CVEs Prioritization

Overview

Panoptica scans for vulnerabilities using different tools and threat intelligence feeds, including:

1. AWS EC2 disk scanning
2. K8s image scanning
3. Intsights - vulnerabilities and darknet threat intelligence
4. Shodan - public assets network scanner
5. Spyse - public assets threat intelligence

Prioritization of CVEs

To reduce overload, Panoptica prioritizes the expansive list of vulnerabilities found in your environment. This enables you to focus on the CVEs that matter most, reducing the effort required to review and mitigate the vulnerabilities that will have the most impact on improving your security posture.

In the example below, Panoptica detected over 5,000 CVEs, but after filtering for prioritized vulnerabilities, that is reduced to just 268 vulnerabilities.

How Does Prioritization Work?

The vulnerabilities are prioritized by the following logic:

1. Any vulnerability publicly exposed and detected by a network scanner.
2. Any exploitable vulnerability with a network-based attack vector, which resides in a public asset.
3. Any vulnerability with a network-based attack vector and a CVSS score higher than 8, which resides in a public asset.
4. Any vulnerability with a local-based attack vector and a CVSS score higher than 8, which is related to a potential detected attack path.
5. Any vulnerability with a CVSS score higher than 9, which does not require a physical attack vector.