Patch What Matters: Strategic Partnership Brings Predictive Threat Intelligence to GRF Member Organizations
CYR3CON and the Global Resilience Federation (GRF), announced a new partnership to bring predictive threat management in cybersecurity to the companies GRF serves. An incredible 60% of enterprises are breached due to known unsecured systems they did not secure. Corporations are overwhelmed with large amounts of vulnerabilities and do not patch or mitigate them all in a timely manner. The CYR3CON platform identifies and predicts the most current threats to these vulnerabilities. This allows teams to mitigate the most likely avenues of attacks for hackers.
GRF will incorporate CYR3CON’s predictive threat intelligence to augment contextual information to the vulnerabilities identified as critical via CyRating scores in support of the many different industry verticals GRF supports. Previously, ISAC/ISAO member organizations leveraged vulnerability information such as description, general impact to the network and systems without detailed implications or level of criticality relevant to their respective industry vertical. Member organizations primarily relied on CVSS scores to prioritize vulnerability management which at times did not provide accurate information on likelihood of exploitation.
An ideal example of the threats the partnership will surface for our members is CVE-2017-0213.
CVE-2017-0213 (description below) appeared in multiple hacker discussions the past week. The 2017 Windows vulnerability has a low NIST CVSS score yet there is available POC code and hackers are actively exchanging code snippets in their discussion. CYR3CON has assessed this vulnerability to be over 18 times more likely to be exploited than average.
Screen Capture from CYR3CON PR1ORITY
The partnership provides unique opportunities for GRF member organizations, including the sharing of information with GRF members through the CYR3CON FIT (Find Ignored Threats) Assessment, the software trial that provides information to the member company about vulnerabilities currently in their systems that are likely to be targeted by hackers.
A recent case study from a FIT Assessment saw a 2-year old CVE in a vulnerability scan from one of CYR3CON’s Fortune 500 clients went un-patched due to low CVSS scoring. CYR3CON’s machine learning and intelligence driven CyRating ranked this CVE as over 38 times more likely to be exploited, compared to an average vulnerability. Furthermore, CYR3CON pulled Russian hacker posts discussing how exploits were demonstrated at the Havana University of Technology in Cuba, in addition to code snippets and exploitation attempts in the wild. This is a classic example of an “Ignored Threat” as the low CVSS score put the CVE at the bottom of the list, however, the intelligence tells a completely different story.
GRF knows that the amount of vulnerability information being made available daily can be overwhelming, and an organization’s ability to process all of it can be challenging. It makes sense to put a stop to the current cumbersome and time-consuming vulnerability management process and deliver only what is critical to take action on. Members will be ahead of the game to process and mitigate threats targeting their organization and increase awareness of critical emerging vulnerabilities powered by CYR3CON.
We look forward to providing additional, threat-based intelligence information to our members as the partnership progresses. Complete the form or contact the CYR3CON team to schedule your F.I.T. Assessment today.