- Products
-
ProductsPlatform
- ShadowPlex Advanced Threat Defense
Deception for early detection of cyber threats with precision and speed
- ShadowPlex Identity Protection
Visibility, management and protection of identity stores and attack paths
- Acalvio Active Defense Platform
Comprehensive and Award-winning Distributed Deception Platform
- What is Active Defense?
Active defense detects and diverts attacks.
- Why do I need Acalvio Active Defense?
Active Defense deceives and disrupts attackers.
- ShadowPlex Advanced Threat Defense
-
- Solutions
-
Technology SolutionsIndustry Solutions
- Breach Detection
Active Defense for breach detection and response, both in on-premises and cloud workloads
- Identity Threat Detection & Response
Visibility into Identity attack surface and effective detect & respond solution for identity attacks
- OT / ICS Security
Passive and low-risk agentless solution that is easy to deploy
- Active Directory Protection
Visibility into AD attack surfaces and detection of AD Attacks
- Threat Hunting
Active threat hunting, based on targeted deception, to confirm hunting hypothesis
- Ransomware
AI-Driven Advanced Deception Technology to combat even zero-day Ransomware
- Honeytokens for CrowdStrike
Honeytokens are deceptive credentials and data that are embedded in legitimate assets
- Zero Trust
Zero trust is a security model that assumes that no one inside or outside of the network can be trusted
- Public Sector
Targeted solution for protecting Federal agencies in conformation with NIST and CISA recommendations
- Healthcare
Active defense solutions thwart healthcare attacks before they can inflict real damage.
- Breach Detection
-
- Resources
- Partners
- Company
CVE (Common Vulnerabilities and Exposures)
What is CVE?
CVE stands for “Common Vulnerabilities and Exposures.” It is a list of publicly disclosed cybersecurity vulnerabilities that is free to search, use, and incorporate into products and services. CVE helps vendors and researchers identify, define, and catalog vulnerabilities in a standardized way.
Each CVE entry is assigned a unique identifier, known as a CVE ID, which consists of the year the vulnerability was assigned, followed by a sequential number (e.g., CVE-2023-12345). This identifier helps in referencing and discussing specific vulnerabilities across different platforms and sources.
Difference Between Vulnerability and Exposure
A vulnerability is a weakness or flaw in a system, software application, or hardware component that can be exploited by attackers to compromise the confidentiality, integrity, or availability of the system or its data.
Exposure refers to the condition in which a system or software application is at risk due to the presence of a known vulnerability. An exposed system is susceptible to attacks that could take advantage of the identified vulnerability to compromise its security. Exposure implies that the vulnerability is present and can be exploited by attackers.
What information does a CVE contain?
CVE entries typically include details about the vulnerability, such as its severity, affected products and versions, technical descriptions, potential impact, and steps for mitigation or remediation. These entries serve as a valuable resource for security professionals to stay informed about the latest vulnerabilities and take appropriate actions to secure their systems and networks.
What is a Common Vulnerability Scoring System (CVSS)?
Common Vulnerability Scoring System (CVSS) is a standardized framework for assessing and communicating the severity of vulnerabilities in software and systems. CVSS provides a structured way to evaluate the potential impact and exploitability of a vulnerability, allowing organizations to prioritize their efforts in addressing security issues.
The CVSS framework assigns a numerical score to each vulnerability based on a set of metrics that assess various aspects of the vulnerability’s impact and exploitability.