Vulcan Cyber, developers of the industry's only end-to-end vulnerability remediation platform, announced July 1 that customers can now add custom risk parameters to existing Vulcan Cyber vulnerability prioritization algorithms for efficient vulnerability remediation. With the addition of custom risk scripts, Vulcan Cyber is first to help security and IT operations teams run more-targeted, end-to-end vulnerability remediation campaigns contextualized to the risk appetite of their business.
Traditional approaches to vulnerability risk prioritization focus on inputs such as CVSS severity and threat intelligence but lack critical business context. Remediation teams using Vulcan Cyber already have an advantage with the ability to enhance basic vulnerability risk scores weighted with business asset data. With this release, Vulcan Cyber customers can now take vulnerability prioritization a step further using customizable risk parameters. The Vulcan Cyber vulnerability remediation platform integrates these inputs to deliver business-relevant vulnerability prioritization combined with streamlined remediation.
Sounil Yu, former Bank of America chief security scientist, and YL Ventures CISO in residence, said, "Risk-based vulnerability prioritization has become an essential best practice, but most companies rely on models that only incorporate the severity of the vulnerability. Some go further and also factor in threats against that vulnerability. The Vulcan Cyber approach goes two steps further. First, it delivers systematic and automated inclusion of business impact, which often is the most influential factor that drives vulnerability prioritization. Second, Vulcan Cyber actually fixes the vulnerability based on their remediation intelligence knowledgebase and the prioritization offered by a more precise and accurate risk model. Until now tools in this space have only told us what to fix. With Vulcan Cyber it gets fixed."
Yaniv Bar-Dayan, Vulcan Cyber co-founder and CEO, said, "Every business has a unique appetite for risk. To apply a universal, often-irrelevant scoring model to vulnerability prioritization is inefficient at best, dangerous at worst. Vulnerabilities permeate dynamic infrastructure and application environments with myriad risk vectors that CVSS scores and threat intelligence alone can't account for. The addition of custom risk parameters to business asset context allows our customers to apply their own unique risk profiles to the work of vulnerability remediation."
Precise vulnerability prioritization requires each vulnerability instance to be addressed within the context of business risk. The same vulnerability if exploited on two different servers will impact connected environments in different ways.
Most vulnerability management teams today prioritize remediation based exclusively on external factors such as severity or exploitability. While useful, these inputs lack business context and fall short. The Vulcan Cyber risk algorithm calculates vulnerability priority based on technical severity – CVSS or other vulnerability-specific scores; threat intelligence – exploits, malware, hacking campaigns, and TI in the wild; and business criticality - unique breach impact to the organization and its business assets.
Prioritization scores generated by the Vulcan Cyber platform can now be further manipulated by remediation teams applying custom-weighted attributes to the risk model's algorithm. The Vulcan Cyber vulnerability prioritization engine is dynamic and allows security and IT operations teams to use custom risk scripts to efficiently remediation vulnerabilities and secure digital business.