The Risk Score is a metric that accurately represents the risk of a given vulnerability in your data center. It does so by combining CVSS information with proprietary threat data and advanced modeling from Kenna Security.
Measures of Risk
Carbon Black Cloud partners with Kenna Security to leverage the largest database of vulnerability, exploit, and event threat data in the industry. This data is distilled into three main measures of risk:
- Active Internet Breach: Presence of a near-real-time exploitation.
- Malware Exploitable: Availability of an exploit module in a weaponized exploit kit.
- Easily Exploitable: Availability of a recorded exploit.
There are few metrics defined for Common Vulnerability Scoring System (CVSS). Few of the metrics are about the attack method itself, whereas the others depend on how the application assesses impact - the direct consequence of a successful exploit. To learn more about CVSS, visit https://www.first.org/cvss/specification-document.
To learn more about how the risk is calculated, refer the Kenna Security documentation available at https://cdn.www.carbonblack.com/wp-content/uploads/VMWCB-Whitepaper-Understanding-the-Kenna-Security-Vulnerability-Risk-Score.pdf.