Farsight Update Information
Over the last twelve months we have engaged with many of our customers on the Farsight risk based Vulnerability Management module we released in early 2020. One of the pieces of feedback related to the likelihood score, which provides a risk indicator out of a 38.46 score for each vulnerability. Customers indicated that this was a ‘hard’ number to understand and communicate to remediation teams and senior managers and would much prefer a more logical 1 – 100 (or similar) score. In Mid 2021 we release the Farsight risk score which is a percent value shown between 0 and 1. Today we are pleased to announce some upcoming changes to the Farsight module.
Farsight Risk Score
In the October release we have changed the way we show the Farsight risk score to a value between 1 and 100, removing any lingering confusion the score may cause.
Deprecation of the Likelihood Score and Likelihood Delta
We are announcing the deprecation of the Likelihood score and Likelihood delta, with only the Farsight ratings then being available. These will be removed from the platform by the January 2023 release. As with any change like this, there will also be change in the way the scores are calculated, and more information about some of these values we will be using can be found below. With the improved data metrics we are able to offer a much greater insight into the risk and the corresponding Farsight score we provide. We will also have a vastly increased database of data and CVE's which are being scored, this will be especially evident for those vulnerabilities over 5 years old where we have managed to build a much greater insight into these vulnerabilities, and can now share these Farsight scores inside of the product.
Some of the data we use to calculate the score is outlined below:
- Number of separate Malware instances which we have found to be linked to this CVE
- Number of campaigns we have seen threat actors implementing which involve this CVE
- Number of separate threat actors associated with this CVE
- Number of tools which have been seen and are associated with this CVE
- Number of relationships with have been associated with this CVE
- Number of Proof of Concepts that have been found which are associated with this CVE
- Number of Exploits that have been found which are associated with this CVE
- Number of exploits seen in the wild which have been associated with this CVE
- Number of remote exploits which have been associated with this CVE
- Popularity of a CVE, based on an algorithm combining numerous data sources to give a score derived from its mentions around the web, for example, on Social Media
Additional Information about Risk Rating Vulnerability
Over time we will be adding additional information to help customers understand why a vulnerability has been risk rated, such at the number of threat actors using the vulnerability, how many mentions the vulnerability has and other elements.
As we improve the Farsight scoring to be more accurate, its also interesting to understand some of the vectors we are using to build the score. The scores will be an ever evolving way of understanding the risk and threat posed by a specific CVE, so while the data we use to calculate the final Farsight score may change, it's unlikely that the score will deviate considerably outside of what would be expected for raised or reduced levels of risk.