Black Hat USA 2022, Las Vegas, NV – August 9, 2022 - Cybersixgill, the leading threat intelligence provider, announced today its new Dynamic Vulnerability Exploit (DVE) Intelligence solution, delivering the cybersecurity industry’s first end-to-end intelligence across the entire Common Vulnerabilities and Exposures (CVE) lifecycle.
With a comprehensive set of features and capabilities not offered by other threat intelligence vendors, including automation, adversary technique mapping, and rich vulnerability exploit intelligence, Cybersixgill’s DVE Intelligence streamlines vulnerability analysis to help companies reduce risk by accelerating their time to respond.
According to IBM’s X-Force Threat Intelligence Index 2022, vulnerability exploitation has become the most common attack vector for cybercriminals, constituting one of the top five cybersecurity risks. To properly address this situation, organizations need to know their vulnerabilities and the level of risk each vulnerability poses to prioritize remediation activities. Additionally, companies must understand how the risk of any trending vulnerability can impact new applications or hardware investments.
Cybersixgill’s DVE Intelligence expands on the company’s previous DVE score, which indicates the probability of individual exploits targeting specific companies. DVE Intelligence now refines vulnerability assessment and prioritization processes by correlating asset exposure and impact severity data with real-time vulnerability and exploit intelligence, empowering teams with the critical context they need to prioritize CVEs in order of urgency and remediate vulnerabilities – before they can be exploited and weaponized in attacks.
“Given the high volume of attacks using vulnerability exploitation as the initial means of infiltration, companies require vulnerability management solutions that give them the data and context they need to understand where their greatest business risks lie fully,” said Gabi Reish, Chief Business Development and Product Officer for Cybersixgill. “Our new DVE Intelligence delivers the broadest range of contextual data – from mapping products to relevant CVEs, to assessing relevant MITRE techniques and offering remediation information. The solution will be of tremendous benefit to organizations as they continue to find ways to improve security efficiencies and minimize business risk.”
Expanding Intelligence Across the CVE Lifecycle: an Industry First
DVE Intelligence expands vulnerability and exploit prioritization and management across the entire CVE lifecycle through the industry’s most comprehensive and advanced set of features and capabilities, which include:
- Attack surface scanning for specific assets, products (CPEs), and CVEs – The DVE interface enables customers to efficiently identify and scope the particular assets, CVEs, and Common Platform Enumeration (CPEs) that pose the most significant risk to their organization.
- Automated mapping of products (CPEs) to relevant CVEs – CPE to CVE matching is critical to reducing false positives, allowing teams to focus only on those vulnerabilities that affect their existing IT assets and infrastructures.
- Mapping of CVEs to MITRE ATT&CK framework – By mapping CVEs to MITRE ATT&CK tactics and techniques, DVE Intelligence provides vital insight into the higher-level objectives of the attacker, as well as the likely method and potential impact of exploitation.
- Complete intelligence context – DVE Intelligence delivers comprehensive context collected on threat actors and their discourse, exploit kits, attribution to malware, APT, and ransomware. As part of this context, Cybersixgill also provides a score of the likelihood that a vulnerability will be exploited over the next 90 days, hours after the CVE is first published, via a score that is updated in real-time.
- Delivery of remediation instructions – DVE Intelligence continuously monitors vendor sites and MITRE CVE records, presenting comprehensive remediation information, instructions and links directly within the DVE interface, dramatically reducing Mean Time to Remediate.
Unlike most vulnerability prioritization technologies, DVE Intelligence is not dependent on external data sources, which can be slow to rate new threats. The solution equips security teams with the real-time intelligence and context necessary to identify and prioritize vulnerabilities that pose the most substantial risks to the organization, resulting in the following benefits:
● Increases efficiency by focusing on those vulnerabilities that pose the most significant risk to an organization.
● Reduces business risk by minimizing mean time to respond and remediate with the earliest insights into the likelihood of exploitation.
● Rationalizes a company’s security stack with a single source of truth, presenting all elements of critical, contextual vulnerability and exploiting intelligence data in one unified platform solution.
● Helps companies comply with industry regulations through quantifiable proof of security processes used to address vulnerabilities and minimize risk.
For more information about Cybersixgill’s DVE Intelligence, visit http://cybersixgill.com/dveintelligence.