Why EPSS Scores Matter for Vulnerability Management

Jun 20, 2024
4 minutes
... views

Unaddressed security flaws can have significant repercussions — data breaches, financial loss, reputational damage — making vulnerability management critically important.

Vulnerabilities provide entry points for attackers to exploit and possibly compromise sensitive information and disrupt business operations. With the increasing sophistication of cyberthreats, it’s essential to proactively identify and remediate vulnerabilities to protect assets and maintain customer trust. Effective vulnerability management minimizes the potential impact of attacks, ensuring a more secure and resilient IT environment.

History of the Exploit Prediction Scoring System (EPSS)

The Exploit Prediction Scoring System (EPSS) is a relatively recent development in the field of cybersecurity, designed to predict the likelihood that a given software vulnerability will be exploited. Launched in 2019 and governed by the Forum of Incident Response and Security Teams (FIRST), EPSS addresses the limitations of vulnerability scoring systems like the Common Vulnerability Scoring System (CVSS), which measures the severity of vulnerabilities but doesn’t account for their likelihood of being exploited.

EPSS leverages a machine learning model that utilizes real-world exploit data to provide a probabilistic score between 0-1, indicating the likelihood of exploitation within a specific time-frame, typically 30 days. This score allows organizations to prioritize their remediation efforts more effectively, focusing on the vulnerabilities most likely to be exploited rather than merely those deemed severe by traditional metrics.​

EPSS draws from an array of data sources, including vendor reports, academic research, and observed exploitation data. To reflect the evolving threat landscape, FIRST continuously updates the EPSS model with new data. Available for free use, it’s intended to integrate with other risk management tools to provide a comprehensive view of an organization's vulnerability landscape.

Prisma Cloud Adds EPSS Scores for Vulnerability Management

Prisma Cloud now supports EPSS in the Vulnerability Management Dashboard, Search and Investigate Graph, and Common Vulnerabilities and Exposures (CVE) side panel. Users can now prioritize vulnerabilities with the help of EPSS scores and explore vulnerability details in the side panel while inspecting cloud assets.

At-a-glance view of top impacting vulnerabilities with CVSS and EPSS information
Figure 1: At-a-glance view of top impacting vulnerabilities with CVSS and EPSS information

How to Use EPSS

Using the EPSS can significantly enhance your organization's vulnerability management strategy.

Integrate EPSS with Vulnerability Management Tools

Ensure your vulnerability management tools support or can integrate EPSS data. Many modern security tools have built-in support for EPSS or allow for custom integrations using APIs. These tools can provide details of the CVE and EPSS.

Prioritize Vulnerabilities

When you have vulnerabilities reachable from the internet, use EPSS to prioritize those with higher scores, as this will indicate their likelihood of exploitation.

Combine with Other Metrics

Complement EPSS scores with other metrics, such as CVSS. While CVSS provides severity ratings, EPSS adds the dimension of exploit likelihood.

Develop a Remediation Plan

Create a remediation plan that prioritizes fixing high-risk vulnerabilities as indicated by EPSS. Ensure that patching efforts are directed toward vulnerabilities with high exploitation probabilities.

Prisma Cloud indicates which assets are most at risk.
Figure 2: Prisma Cloud indicates which assets are most at risk.

Monitor and Update Regularly

Review and adjust your prioritization based on the latest EPSS scores. Because FIRST updates the scores for incoming data, which can occur frequently, you’ll want to watch the EPSS scores on your dashboard.

Educate and Train Your Team

Train your security team on the importance and usage of EPSS. Ensure they understand how to interpret the scores and integrate them into their daily workflow.

Example Use Case

Imagine your organization has a long list of identified vulnerabilities. Traditionally, you would prioritize them according to CVSS scores, tackling the highest severity vulnerabilities first. But some of these high-severity vulnerabilities might not be immediately exploitable. By integrating EPSS, you can reprioritize this list to focus on vulnerabilities with both high severity and high exploit likelihood to mitigate the most imminent threats.

More Vulnerability Management Enhancement

Support for Internet Exposure in Vulnerability Prioritization

The prioritization engine now supports internet exposure as a risk factor, which combined with EPSS, provides additional insight on how vulnerabilities should be prioritized.

Complete CVE Details

The CVE side panel now includes a new CVE Details tab that provides all the information about a given CVE, such as complete Common Vulnerability Scoring System (CVSS) risk factors, EPSS, exploit information, CISA KEV and external links.

Access key details for CVEs of concern.
Figure 3: Access key details for CVEs of concern.

Learn More

Prisma Cloud secures applications from code to cloud, effectively reducing your organization’s risk exposure. Learn more about our newest vulnerability management features and take Prisma Cloud out for a free 30-day test drive if you haven’t experienced the advantage.

Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.