(Image source: Coalition website.)
Coalition, a San Francisco-based InsurTech combining cyber security solutions and cyber insurance with a preventive approach to digital risk, has announced the Coalition Exploit Scoring System (Coalition ESS), a vulnerability scoring system designed to help risk managers mitigate potential cyber threats. Developed by Coalition Security Labs, the company’s research and innovation center, Coalition ESS is a security risk prioritization scoring system that uses real-time monitoring and dynamic scoring to enable businesses of all sizes to efficiently understand which vulnerabilities to patch first, according to a Coalition statement.
“In cybersecurity, timing is everything,” comments Tiago Henriques, Head of Security Research, Coalition. Thousands of new vulnerabilities are published monthly, and it’s nearly impossible for IT and security teams to quickly understand and address them all. Defenders need a more efficient way to sift through the noise and prioritize which vulnerabilities to remediate. With Coalition ESS, they have an early source of truth to evaluate which risks to prioritize mitigating before an incident occurs.”
Coalition ESS uses artificial intelligence and large language modeling to scan the descriptions used within newly released CVEs (Common Vulnerabilities and Exposures) and compares them to previously published vulnerabilities to predict the likelihood of exploitability, according to the company statement. The result, Coalition says, is two probability scores: the Exploit Availability Probability, or the likelihood that code for an exploit will be publicly available, and the Exploit Usage Probability, or the likelihood that threat actors will use an exploit to execute an attack. These scores combined give security managers and IT professionals a prioritization list outlining which vulnerabilities pose the greatest threat, saving time and resources in an otherwise arduous decision-making process.
First Line of Defense
Coalition ESS scores are dynamic, responding to changes in available exploit information, unlike the scores derived from the Common Vulnerability Scoring System (CVSS). Coalition ESS scores are available up to one week from the initial vulnerability announcement, unlike other systems where scoring a vulnerability can take anywhere from one week up to one month.
“We created Coalition ESS to prioritize our own vulnerability management efforts as we are often the first line of defense for hundreds of thousands of assets of our customers at scale,” adds Henriques. “We use ESS to evaluate and notify our policyholders about which vulnerabilities have the highest potential to negatively affect them and, today, are releasing it to the broader community.”