TEL AVIV, Israel, March 23, 2021 /PRNewswire/ -- Cybersixgill, the leader in threat intelligence enablement, launched today a first-of-its-kind predictive vulnerability management solution -- its Dynamic Vulnerability Exploit Score (DVE). Designed to fuel rapid prioritization and mitigation of dangerous vulnerabilities using threat intelligence from the cybercrime underground, DVE Score relies on machine learning to quantify the intent of threat actors and anticipate the exploitation of a vulnerability up to 90 days in advance. This unique, data-driven insight into the inner workings of malicious hacker communities can accelerate threat response and decision making, effectively giving security teams a head start on vulnerability management.
DVE Score is generated by the continuous, AI-driven, real-time analysis of several streams of threat intelligence - including dark web discourse, code repositories, clear web, social media, blogs, and more - to propel a risk-based vulnerability management program of unparalleled prowess. Fueled by automation of the most comprehensive collection of vulnerability-related threat intelligence available on the market and organized and arranged for easy consumption, DVE Score helps security teams maximize performance and results by accelerating the pace of mitigation.
"As of today, there are over 159,000 known vulnerabilities, yet only 6 percent of them are being exploited," said Omer Carmi, VP of intelligence at Cybersixgill. "Because the vast majority of exploitation happens on the first day of a vulnerability's public release, it is crucial for security teams to understand on a real-time basis how prominent a threat is. DVE Score allows security teams to see true threats as they emerge, saving crucial time as potential threats materialize into active ones. It provides an extra-layer of real-time context that helps security teams better prioritize and manage their patching cadence. "
DVE Score relies on a unique algorithm which empowers security teams to better understand the severity of the vulnerability and the approach threat actors are taking to exploit. For each CVE, the DVE scoring algorithm supplies a timeline and an event log that includes dark web chatter as well as POC codes written by threat actors to exploit that vulnerability. Each score is backed by an audit-trail, explaining its rationale for the score. This audit-trail gives security teams visibility into the objective evidence powering the prioritization of the vulnerability, making it easier to justify actions to peers and superiors within their organization and providing visibility and governance like never before.
The new DVE Score is designed to integrate smoothly into enterprise security teams that rely on Cybersixgill's Continuous Investigation/Continuous Protection. Users can further investigate to learn more about a vulnerability's popularity, potential exploits, relevant actors and more, generating fresh analysis from newly-found intelligence.
"I participated in Cybersixgill's DVE beta and look forward to using it," said Maitreyee Palker, security engineer of the multi-cloud security and application delivery company, F5. "Cybersixgill's DVE Score helps us measure the attack surface and severity while giving us the ability to watch how a particular vulnerability is evolving. It also serves as a force multiplier for me, as I can easily see all relevant vulnerabilities along with any POC exploit."
Cybersixgill's DVE Score is available as a feed, through the company's Investigative Portal or through an API. It can seamlessly integrate with TIP, SIEM, SOAR, and VM platforms.
Cybersixgill’s fully automated threat intelligence solutions help organizations fight cyber crime, detect phishing, data leaks, fraud and vulnerabilities as well as amplify incident response – in real-time. The Cybersixgill Investigative Portal empowers security teams with contextual and actionable insights as well as the ability to conduct real-time investigations. Rich data feeds such as Darkfeed™ and DVE Score™ harness Cybersixgill’s unmatched intelligence collection capabilities and deliver real-time intel into organizations' existing security systems. Most recently, Cybersixgill introduced agility to threat intel with their CI/CP methodology (Continuous Investigation/Continuous Protection). Current customers include enterprises, financial services, MSSPs, governments and law enforcement entities.