Cyber insurance provider Coalition, has unveiled the Coalition Exploit Scoring System (Coalition ESS), a vulnerability scoring system designed to help risk managers mitigate potential cyber threats.
Developed by Coalition Security Labs – the firm’s research and innovation center – Coalition ESS is a security risk prioritization scoring system that leverages real-time monitoring and dynamic scoring to empower businesses to efficiently understand which vulnerabilities to patch first.
The scoring system leverages AI and large language modeling to scan the descriptions used within newly released CVEs (Common Vulnerabilities and Exposures). The technology scans them and then compares them to previously published vulnerabilities to predict the likelihood of exploitability.
According to the firm, the result is two probability scores: the Exploit Availability Probability, or the likelihood that code for an exploit will be publicly available, and the Exploit Usage Probability, or the likelihood that threat actors will use an exploit to execute an attack.
As a result, these scores combined give security managers and IT professionals a list that outlines which vulnerabilities pose the greatest threat, therefore saving time and resources.
“In cybersecurity, timing is everything. Thousands of new vulnerabilities are published monthly, and it’s nearly impossible for IT and security teams to quickly understand and address them all. Defenders need a more efficient way to sift through the noise and prioritize which vulnerabilities to remediate,” said Tiago Henriques, Coalition’s Head of Security Research.
“With Coalition ESS, they have an early source of truth to evaluate which risks to prioritize mitigating before an incident occurs.”
Coalition ESS scores are available up to one week from the initial vulnerability announcement, unlike other systems where scoring a vulnerability can take anywhere from one week up to one month.
“We created Coalition ESS to prioritize our own vulnerability management efforts as we are often the first line of defense for hundreds of thousands of assets of our customers at scale. We use ESS to evaluate and notify our policyholders about which vulnerabilities have the highest potential to negatively affect them and, today, are releasing it to the broader community,” continued Henriques.
In other related Coalition news, the company recently launched the next generation of its cyber risk management platform, Coalition Control.
