Exciting new improvements arrive soon to provide even more valuable Threat Scores so you can more accurately focus on those vulnerabilities more likely to be exploited. Specifically, we are planning to publish this update on Thursday, March 11th.
Threat Scores in SVM help you to focus on the patches that will have the biggest impact on lowering your organizations risk in a more impactful way that by criticality alone. When you consider that less than 8% of disclosed vulnerabilities actually see an exploit in the wild, the value of an accurate Threat Score is clear. Further, if you were to focus on CVSS criticality values alone and prioritize those with a score higher than 7, you would miss as much as half the vulnerabilities that are exploited!
SVM provides incredible insights when positioning this valuable data alongside our vulnerability intelligence as well as how frequently (and where) such vulnerabilities exist in your environment. All this to help you do the very important job of prioritizing what patches you will address. SVM now provides the largest patch catalog on the market, so patching everything for you have a patch would be a massive undertaking considering new patches are released regularly. If you are like most enterprises and can only deploy about 1 in 10 patches, so choosing the right 10% is key to ensuring you focus on those most impactful.
This is why we are very excited to be making some significant improvements to this already valuable capability so many of our customers depend upon.
There are several new rules that may be triggered to increase the value of a Threat Score. The weighting of each is dependent upon if the rule was triggered recently or historically but include the following new additions:
- Evidence an exploit is known to exist in the wild
- If a proof of concept is confirmed to exist on how to remotely exploit the vulnerability
- If a proof of concept is believed to exist on how to remotely exploit the vulnerability
- If tools to exploit the vulnerability are known to have been developed
- The existence of verified intelligence
Changes to weighting
As we added more rules that may be triggered, the severity (and value) of many of the existing rules has been carefully adjusted to ensure a valuable score.
To review the rules, their impact to the threat score and to review how they are calculated please see our updated product documentation on Threat Scores. When updated, the details on the rules, their affect and examples of how scores are calculated may be found here in our product documentation.
The updates described will naturally result in changes to existing Threat Scores; some will increase, and others will decrease (and others may remain unchanged). If you have notifications based on Threat Scores, take special note that you may see a fluctuation upon the initial change scheduled for March 11th, 2021.
Threat Score vs CVSS Score
I wanted to toss in a reminder Threat Score is quite independent of criticality. Something can have a very low criticality or a very high criticality and that is a measure of how bad it could be if it were exploited. The Threat Score is distinct from this with a focus on likelihood of exploitability. This means there can be a zero-day vulnerability (a vulnerability disclosed prior to the release of a patch) that has a very low Threat Score when we find no evidence anyone is working to exploit it.
Note: this score is dynamic, and changes based upon findings. We are also updating the frequency with which we update the Threat Score from once to twice per day as part of this enhancement.