featured
May 30, 2022
RankedRight features

RankedRight introduces three new ways to analyse data

At RankedRight, we are continually working to improve our platform to make it even easier for our users to take immediate action on their most critical risks.

~ 0 min read

We pride ourselves on making vulnerability management easier but because cybercriminals are becoming increasingly sophisticated in their approach, we are continually working to improve our platform.

With this in mind, we’re proud to announce that we’ve also made some important enhancements to our data feeds. From today, RankedRight users can now analyse their data by:

  • The Exploit Prediction Scoring System (EPSS) which scores vulnerabilities based on the probability of them being exploited in the wild
  • Project Zero - 0day “In the Wild” findings which cover vulnerabilities that have been spotted in commonly used software and patches have been created
  • SOS Intelligence data on Dark Web discussion from the last seven days

Let’s go through each one to see how these new feeds might help you.

‍

EPSS

EPSS is a method used to rate the likelihood that a vulnerability will be exploited, between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Many organisations refer to this scoring system to help them prioritise their response to vulnerabilities. For example, a high-scoring vulnerability may warrant immediate attention, while a low-scoring one may be deferred or managed another way.

With our platform’s new enhancement, users can now sort all vulnerabilities in order of their EPSS probability percentiles. Not only that, but they can also limit returned vulnerabilities to a specific EPSS probability percentile by choosing a range value between 0-100(%).

As we want to enable teams to prioritise and remediate vulnerabilities according to their own risk appetite, it was important that we added this filtering option and we look forward to feedback from users.

‍

Google Project Zero - 0day “In the Wild”

Google's Project Zero is a team of security researchers dedicated to finding and reporting software vulnerabilities. The team was launched in 2014 with the goal of making the internet a safer place by identifying and disclosing security bugs before they can be exploited by attackers.  They work by reporting flaws to the manufacturers before disclosing them publicly in the hope that patches can be made available before cybercriminals discover the weaknesses.

To date, the team has uncovered hundreds of flaws in popular software, including those used by major tech companies like Microsoft and Apple, along with guidance on how to fix them.

This Project Zero insight is now part of our built-in vulnerability intelligence, ensuring that you know about vulnerabilities being exploited in the wild, alongside the data we already provide from CISA.

When this filter is selected, it limits returned vulnerabilities to those seen by Google Project Zero as being exploited in the wild.

‍

SOS Intelligence data on Dark Web noise

Thanks to our friends at SOS Intelligence, a specialist in dark web monitoring, we are now able to provide our users with insight into the top ten most commonly discussed vulnerabilities on the dark web in the last seven days.

When selected, this filter shows users if any of their vulnerabilities feature on the top ten list and they can then escalate action on that risk before it is exploited.

This is the first in a long line of great features we hope to introduce with SOS Intelligence in the not too distant future

The introduction of these three new ways of analysing data is the result of great feedback from customers, as well as our flourishing network of partners.

There is a lot more to come. Join RankedRight and change the way you manage risk today.

Triage Library Screenshot
The RankedRight Platform

Book a demo

Learn about RankedRight and ask questions with a 45 minute call.

Other articles

Latest news within the cyber security space and some useful guides, links and other resources