How to Use Falcon Spotlight’s ExPRT.AI
November 10, 2021Rachel Scobey Tech Center
Organizations have historically been reliant on CVSS severity scoring to help prioritize vulnerability remediations. Unfortunately, that single data point is often not enough to drive an effective patching strategy. With limited time and resources, organizations are commonly left with large quantities of unaddressed, severely-ranked vulnerabilities. While the standard scoring system plays an important role, it is a measure of severity – not risk or malicious behavior. To ensure production systems are secure with current patches, organizations need more specific guidance to target those remedations that reduce actual risk.
Improved Vulnerability Prioritization
With ExPRT.AI, Falcon Spotlight provides that additional context. Leveraging inputs from a number of different sources including CrowdStrike’s extensive data set, the ExPRT AI rating is dynamically adjusted based on recent exploit status and threat intelligence inputs. This artificial intelligence model enables security teams to prioritize fewer vulnerabilities and allocate remediation efforts accordingly. The Spotlight dashboard illustrates how that information is delivered to customers. While the original CVSS scoring standard is still available, the ExPRT.AI rating highlights a smaller, more accurate subset of open vulnerabilities that represent the highest level of risk to an organization.
Using the ExPERT.AI Rating
The main dashboard chart areas are clickable to quickly access the supported details. For example, drilling down on those vulnerabilities with a high rating, presents a filtered list. In addition to the ExPERT AI rating, this list can be further filtered on a number of attributes including vendor and exploit status.
For each vulnerability, details are available including the description and links to supporting documentation. The details also include the current ExPRT rating as well as some additional insights. As the model continues to learn and collect new threat data, this dynamic rating will change. With that, a chart is presented to illustrate any recent changes along with the date of the highest documented level.
CrowdStrike also documents the positive and negative indicators that factored into the ExPRT AI calculation. Directly from this page, links are also available to facilitate remediation of the impacted systems.
Falcon Spotlights’s ExPRT AI rating uses real time exploit status and threat intelligence to help organizations hone in on the most important vulnerabilities. This enables them to quickly concentrate their efforts on the most time sensitive vulnerabilities, take action and effectively reduce risk.