Defenda Security Intelligence
  • Introduction
    • Welcome
    • What is Security Intelligence?
    • Highlighting The Important Risks
    • We Need Your Feedback
  • Vulnerability API
    • Defenda OSINT Vulnerability API
    • What is the Vulnerability API For?
    • How to Use the Vulnerability API
  • Intelligence API
    • The Intelligence Data Model
Powered by GitBook
On this page
  • Why CVSS Scores Alone Aren’t Enough
  • How We Enhance Risk Scoring
  • 1. Adding Context with Inventory Data
  • 2. Tailoring the Algorithm to Your Risk Profile
  • 3. Integrating OSINT Insights
  • 4. Prioritization with Dynamic Scoring
  • The Defenda Difference
  1. Introduction

Highlighting The Important Risks

How we use Multiple-criteria Decision Analysis (MCDA) to find the outliers in your backlog

Effective risk management requires more than just knowing what vulnerabilities exist—it requires understanding their impact in the context of your unique organization. At Defenda, we tailor a risk-ranking algorithm that goes beyond traditional metrics, like CVSS scores, by incorporating your risk profile, input from your security team, and detailed asset data from your organization’s inventory.

Why CVSS Scores Alone Aren’t Enough

The Common Vulnerability Scoring System (CVSS) is a widely used method to quantify the severity of vulnerabilities. While it provides a solid baseline, CVSS scores have limitations because they:

  • Lack Context: CVSS doesn’t account for the specific role, value, or sensitivity of the affected asset within your organization.

  • Ignore Prioritization Factors: CVSS treats all environments equally, failing to consider how vulnerabilities interact with your unique setup or threat model.

  • Focus on Generic Risk: A high CVSS score might not always translate into a high-priority issue for your organization, depending on mitigating factors like compensating controls or asset exposure.

For example, a vulnerability on a test server disconnected from critical systems might receive a high CVSS score but represent minimal real-world risk.

How We Enhance Risk Scoring

Defenda builds on CVSS by incorporating organization-specific context, creating a tailored risk ranking that prioritizes what matters most to your organization. Here’s how we enhance the scoring:

1. Adding Context with Inventory Data

Your inventory data provides critical insights into the assets affected by vulnerabilities, for example:

  • Asset Criticality: Is the asset a public-facing web server, an internal database storing sensitive customer information, or a low-impact development machine?

  • Business Function: What role does the asset play in your operations, and how would its compromise impact your organization?

  • Exposure and Connectivity: Is the asset accessible from the internet? Is it part of a network segment containing high-value targets?

This context, and other data you might have readily available allows Defenda to adjust risk rankings based on the importance and exposure of each asset.

2. Tailoring the Algorithm to Your Risk Profile

Every organization has a unique risk appetite and threat model. Defenda works with your security team to customize the algorithm by factoring in:

  • Industry-Specific Threats: Prioritizing risks more relevant to your sector.

  • Compliance Requirements: Elevating issues that could lead to regulatory breaches.

  • Custom Weights: Adjusting how much weight is given to certain factors, such as asset criticality, likelihood of exploit, or potential business impact.

3. Integrating OSINT Insights

Defenda leverages open-source intelligence (OSINT) to enhance the risk assessment:

  • Exploit Availability: Is there an exploit publicly available for this vulnerability?

  • Threat Activity: Are there indications that this vulnerability is actively being exploited in the wild?

  • Vendor Updates: Are there mitigations or patches available, and how effective are they?

By combining this intelligence with your inventory data, we ensure the algorithm reflects real-world risks.

4. Prioritization with Dynamic Scoring

The Defenda algorithm dynamically adjusts scores based on multiple dimensions:

  • Base Risk (CVSS): The foundational severity of the vulnerability.

  • Organizational Context: Adjustments for asset importance, exposure, and business function.

  • Threat Landscape: Insights from OSINT, including active exploitability and industry relevance.

This results in a nuanced risk ranking that highlights the vulnerabilities most likely to impact your organization.

The Defenda Difference

Our risk-ranking process ensures your team isn’t overwhelmed by a flood of vulnerabilities. Instead, we give you:

  • Actionable Insights: A clear understanding of which risks matter most and why.

  • Custom Prioritization: Tailored to your organization’s structure, needs, and risk appetite.

  • Enhanced Efficiency: Engineers can focus on fixing what’s truly important, not just what has the highest CVSS score.

By combining CVSS with inventory data, OSINT, and input from your security team, Defenda delivers a smarter, more context-aware approach to risk management. With Defenda, you can focus on protecting what truly matters while staying ahead of evolving threats.

PreviousWhat is Security Intelligence?NextWe Need Your Feedback

Last updated 3 months ago