Back to Main Navigation

PREDICT EXPLOITS

REDUCE COSTS

PREDICTION FOR THE CLOUD

ADVANCED CAPABILITIES

Back to Main Navigation

Resources

Predictive Threat Assessment Sign Up

Watch Now

PR1ORITY Product Demo
Back to Main Navigation

About CYR3CON

Come Join Us

CYR3CON is always looking for top talent to join our team.
View Openings
Back to Main Navigation

Take the next step to be in the know, now.

Complete the form and a member of the CYR3CON team will contact you shortly to discuss your cyber security needs.

Contact Form

Blog

Whence CyRating

Posted by Geoff Stoker on Aug 17, 2020 2:27:04 PM

 

Updated CyRating Email Header-1

 

CyRating® is a risk measurement representing the current real-world threat to a vulnerability. 

 

Watch this video explanation from our CEO, Paulo Shakarian:

 

cyrating 2min 17aug20

 

When CYR3CON was created, we had already spent several years researching how technology generally and social-network analysis more specifically could be applied to various problems containing a threat component.  One study of insurgent networks led to analysis of improvised explosive device (IED) attack patterns in Iraq and Afghanistan.  The research proved useful in generating an algorithm for accurately predicting where weapons caches used in support of the IED attacks could be found.  As our interests shifted to cybersecurity, we endeavored to apply what had previously been learned to exploring problems related to cyber-attacks. 

 

Studying the problem of exploited vulnerabilities, we found that though the number of publicly disclosed vulnerabilities was quite large (>140,000 currently), our research1 suggested that less than 3% are actually exploited in the wild.  Since all vulnerabilities are not equally attractive to hackers, they differ widely in the risk posed to an organization.  If the right analysis would support prediction of the vulnerabilities most likely to be exploited, they could be prioritized for remediation and thus allow organizations to deal first with high-threat vulnerabilities representing the greatest risk before moving on to lower-threat vulnerabilities. 

 

For every published vulnerability, CYR3CON generates a CyRating Score scaled from 1.00 to 38.46 based on a likelihood of exploitation.  Since the vast majority of vulnerabilities are never exploited, they score 1.00; greater scores indicate a greater likelihood of exploitation.  A CyRating of 20.00 indicates 20x greater likelihood of exploitation than an ordinary vulnerability.  Scores incorporate key hacker-community data from a wide array of sources and are generated by machine learning (ML) models that are regularly retrained to ensure they are properly attuned to current threat conditions.  This ML-driven, hacker-focused analysis is like having a full-time expert cybersecurity analyst on staff who distills all relevant threat to a single, easy to understand metric. 

 

To better understand CyRating, how it is generated, and how its predictive power can be used within a vulnerability management program, read more here

 

Ready to scale your vulnerability management program? Take advantage of our Find Ignored Threats (F.I.T.) Assessment and learn what vulnerabilities hackers are targeting at your organization. 

Topics: Vulnerability Management