Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Exposure Detection & Evidence Certainty

Ingrid

Exposure detection and evidence certainty describes how conclusively evidence shows that a company is exposed to or has mitigated a vulnerability.

Evidence examples are non-exhaustive; they may not apply to or be available for all vulnerabilities in our catalog.

  Detection
Exposure Mitigation
Certainty Possible

Exposure Possible

Exposure-possible.png

The evidence generally indicates that the company in question is unprotected from a threat.

Evidence Examples:

  • Relationship indicates
  • Provider software in use

Mitigation Possible

Mitigation-possible.png

The evidence generally indicates that the company in question is protected from a threat.

Evidence Example:

Non-vulnerable records found
Likely

Exposure Likely

Exposure-likely.png

The evidence specifically indicates that the company in question is unprotected from a threat.

Evidence Examples:

  • Specific software in use
  • Version in use

Mitigation Likely

Mitigation-likely.png

The evidence specifically indicates that the company in question is protected from a threat.

Evidence Example:

Long time since detection
Confirmed

Exposure Confirmed

Exposure-confirmed.png

The evidence confirms that the company is unprotected from a threat.

Evidence Examples:

  • Version in use, patching required
  • Vulnerable configuration

Mitigation Confirmed

Mitigation-confirmed.png

The evidence confirms that the company is protected from a threat.

Evidence Example:

Patching records found

Exposure Detection

Exposure detection indicates a company’s current status to being exposed to a vulnerability. Use this to assess immediate risk and prioritize your remediation efforts.

Exposure

Vulnerabilities were detected within the last 60 days and may actively be impacting the company.

Slug name: currently or EXPOSED

Mitigation

Vulnerabilities were detected more than 60 days ago. There’s evidence of mitigation or there’s no evidence of exposure in the past 60 days.

Slug name: previously

Evidence Certainty

A measure of how certain we are about a company's detection status.

Possible

The evidence generally indicates that the company in question is or is not protected from a threat.

Slug name: POSSIBLE

Likely

The evidence specifically indicates that the company in question is or is not protected from a threat.

Slug name: LIKELY

Confirmed

The evidence confirms that the company is or is not protected from a threat.

Slug name: CONFIRMED

  • November 15, 2024: Evidence certainty slug names.
  • October 17, 2024: Added slug names for exposure detection values in the API.
  • February 8, 2024: Added descriptions of each evidence certainty type.

Related articles

Feedback

0 comments

Please sign in to leave a comment.