Unification

How does threat score work?

The threat score tells you the severity of a specific vulnerability in the unified vulnerabilities view. It surpasses traditional vulnerability management methods by prioritizing threats based not only on the severity and CVSS base score but also considering several other critical factors when dealing with multiple threats simultaneously.

Stage 1: severity level

The severity level (low, medium, high, critical) of the vulnerability is determined, which serves as the starting point for calculating the risk score.

Stage 2: exploits and ransomware

If known exploits or ransomware are associated with an asset's vulnerabilities, this carries significant weight and significantly increases the risk score.

Data from CISAs Known Exploited Vulnerabilities (KEV) enriches our threat intelligence capabilities, providing deeper insights into threats.

Read about CISA here (external link):
https://www.cisa.gov/

Stage 3: assets

In order to determine the extent of the vulnerability across your assets, all impacted assets are taken into account. The number of impacted assets adds extra weight to the risk score, varying based on the severity tier of the vulnerability and the number of assets affected.

Stage 4: scoring between 1-100

Map the final internal raw scoring to a value between 0–100, the final risk score represented by the vulnerability visible in the Security Center.