How we improved vulnerability prioritization with machine learning
It’s easy to find vulnerabilities. It’s harder to prioritize and fix them.
So far in 2024, there has been an average of over 110 CVEs disclosed per day. Compounded with all the vulnerabilities disclosed in the last two decades, security teams are faced with triaging thousands and thousands of vulnerabilities and deciding which ones need to be fixed first.
Vulnerability prioritization remains a critical challenge for security teams—but machine learning offers solutions to lessen the burden of analysis.
The right vulnerability prioritization strategy to employ depends on the nature of your business, your tech architecture, and more. Given all the different prioritization criteria we hear from customers, we set out to build Dazz Priority Scores, which we announced earlier this year.
Dazz Priority Scores uses context such as issue exploitability, exposure, severity, business impact, and root causes to help customers quickly identify the most critical issues to fix out of potentially thousands discovered by their detection tools. By using Dazz Priority Scores, customers reduce the backlog of vulnerabilities that need to be further analyzed by an order of magnitude.
The magic behind Dazz Priority ScoresThe Dazz Unified Remediation Platform uses machine learning to continually assess a customer’s risk landscape. To calculate a Priority Score, the Dazz platform considers the following factors:
- Business context: taking into account which applications, data, and infrastructure resources are impacted by specific vulnerabilities
- Risk context: assessing the vulnerability severity, exploitability, and threat intelligence available for any vulnerability
- Environment context: understanding where the vulnerability originates, what’s impacted downstream, and what remediation and mitigation steps are available
Given these factors, Dazz calculators “sub scores” which can be bucketed into:
- Risk scores
- Asset scores
- Remediation scores
Let’s take a look at each.
Risk scoresRisk scores assess all factors of a given vulnerability. To start, Dazz considers the severity from the source detection tool of a vulnerability. If a vulnerability has been seen by multiple sources, customers can apply their own logic to normalize a severity rating.
On top of severity, Dazz considers exploitability data from CISA KEV, EPSS, and other threat intelligence sources. Finally, Dazz takes into account customer-defined SLAs. If a vulnerability has breached its SLA date set by the customer, the risk weighting will be greater.
Asset scoresAsset scores take into account the business context of applications, data, and infrastructure resources associated with any vulnerability. By ingesting data from CMDBs, directories, and other platforms, Dazz automatically correlates vulnerabilities with business context. Dazz Business Units allows customers to enrich the correlation of vulnerabilities and auto-assign certain owners depending on the resources impacted by any vulnerability.
Dazz can also glean other characteristics about vulnerabilities to weight them as a greater risk, like whether they impact internet-facing resources or applications through reachable code.
Remediation score → effort to fixThe final element of Dazz Priority Scores considers remediation actions. This is often one of the most sought after elements that customers haven’t been able to attain before using Dazz. By determining the root cause of vulnerabilities, Dazz understands the relative effort required to fix it. Dazz can also outline the best remediation and mitigation options available, highlighting which will be most effective given the environmental context of the vulnerability.
Furthermore, Dazz can understand when multiple vulnerabilities stem from the same root cause. The concept here is that vulnerabilities that share a root cause may be weighted higher since the risk reduced upon remediation is far greater than a single vulnerability in isolation.
Putting it all togetherDazz Priority Scores = weighted asset risk score + weighted risk score + weighted remediation score.
Scores are calculated on a scale of 0-100 for each finding, with 100 being the highest score. Customers can understand which factors contributed to any score, and customize weights according to what makes the most sense to their business.
Since machine learning underpins the model, Dazz Priority scores get better and better as it’s applied to billions of vulnerabilities across our customer base.
If you’d like to learn more about Dazz Priority Scores and try it for yourself, contact us today.
The post How we improved vulnerability prioritization with machine learning appeared first on Security Boulevard.