EPSS and Exposure Management

ULTRA RED’s CTEM platform is continuously discovering and validating vectors in an organization's external attack surface that can be exploited by threat actors. 

We help organizations understand the vector in detail by delivering the POC, background information, impact assessment, remediation advice and support from our generative AI VITA. One of the most frequently asked questions from the organizations we work with is how certain we are that this vulnerability will be exploited. Answering this question is not easy as many factors influence the likelihood of exploitation, such as the ease of exploiting the vulnerability and the potential gain from doing so.

First came up with a model called Exploit Prediction Scoring System (EPSS) to estimate the probability that a vulnerability will be exploited in the wild. The EPSS model produces a probability score between 0 and 100%. The higher the score, the greater the probability that a vulnerability will be exploited.

To make it easier to understand the probability of exploitation ULTRA RED added the EPSS score to CVE-based Vectors.

That means we can demonstrate not only how your environment could be exploited and what the impact would be, but also the likelihood of this happening using EPSS, an industry standard leveraged by solutions from various vendors in the cybersecurity space.

This understanding of the probability of exploitation helps to prioritize the remediation efforts and mobilize the resources required.

To find out more about the Ultra Red platform and VITA AI, visit www.ultrared.ai and request a demo.