.png?height=120&name=Orpheus-Logo-Landscape%20(2).png){kind=logo}
Orpheus vulnerability score, based on threat intelligence, can help organizations focus on reducing the actual risk and likelihood of a cyber attack, alongside the prediction score.
Most organizations will have thousands of vulnerabilities in their internal systems. It simply isn’t possible to patch everything and so organizations need to prioritize where they put their resources. Additionally, thousands more vulnerabilities are discovered each year.
Until recently, the only way to prioritize was to use the CVSS score. This score is based on the severity of that vulnerability being exploited. Yet NIST (who maintain the CVSS scores) say themselves this is not a measure of risk. To use CVSS as a risk measure, you need to go through a lengthy and often manual process to give context to each vulnerability. Additionally, this score does not change over time even as the threat landscape does.
Even when you have done this, the score does not consider threat actor activity. The Orpheus vulnerability score is based on threat intelligence; considering which vulnerabilities threat actors are utilizing and how that changes over time.
This is important as organizations can waste a lot of time trying to patch or mitigate vulnerabilities without reducing their actual risk. By using the Orpheus score, they can focus on fixing what matters and reducing the likelihood of a cyber attack.
Used alongside the prediction score this gives organizations a much more effective way to prioritize their resources.