ServiceNow's Vulnerability Response Exploit Prediction Scoring System (EPSS) provides a fundamentally new capability for efficient, data-driven vulnerability management. It’s a data-driven effort that uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited. Asset owners should consider many other aspects of the vulnerability, their network, the asset, and so on before making a final decision to remediate or delay remediation.
The advantages of EPSS data include the fact that the EPSS Model has an open-source nature, allowing for widespread access, transparency, and community contributions.
Other benefits of leveraging EPSS is ServiceNow Vulnerability Response include:
- OBB Integration- Daily integration job run
- Singular Insight- EPSS Probability Score in application, cloud, and infrastructure security vulnerabilities
- Rollup calculator & Risk calculator- EPSS scores roll up to TPEs helping with enhanced visibility and risk-based prioritization using the OBB Risk calculator
- Unified Attack Surface Dashboard- contains a new vulnerability intelligence tab, OOB EPSS reports, and an EPSS aggregated view across Host, Container, and Application vulnerabilities
