-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
How does threat score work?
The threat score tells you the severity of a specific vulnerability in the unified vulnerabilities view. It surpasses traditional vulnerability management methods by prioritizing threats based not only on the severity and CVSS base score but also considering several other critical factors when dealing with multiple threats simultaneously.
Stage 1: severity level
The severity level (low, medium, high, critical) of the vulnerability is determined, which serves as the starting point for calculating the risk score.
Stage 2: exploits and ransomware
If known exploits or ransomware are associated with an asset's vulnerabilities, this carries significant weight and significantly increases the risk score.
Data from CISAs Known Exploited Vulnerabilities (KEV) enriches our threat intelligence capabilities, providing deeper insights into threats.
Read about CISA here (external link):
https://www.cisa.gov/
Stage 3: assets
In order to determine the extent of the vulnerability across your assets, all impacted assets are taken into account. The number of impacted assets adds extra weight to the risk score, varying based on the severity tier of the vulnerability and the number of assets affected.
Stage 4: scoring between 1-100
Map the final internal raw scoring to a value between 0–100, the final risk score represented by the vulnerability visible in the Security Center.