8. Vulnerabilities vs Vuln Instances?

You will learn the difference between Vulnerabilities and Vuln Instances.

Overview

Within UVRM you will notice the following categories being used across many different features; Asset, Vulnerability (Vuln), Vulnerability Instances, and Tags. This document will go over the differences between Vuln and Vuln Instances.

Vulnerabilities (Vulns)

Vulnerabilities within the broader context of a Vulnerability Management Program reflect the specific vulnerabilities within a given network that need to be remediated.

In UVRM, however, a Vulnerability is the aggregated vulnerability that Scanners provide to NopSec, oftentimes aggregating multiple CVEs together. Scanners do this aggregation in order to help users track a Vulnerability by a given name or ID regardless of specific CVEs. We follow that aggregation and provide views of Vulnerabilities within the platform. 

Within UVRM Vulnerabilities also are the items that receive the NopSec risk score that our machine learning model determines for the specific Vulnerability given the data we have obtained from our threat feeds. This score is a 1-10 score that is broken down into the following Severities.

  • Urgent = 9.9-10 AND has threat
  • Critical = 7.6-10 with NO known threat but highly likely to become a threat
  • High = 5.1-7.5
  • Medium = 2.6-5.0
  • Low = 0.1-2.5
  • None = 0

Threat being the classification our model labels a vulnerability given the data found in our threat feeds analysis for items that are known threats (have been used and found in actual attacks through credible resources). Our model also works to identify vulns that are highly likely to become threats by increasing their Vuln Risk Score.

Vuln Instances

In contrast, Vuln Instances are the specific CVEs of a given vulnerability, typically one CVE, however, there could be multiple, found on a specific Asset. 

This means that a Vulnerability can be seen across many Assets, each with a different set of CVEs found on specific Assets.

Vuln Instances are what your Analysts and Remediation Teams will most likely focus on as they are conducting their work. 

Vuln Instances also receive a Score and Severity from NopSec by taking the specific Vuln Score, the Asset's Criticality, and any Mitigating Controls (if enabled and detected) on the specific Asset. This provides our clients with a contextual risk for each vulnerability based on where the vulnerability is found. Our goal is to continue providing more contextual risk and enabling clients to control this value more directly in the future.

Vuln Instance Scores are 1-100 and are categorized as the following:

  • Critical = 76-100
  • High = 51-75
  • Medium = 26-50
  • Low = 0-25