Skip to main content

Introducing Future Signals - to help security teams to be pro-active in mitigating risks

jasdeep nagra
  • Updated

    Introducing synthetic future signals in Portfolio, to help security teams to prioritize & engage with vendors - based on forward-looking or future risk (to stay ahead of the curve)

     

    Vulnerability Exposure Index

    This analysis highlights the Cumulative Vulnerability Exposure Index—a metric that offers a comprehensive view of a company’s or vendor’s vulnerability landscape. It quantifies risk by assessing the number and severity of CVEs across the attack surface. 

     

    Malware Exposure Index

    This issue introduces a Malware Exposure Index (MEI) that quantifies current malware exposure by aggregating counts from Malware Infection, Ransomware Infection Detected, and Ransomware Infection Trail Detected categories. The index assigns risk levels—Low Risk for fewer than 50 findings, Moderate Risk for over 50, High Risk for more than 100, and Critical Risk for exceeding 500—thereby offering a searchable, holistic view of malware prevalence across the portfolio, with the added capability of pinpointing vendors at Critical risk.

     

    Critical Service Exposure Index

    The issue centers on developing the Critical Service Exposure Index, which quantifies the exposure risk of essential internet-facing technologies—especially high-risk services like databases—by evaluating key issue types on a scorecard. The index assigns risk levels based on the minimum instance count across services (MySQL, OpenVPN, PostgreSQL, Oracle, and MSSQL), where Moderate Risk requires at least one instance per service, High Risk requires five or more, and Critical Risk necessitates ten or more. This synthetic signal serves as a leading indicator for potential breaches, enabling users to quickly identify high-risk exposure areas and search for vendors with elevated risk levels.

     

    Social Engineering Susceptibility Index 

    This issue evaluates an organization’s vulnerability to social engineering and watering hole attacks by measuring the volume of key issue types—typosquat domains detected, missing SPF records, and compromised credentials found—and classifying susceptibility into Low, Moderate, or High categories.

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.