Coalition, a cybersecurity company, has recently introduced the Coalition Exploit Scoring System (Coalition ESS), a vulnerability scoring system that aids risk managers in mitigating potential cyber threats. Developed by Coalition Security Labs, the company’s research and innovation center, Coalition ESS utilizes real-time monitoring and dynamic scoring to assist businesses in understanding which vulnerabilities require immediate patching.
The rapid pace at which new vulnerabilities are discovered and published each month makes it challenging for IT and security teams to keep up. Tiago Henriques, Coalition’s Head of Security Research, emphasized the importance of timing in cybersecurity and the need for a more efficient way to prioritize vulnerability remediation. Henriques expressed that with the implementation of Coalition ESS, IT professionals would be able to quickly evaluate and address risks before incidents occur.
Coalition ESS employs artificial intelligence and large language modeling to scan the descriptions found within newly released Common Vulnerabilities and Exposures (CVEs). It then compares these descriptions with previously published vulnerabilities to predict the likelihood of exploitability. The outcome is two probability scores: the Exploit Availability Probability, which signifies the likelihood of publicly available exploit code, and the Exploit Usage Probability, which indicates the likelihood of threat actors using an exploit for an attack. These scores serve as a prioritization list for security managers and IT professionals, streamlining the decision-making process and saving valuable time and resources.
One significant aspect of Coalition ESS is its dynamic scoring system. Unlike the scores derived from the Common Vulnerability Scoring System (CVSS), Coalition ESS scores respond promptly to changes in available exploit information. Additionally, Coalition ESS scores are available up to one week from the initial vulnerability announcement, whereas other systems may take anywhere from one week to one month to score a vulnerability.
Henriques explained that the creation of Coalition ESS stemmed from the company’s internal efforts to prioritize vulnerability management for their extensive range of customers’ assets. As the first line of defense for hundreds of thousands of assets, Coalition uses ESS to evaluate vulnerabilities and notify policyholders regarding the potential risks that could negatively impact them. Today, Coalition has decided to release this powerful vulnerability scoring system to the wider community.
Coalition ESS is now available for public use. This tool promises to enhance risk management and improve cybersecurity defenses for businesses of all sizes. By providing an early source of truth for evaluating and prioritizing vulnerabilities, Coalition ESS empowers organizations to proactively protect themselves from potential cyber threats. With the assistance of artificial intelligence and real-time monitoring, this innovative system helps to ensure the security of digital assets in an increasingly complex and ever-evolving threat landscape.