The Likelihood feature in Outpost24 Farsight provides an easier way to address vulnerabilities which are relevant and may impact an organization irrespective of the CVSS score or the presence of an exploit for a vulnerability.
By focusing on the likelihood, you are mitigating vulnerabilities that, based on the machine learning model, are predicting an increased risk even though it may not currently be exploited.
Risk classification of assets and services serves a purpose and should be conducted to further distinguish where to focus most efforts. This task can be time-consuming and may not produce viable results in the first couple of iterations. Farsight enables you to filter out some unlikely vulnerabilities with little to no prior knowledge about the vulnerabilities or assets, getting you on track with your vulnerability program faster.
Risk Score - Likelihood
Likelihood is a risk indicator that shows how likely a vulnerability is to be exploited compared to average, where approximately 95% of all vulnerabilities are never exploited. This is displayed in the Farsight column in the assets Findings view. The value can go from 1 to 100 where 100 is the equivalent of saying it will be (or has been already) exploited in the wild in the next 12 months. The benefit to the customer is the ability to drive more aggressive risk-based remediation, focusing on even fewer vulnerabilities that reach a particular likelihood. It is also worth noting that any vulnerability already exploited in the wild will have the risk value of 100 as it has been exploited already.
Since risk score is machine learning driven, based on several factors the risk rating can decrease as well as increase based on activity in the wild.
To use Farsight you need the function enabled in your subscription. Contact support for more information on how you can enable the Farsight function.
Farsight in Unified View
In the Unified View, Farsight scores are presented as Exploitation Likelihood together with CVSS scoring when selecting an asset. The Common Vulnerability Scoring System (CVSS) score provides a numerical value of the severity of vulnerabilities, whereas Farsight displays the likelihood for that vulnerability to occur and potentially affect the system. This provides you with data to prioritize the remediation efforts into key business assets.
Clicking the blue View Findings button takes you to the findings view, where the findings are listed. Farsight scores are presented as a column in the Findings view.
Selecting a finding displays a more detailed view in the panel to the right.
|Age||Shows how old the vulnerability is.|
The Risk score shows the likelihood of a vulnerability being weaponized and exploited in the wild over the next 12 months. Ranges from 1 to 38.46. the higher value, the greater the risk.
|CVSS V2 severity|
Severity level of the vulnerability according to CVSS v2 score:
None - 0.0
|CVSS V3 severity|
Severity level of the vulnerability according to CVSS v3 score:
None - 0.0
|Score||Risk indicator that shows how much more likely a vulnerability is to be exploited compared to average. The risk indicator present the likelihood values in an 0-100% (0-1) format.|
|Threat Activity||Last time date when threat activity has been detected by the watcher community.|
|Delta||Is the difference between the current and the former likelihood values.|
|Delta update date||Date when the Delta value changed.|
|Exploit available||Determines if there is a publicly available exploit present for this vulnerability.|
Likelihood of exploitation depending on the Likelihood value. The Exploitation Liklihood use the likelihood values in an 0-1 (0-100%) format divided into four groups.
Rare - 0-0.25
|Last Scan||Time and date when this finding has been detected latest.|
|Details||The link View more details on NetSec takes you to the Findings tab in the Reporting Tool in NetSec.|
© 2023 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.