The Risk Score combines publicly available CVSS information with proprietary threat data and advanced modeling to produce a metric that accurately represents the risk of a given vulnerability in your data center.
AppDefense partners with Kenna Security to leverage the largest database of vulnerability, exploit, and event threat data in the industry. This data is distilled into three main measures of risk:
- Active Internet Breach: Presence of a near-real-time exploitation.
- Malware Exploitable: Availability of an exploit module in a weaponized exploit kit.
- Easily Exploitable: Availability of a recorded exploit.
Use the Risk Score to determine which vulnerabilities must be patched first, which need additional protections, and which ones can be saved for later. Following is an example.
Risk Details Easily Exploitable Yes Malware Exploitable Yes Active Internet Breach Yes CVSS Details Access Complexity Medium Access Vector Network Authentication None required Availability Impact Complete Confidentiality Impact Complete Integrity Impact Complete Score 9.3 Exploit Subscore 8.6 Impact Subscore 10.0 Vector AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C V3 Score 7.8 V3 Exploit Subscore Not available V3 Impact Subscore Not available V3 Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
For more information about how the risk is calculated, see the Kenna Security documentation available at https://www.kennasecurity.com/resources/understanding-vulnerability-risk-score.
For more information about CVSS, visit https://www.first.org/cvss/specification-document.