from Securin VI<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Securin VRS takes into account the NVD\u2019s CVSS scores together with additional attributes that reflect a vulnerability\u2019s impact in a given environment. Backed by 750+ sources that include vulnerability and threat intelligence feeds, social media discussions, hacker chatter, and years of pentesting experience, Securin VRS aims to overcome the challenges faced by security analysts by aiding them in effectively prioritizing the vulnerabilities to patch. To achieve this, VRS considers a multitude of factors, as indicated in the image below.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Fig 2: What Goes into Our VRS?<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Let's look at the facets of VRS to understand how and where it can be used.<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Securin adopts multiple approaches to analyze a vulnerability in all its entirety by leveraging various authentic sources and years of pentester experience. The VRS handles threats already weaponized by attackers and those on their radar differently and attributes a comprehensive rating that considers both their existing threat and potential impact. The aim is to help security analysts and developers understand the criticality of every bug in the products they use and the code they develop.\u00a0<\/p>

Thus, the VRS is characterized by three dimensions which are intricately woven together to provide a comprehensive look into a vulnerability\u2019s realistic severity and the impact it can have if exploited by malicious actors.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Definitive Analysis<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The definitive analysis deals with data and intelligence collated from multiple sources and is analyzed in detail for accuracy and to arrive at relevant metrics. The analysis encapsulates specific vulnerability and threat data that is continuously cleansed, enhanced, and validated by our researchers. This includes vulnerability information, linked exploits, threat actor or ransomware associations, and their exploitation trends, thus highlighting the risk presented by a vulnerability based on its history of exploitation.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Weakness Analysis<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The weakness analysis deals with computing the severity of a vulnerability influenced by its contributing weakness. The weakness dimension plays a silent contributing role to a vulnerability\u2019s severity based on its exploit capability and the possible impact it can allow for. The analysis leverages the experience of pentesters to understand the weaknesses that hackers favor or can easily compromise. With the help of this information, a vulnerability can also be mapped to the ATT&CK techniques it could give rise to and help security teams thwart attacks by selectively prioritizing vulnerabilities with the most impactful consequences.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Predictive Analysis<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The predictive analysis aims to provide insights on emerging threats and is driven by Artificial Intelligence and Machine Learning (AI & ML)\u2013based analytics. The idea is to capture the interest of hackers and is powered by an in-depth dive into the surface, deep, and dark web trends. The analysis lies in the answers to the following questions:<\/p>