Security Program Controls/Technologies, Channel partners, Content

Cyber Insurer Coalition Releases Vulnerability Exploit Scoring System

Share
Credit: Getty Images

The new Coalition Exploit Scoring System (ESS) provides organizations with vulnerability monitoring and scoring to help them identify which vulnerabilities to patch first, the company announced in a prepared statement.

Tiago Henriques, Coalition's head of security research, commented on Coalition ESS and how it helps IT and security teams detect and prioritize threats:

"Thousands of new vulnerabilities are published monthly, and it’s nearly impossible for IT and security teams to quickly understand and address them all... With Coalition ESS, they have an early source of truth to evaluate which risks to prioritize mitigating before an incident occurs."

How the Coalition Exploit Scoring System Works

Coalition ESS uses artificial intelligence and large language modeling to scan the descriptions used within newly released common vulnerabilities and exposures (CVEs), the company said. The system then compares these descriptions to previously published vulnerabilities to predict the likelihood of exploitability.

From here, Coalition ESS generate two probability scores:

  • Exploit Availability Probability shows the likelihood that code for an exploit will be publicly available.
  • Exploit Usage Probability highlights the likelihood that threat actors will use an exploit to execute an attack.

Next, security managers and IT professionals can use these scores to determine which vulnerabilities pose the greatest threat to their organizations and respond accordingly, Coalition indicated.

Coalition Updates Its Risk Management Platform

The Coalition ESS launch comes after Coalition in May 2023 released the 2.0 version of its Coalition Control risk management platform.

With Coalition Control 2.0, organizations can access cyber risk monitoring, assessment and quantification tools and receive third-party risk management and artificial intelligence-based support, the company said. The platform offers threat intelligence, vulnerability scoring and asset enumeration capabilities. It also provides a CRQ feature that shows organizations the financial impact of cyber risks so they can purchase the right cyber insurance coverages.

Coalition provides cyber insurance coverage and cybersecurity tools to global organizations. The company offers a partner program for insurance brokers and SaaS security providers.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.