Current vulnerability management cycle is broken. Existing tooling and reports from security consultants simply provide an enormous list of findings with indicative scoring which are left to the hands of IT/SecOps teams to triage manually. Prioritization as done today requires information from multiple sources that add up to the effort and are prone to error and misinterpretation. Collaboration between stakeholders is difficult.
PRIOn SaaS platform re-frames, accelerates and simplifies the current problematic vulnerability management workflow. We provide a single pane of glass of the overall cyber-security risk exposure. The platform ingests vulnerability, threat intelligence and environmental data, including asset management information, and provides a true risk based priority score. Integration with collaboration tools helps disseminate information to stakeholders and streamline the whole process.
Automates the enrichment and the analysis of CVEs. The triage phase makes the examination of a vulnerability fast, comprehensive and easy. It reduces human workload, it saves money and it provides comprehensive information about a vulnerability itself.
Automates the prioritization of the identified vulnerabilities. It provides an actionable quantifiable risk score for each vulnerability. Internal teams will be able, by utilizing PRIOn score and data, to develop a proper remediation plan on focusing into which vulnerabilities must be fixed first.
Collects contextualized intelligence information from a dozen of external sources. Exploitability, exploited in the wild, media & news trends and threat actors activity artifacts are collected in order to determine which vulnerability poses the most significant threat.
Gains further insights from a vulnerability under examination, by linking a CVE description with various cyber security classification taxonomy frameworks, including MITRE ATT&CK (Impact), CAPEC (Attack Pattern), CWE (Weakness), OWASP TOP10 (Impact) and DISA STIG (Technical Guide) respectively. Predictive technology is used by utilizing deep learning techniques with a confirmed 96% accuracy rate.
A vulnerability type is determined so teams can know the type of the vulnerability, e.g. remote code execution, denial of service etc, without needing to go through the entire CVE description. Again a predictive technology is used by utilizing deep learning techniques with a confirmed 82% accuracy rate.
Supports REST API, which exposes a number of endpoints providing access, programmatically, to PRIOn crunched data. Teams are able to consume those data and integrate them with their existing internal cyber security tools such as SIEM, SOAR etc.
As a fully transparent company, here’s our progress so far.
In Spring 2022 we started development of our backend data pool and core data handlers
We showed our community the minimum viable product and gathered actionable feedback
Our second product is open for Business. The B2B API component is available for integration by security-aware corporations and vendors