Coalition announced the Coalition Exploit Scoring System (Coalition ESS), a vulnerability scoring system that helps risk managers mitigate potential cyber threats.
Developed by Coalition Security Labs, the company’s research and innovation center, Coalition ESS is a security risk prioritization scoring system that leverages real-time monitoring and dynamic scoring to enable businesses of all sizes to efficiently understand which vulnerabilities to patch first.
“In cybersecurity, timing is everything. Thousands of new vulnerabilities are published monthly, and it’s nearly impossible for IT and security teams to quickly understand and address them all. Defenders need a more efficient way to sift through the noise and prioritize which vulnerabilities to remediate,” said Tiago Henriques, Coalition’s Head of Security Research.
“With Coalition ESS, they have an early source of truth to evaluate which risks to prioritize mitigating before an incident occurs,” concluded Henriques.
Coalition ESS leverages artificial intelligence and large language modeling to scan the descriptions used within newly released CVEs (Common Vulnerabilities and Exposures) and compares them to previously published vulnerabilities to predict the likelihood of exploitability.
The result is two probability scores: the Exploit Availability Probability, or the likelihood that code for an exploit will be publicly available, and the Exploit Usage Probability, or the likelihood that threat actors will use an exploit to execute an attack. These scores combined give security managers and IT professionals a prioritization list outlining which vulnerabilities pose the greatest threat, saving time and resources in an otherwise arduous decision-making process.
Coalition ESS scores are dynamic, responding to changes in available exploit information, unlike the scores derived from the Common Vulnerability Scoring System (CVSS). Coalition ESS scores are available up to one week from the initial vulnerability announcement, unlike other systems where scoring a vulnerability can take anywhere from one week up to one month.
“We created Coalition ESS to prioritize our own vulnerability management efforts as we are often the first line of defense for hundreds of thousands of assets of our customers at scale. We use ESS to evaluate and notify our policyholders about which vulnerabilities have the highest potential to negatively affect them and, today, are releasing it to the broader community,” continued Henriques.
Coalition ESS is available now for public use.