PLANO, TX, August 8, 2023 – Today, Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions, announced its new risk-based Vulnerability Prioritization offering designed to address many of the challenges security leaders face with their vulnerability management programs. Leveraging a blend of platform-based analysis and human expertise, the new offering combines risk-reducing recommendations and exploit-aware threat intelligence with existing vulnerability scanning results to enable more effective and efficient patching efforts.
With the rapid influx of newly discovered vulnerabilities and the decreasing amount of time it takes to exploit them, it has become increasingly difficult for security teams to stay up-to-date and prioritize which vulnerabilities to patch first to provide the greatest risk reduction with the least possible effort. The lack of context in prioritization further complicates the issue, as not all vulnerabilities pose the same level of threat to each organization.
“Many vulnerability management systems today do not provide the contextual information necessary to allow security leaders to effectively prioritize their patching efforts,” said Chris Carlson, Chief Product Officer at Critical Start. “Our new offering integrates seamlessly with existing supported vulnerability management tools to help organizations identify and prioritize vulnerabilities based on real-world exploit weaponization.”
Critical Start’s Vulnerability Prioritization offering assigns a dynamic risk score to each vulnerability based on multi-vector factors including asset criticality, threat intelligence, and exploit availability. By examining not only Common Vulnerability Scoring System (CVSS) base scores but also temporal scores, and considering the existence of working exploits, it creates a common risk scoring model that helps users navigate their next steps of remediation efficiently. The offering monitors various sources such as the dark web and GitHub to deliver advisories and exploits faster than other sources, ensuring that customers are always ahead of threats.
Key features in Critical Start’s Vulnerability Prioritization offering include:
- One-click Configuration for Existing Vulnerability Management Tools: Delivered as a new offering from Critical Start’s platform, Vulnerability Prioritization seamlessly integrates via API using the vulnerability scanning results of the technologies customers already use.
- Prioritize based on Threat Group Usage: While all critical and high severity vulnerabilities can be exploited, Critical Start Vulnerability Prioritization delivers greater risk reduction by focusing on Common Vulnerabilities and Exposures (CVEs) being actively targeted using multiple threat actor behaviors: APTs, Ransomware Families, Botnets, and Exploit Kits.
- Cross-Vector Threat Intelligence: In addition to public vulnerability sources, Critical Start monitors numerous sources including the Dark Web and GitHub, ensuring customers receive timely advisories and exploits – often faster than published in the NIST National Vulnerability Database (NVD) and Cybersecurity and Information Security Agency (CISA) Known Exploited Vulnerabilities (KEV).
- Workflow Integration: In addition to User Interface (UI) Dashboards, Results Exporting, Scheduled Report/CVS Generation, and Email Delivery, Critical Start’s API access lets customers integrate the solution into their existing environment and align it with their operational workflows for patching, ticketing, patch verification, and risk mitigation/acceptance.
Critical Start’s new Vulnerability Prioritization offering will be available later in 2023. For more information visit Critical Start at booth #2720 at Black Hat in Las Vegas, August 9th and 10th for a demo.
About Critical Start
Today’s enterprise faces radical, ever-growing, and ever-sophisticated multi-vector cyber-attacks. Facing this situation is hard, but it doesn’t have to be. Critical Start simplifies breach prevention by delivering the most effective managed detection and incident response services powered by the Zero-Trust Analytics Platform® (ZTAP®) with the industry’s only Trusted Behavior Registry™ (TBR) and MOBILESOC®. With 24x7x365 expert security analysts, and Cyber Research Unit (CRU), we monitor, investigate, and remediate alerts swiftly and effectively, via contractual Service Level Agreements (SLAs) for Time to Detection (TTD) and Median Time to Resolution (MTTR), and 100% transparency into our service. For more information, visit criticalstart.com.
Follow Critical Start on LinkedIn, X, Facebook, Instagram.
