C3M has announced the launch of Risk Scoring – a new framework designed to help identify, contextualise, and prioritise alerts allowing cloud infrastructures to be better protected from ransomware and other cloud-based security risks.
Enterprise migration to the cloud using multiple third-party vendor solutions has resulted in an exponential rise in threat alerts. With security teams overwhelmed by the sheer volume and alert fatigue a growing concern to the security of the organization, C3M’s Risk Scoring Framework addresses the key enterprise challenges of false positives, inability to prioritise alerts, and lack of visibility into alert impact.
C3M’s Risk Scoring is a customised, deep mesh in the cloud that follows the CVSS (Common Vulnerability Scoring System) framework and C3M’s own proprietary policy risk score framework. Analysing misconfigurations, in addition, to reporting on risks from connected or associated resources, C3M Risk Score comprehensively assesses every alert and delivers a risk score based on three factors:
- CVSS 3.1 Framework – using Exploitability, Impact and Scope criteria,
- Risk Impact Factors – C3M intelligence with points based on attributes and risk factors of a resource with enterprises able to modify and adjust,
- Alert Severity – based on the severity of a policy defined in C3M.
The resultant risk score is rated between 1 and 10 and has four levels of Minor, Moderate, Major and Severe allowing security teams to immediately identify and resolve the most critical, high-risk threats that the enterprise is exposed to.
“Security teams face a flood of alerts from various cloud security solutions, with up to 100,000 in some organizations, where it is almost impossible to prioritise vulnerabilities. With up to 75 percent of alerts being false positives, much time is lost triaging leading to alert fatigue and worryingly, alerts being ignored. This is a perfect scenario for sophisticated attacks on the enterprise and digital supply chains,” said Paddy Viswanathan, CEO and Founder, C3M. “C3M’s Risk Scoring protects cloud infrastructures from attacks. For the first time, it enables enterprises to conclusively and comprehensively identify and prioritise vulnerabilities based on risk and impact, regardless of the number of alerts they receive and alleviate alert fatigue. Risk Scoring is the natural evolution of cloud security and is yet another unique technical innovation from C3M to help build trust for enterprises in their cloud security operations.”