A key challenge facing cybersecurity professionals today is the ever-expanding number of software vulnerabilities.
An incredible 60% of enterprises are breached due to known unsecured systems they didn’t secure.
*Source: 2019 Cost and Consequences of Gaps in Vulnerability Response (Ponemon) (ponemon-state-of-vulnerability-response.pdf)
The world’s top vulnerability management teams address this problem using intelligence analysts to research vulnerabilities – manually making the call on what hackers are likely to exploit.
CYR3CON PR1ORITY automates the process – enabling you to analyze all vulnerabilities at scale – and in the process finding threats your vulnerability management team may not be remediating.
CYR3CON PR1ORITY approaches cybersecurity from the hacker’s world view, identifying real threats to your assets based on attacker behaviors.
Identify Unknown Threats To Your Vulnerabilities
Prioritizing patching of CVSS “critical” and “high” vulnerabilities is common practice, but hackers still exploit “medium” and “low” severity vulnerabilities in the wild (think HeartBleed). CYR3CON PR1ORITY identifies all vulnerabilities, regardless of CVSS category, that have piqued hackers’ interest and helps ensure you properly PR1ORITY-ize them based on threat - even when it is where most enterprises may least expect.
PR1ORITY identifies the vulnerabilities you should be paying attention to – not just those identified as critical or high. Justify the expense and showcase the value of vulnerability management up and down the management chain within your organization.
Scale the Analytical Process
With CYR3CON PR1ORITY, you can rapidly query, prioritize, and get updates on any vulnerabilities of concern.
Focus your teams on the specific and likely vulnerabilities that need attention, rather than the ever-growing list of possibilities.
Studies show that only a fraction of vulnerabilities are actually exploited-in-the-wild. CYR3CON PR1ORITY uses peer-reviewed attacker-focused AI to determine which vulnerabilities are most likely to be targeted.
Vulnerability Management with CYR3CON PR1ORITY Client Case Study
A large financial institution recently underwent a Predictive Threat Assessment with CYR3CON, revealing several vulnerabilities with known threats. In this case study, we highlight one such vulnerability.
Here we see OpenSSL vulnerability CVE-2018-5407. It had a low/medium rating by the NIST CVSS scoring system, so it was not prioritized for remediation.
However, after a single mouse click, CYR3CON PR1ORITY identified significant threats to this vulnerability. CYR3CON’s patent-pending machine learning powered CyRating® raised the attention immediately to the team and revealed that not only had the vulnerability been exploited in the wild, but there was an available proof-of-concept code and numerous pieces of threat intelligence from various hacker communities discussing the availability of an exploit.
Here, as with many other customers, CYR3CON PR1ORITY was able to predict targeted vulnerabilities.
An Overlooked Threat - Found.
Intelligence:-уязвимость в smt/hyper-threading, позволяющая определить ключи шифрования чужих процессов уязвимость в smt/hyper-threading, позволяющая определить ключи шифрования чужих процессов tгруппа исследователей из университета технологий в тампере (финляндия) и гаванского технологического университета (куба) продемонстрировали уязвимость (cve-2018-5407) в технологии одновременной многопоточности (smt или hyper-threading) на примере процессоров intel...
In-system translation: vulnerability in smt/hyper-threading, allowing to determine the encryption keys of other people’s processes, a group of researchers from the University of Technology in Tampere (Finland) and the Havana University of Technology (Cuba) demonstrated a vulnerability (cve-2018-5407) in the technology of simultaneous multi-threading (smt or hyper-threading ) on the example of intel processors...
Take advantage of the CYR3CON PR1ORITY Predictive Threat Assessment from the industry’s most accurate predictive scorer of weaponized exploits today.
Predict hacker-targeted CVEs in your organization
One week access to CYR3CON’s web based platform
Second training session to review identified threats and learn how to best communicate results to IT and management
Initial virtual instructional session - Learn how the world’s top vulnerability management teams use CYR3CON to get ahead of threats
Assessment report produced by CYR3CON personnel highlighting your predicted threats
A kick-off meeting with the CYR3CON team to help you understand the tool and the meaning of the indicators to get you started with the information you need to begin re-prioritizing your patching program.
CYR3CON will provide you access to the CYR3CON PR1ORITY platform and an example analysis of your vulnerabilities to identify vulnerabilities predicted to be targeted by hackers. You will be able to use the CYR3CON platform as well as benefit from an assessment produced based on the best-practices of vulnerability management that we've learned while deploying CYR3CON technology to some of the world’s top vulnerability management teams.
CYR3CON will then provide an out-brief to you and your team – highlighting the predicted threats, and showing how the platform can be leveraged to produce the results. We also show how to showcase the results to management or IT personnel, to help justify the needed resources to avoid the threats.
Let CYR3CON identify unknown threats in your vulnerability management program.
Taking advantage of the Predictive Threat Assessment couldn't be simpler. Provide CYR3CON with:
- an anonymized list of vulnerabilities (just CVE’s, no IP addresses or endpoint information)
- be sure to include vulnerabilities that you aren’t currently remediating
We’ll do the rest, delivering an assessment with real value in the ongoing battle to manage the ever-growing number of CVEs.
Interested in learning more about PR1ORITY?
Watch this short product demo video to learn more about the PR1ORITY product and get an inside look at how the platform operates.
Copyright (C) 2020 Cyber Reconnaissance, Inc. All rights reserved. “CYR3CON” and “CyRating” are registered trademarks of Cyber Reconnaissance, Inc. The technology described in this document is protected under multiple patents pending in the US, EU, and other nations.