Finite State News

Finite State’s Exploit Intel Powers Threat-Based Security Triage

Written by Finite State Team | Apr 13, 2022 1:00:00 PM

New capability shows device manufacturers whether vulnerabilities have been publicly exploited

COLUMBUS, Ohio — April 13, 2022 — Finite State, the product security leader for connected devices, today announced that it has launched its new Exploit Intelligence capability, enabling security practitioners to incorporate threat-based intelligence into product security prioritization.

As the threat landscape grows, it becomes harder for device manufacturers to know which vulnerabilities to prioritize. Meanwhile, hackers are growing more sophisticated in their attacks and continue publishing exploit kits - collections of exploits that less sophisticated threat actors can deploy autonomously. 

According to cvedetails.com, more than 11% of almost 173,000 vulnerabilities in the National Vulnerability Database (NVD), are considered Critical (9.0-10.0 CVSS score). This translates to more than 19,000 Critical vulnerabilities – no security team could realistically be expected to remediate all of them. 

Finite State’s Exploit Intelligence capability helps level the playing field by monitoring thousands of industrial control systems (ICS) and operational technology (OT) advisories to surface vulnerabilities that threat actors are actively and maliciously exploiting, also known as “weaponizing.” 

Users of the Exploit Intelligence platform can also:

  • Access profiles on those threat actors
  • Review a timeline of exploitation
  • See the correlation between threat actors and specific common vulnerabilities and exposures (CVEs). 

Leveraging this intelligence, users can now better prioritize remediation of the 19,000+ Critical vulnerabilities, and rapidly minimize risk. 

"Customers can now see, right alongside all our other results, not only which vulnerabilities they have that are being actively exploited, but by whom and in what ways." said Jeff Martin, Vice President of Product at Finite State. "Fusing threat intelligence on bad actor groups with vulnerability weaponization is a critical prioritization capability in today's world of increasing threats from nation-states and criminal groups." 

The Finite State platform offers a comprehensive view of device components, security issues, and supply chain risk. By adding this high-fidelity exploit intelligence capability, Finite State is  enabling security teams to improve their visibility into device software and to automate protection for their products. Learn more about the platform at www.finitestate.io.

 

About Finite State

Finite State empowers organizations to gain control of product security for their connected devices and supply chains. Backed by a team of seasoned experts, our automated product security platform arms our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. For more information, visit www.finitestate.io.

Matt McLoughlin
Gregory FCA on behalf of Finite State
Phone: 610.996.4264
matt@gregoryfca.com