Finite State launched its new Exploit Intelligence capability, enabling security practitioners to incorporate threat-based intelligence into product security prioritization.
As the threat landscape grows, it becomes harder for device manufacturers to know which vulnerabilities to prioritize. Meanwhile, hackers are growing more sophisticated in their attacks and continue publishing exploit kits – collections of exploits that less sophisticated threat actors can deploy autonomously.
According to cvedetails.com, more than 11% of almost 173,000 vulnerabilities in the National Vulnerability Database (NVD), are considered Critical (9.0-10.0 CVSS score). This translates to more than 19,000 Critical vulnerabilities – no security team could realistically be expected to remediate all of them.
Finite State’s Exploit Intelligence capability helps level the playing field by monitoring thousands of industrial control systems (ICS) and operational technology (OT) advisories to surface vulnerabilities that threat actors are actively and maliciously exploiting, also known as “weaponizing.”
Users of the Exploit Intelligence platform can also:
- Access profiles on those threat actors
- Review a timeline of exploitation
- See the correlation between threat actors and specific common vulnerabilities and exposures (CVEs).
Leveraging this intelligence, users can now better prioritize remediation of the 19,000+ Critical vulnerabilities, and rapidly minimize risk.
“Customers can now see, right alongside all our other results, not only which vulnerabilities they have that are being actively exploited, but by whom and in what ways.” said Jeff Martin, Vice President of Product at Finite State. “Fusing threat intelligence on bad actor groups with vulnerability weaponization is a critical prioritization capability in today’s world of increasing threats from nation-states and criminal groups.”
The Finite State platform offers a comprehensive view of device components, security issues, and supply chain risk. By adding this high-fidelity exploit intelligence capability, Finite State is enabling security teams to improve their visibility into device software and to automate protection for their products.