CyRating® is a risk measurement representing the current real-world threat to a vulnerability.
Watch this video explanation from our CEO, Paulo Shakarian:
When CYR3CON was created, we had already spent several years researching how technology generally and social-network analysis more specifically could be applied to various problems containing a threat component. One study of insurgent networks led to analysis of improvised explosive device (IED) attack patterns in Iraq and Afghanistan. The research proved useful in generating an algorithm for accurately predicting where weapons caches used in support of the IED attacks could be found. As our interests shifted to cybersecurity, we endeavored to apply what had previously been learned to exploring problems related to cyber-attacks.
Studying the problem of exploited vulnerabilities, we found that though the number of publicly disclosed vulnerabilities was quite large (>140,000 currently), our research1 suggested that less than 3% are actually exploited in the wild. Since all vulnerabilities are not equally attractive to hackers, they differ widely in the risk posed to an organization. If the right analysis would support prediction of the vulnerabilities most likely to be exploited, they could be prioritized for remediation and thus allow organizations to deal first with high-threat vulnerabilities representing the greatest risk before moving on to lower-threat vulnerabilities.
For every published vulnerability, CYR3CON generates a CyRating Score scaled from 1.00 to 38.46 based on a likelihood of exploitation. Since the vast majority of vulnerabilities are never exploited, they score 1.00; greater scores indicate a greater likelihood of exploitation. A CyRating of 20.00 indicates 20x greater likelihood of exploitation than an ordinary vulnerability. Scores incorporate key hacker-community data from a wide array of sources and are generated by machine learning (ML) models that are regularly retrained to ensure they are properly attuned to current threat conditions. This ML-driven, hacker-focused analysis is like having a full-time expert cybersecurity analyst on staff who distills all relevant threat to a single, easy to understand metric.
To better understand CyRating, how it is generated, and how its predictive power can be used within a vulnerability management program, read more here.
Ready to scale your vulnerability management program? Take advantage of our Find Ignored Threats (F.I.T.) Assessment and learn what vulnerabilities hackers are targeting at your organization.