lanemclaughlin
ServiceNow Employee
ServiceNow Employee

ServiceNow's Vulnerability Response Exploit Prediction Scoring System (EPSS) provides a fundamentally new capability for efficient, data-driven vulnerability management. It’s a data-driven effort that uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited. Asset owners should consider many other aspects of the vulnerability, their network, the asset, and so on before making a final decision to remediate or delay remediation.  

 

The advantages of EPSS data include the fact that the EPSS Model has an open-source nature, allowing for widespread access, transparency, and community contributions. 

  

lanemclaughlin_0-1702405699893.png

  

Other benefits of leveraging EPSS is ServiceNow Vulnerability Response include: 

  • OBB Integration- Daily integration job run 
  • Singular Insight- EPSS Probability Score in application, cloud, and infrastructure security vulnerabilities 
  • Rollup calculator & Risk calculator- EPSS scores roll up to TPEs helping with enhanced visibility and risk-based prioritization using the OBB Risk calculator 
  • Unified Attack Surface Dashboard- contains a new vulnerability intelligence tab, OOB EPSS reports, and an EPSS aggregated view across Host, Container, and Application vulnerabilities 

lanemclaughlin_1-1702405699896.png

 

 

Version history
Last update:
‎12-12-2023 10:40 AM
Updated by:
Contributors