Decoding CISA KEV
An Annual Review of CISA’s Known Exploited Vulnerabilities (KEV)
CSW experts decode CISA’s KEV catalog and bring you the missing threat context.
Check out our analysis and research on KEV’s threat associations, latencies, severity scores, weakness categories and MITRE analysis. Also check out our recommendations and early warnings of vulnerabilities that should be added to the KEV catalog.
Download our whitepapers for detailed list of prioritized CVEs.
Decoding CISA KEV - Predictive Analysis & Early Warning
CSW and Securin experts red flag vulnerabilities that need to be part of the CISA KEV using Securin Vulnerability Intelligence (VI). Using its predictive scores, we provide recommendations about vulnerabilities that CISA needs to add to the KEV catalog.
Decoding CISA KEV - Severity Scores & Weakness Analysis
CSW and Securin experts analyzed the severity scores of KEVs and used our proprietary risk score (Vulnerability Risk Score) to understand the true risk posed by each vulnerability. We also analyzed the Common Weakness Enumeration (CWE) of the vulnerabilities listed in the KEV catalog to understand what type of weakness category is contributing the most and why.
Decoding CISA KEV - MITRE Analysis
CSW and Securin experts mapped the entire CISA KEV catalog to MITRE’ AT&CK tactics and techniques and have prioritized the vulnerabilities with a complete kill chain. In this report, we take a deep dive into what makes these vulnerabilities extremely dangerous and why attackers go after them.
Decoding CISA KEV - A Latency Analysis
CSW and Securin experts analyzed the latency of NVD, patch release, and scanner plugins in relation to the CISA KEV catalog to understand the exposures and windows of attack that make FCEB and Public Sector organizations vulnerable to crippling cyber attacks.
Decoding CISA KEV - KEV Metrics and Threat Associations
CSW and Securin experts took a deep dive into CISA KEVs to understand the risk that they pose to organizations. We analyzed each vulnerability to know their severity scores, exploitability, threat associations, weakness categories and impacted vendors and products etc.