Industry-first framework quantifies high risk, high impact threats in the cloud for enhanced security team efficacy
7th July 2021, San Francisco, CA – C3M, a leader in Cloud Security Posture Management (CSPM) and Cloud Identity and Entitlement Management (CIEM) has continued its technological innovation with the launch of Risk Scoring – its unique framework designed to help identify, contextualise and prioritise alerts allowing cloud infrastructures to be better protected from ransomware and other cloud-based security risks.
Enterprise migration to the cloud using multiple third-party vendor solutions has resulted in an exponential rise in alert threats. With security teams overwhelmed with the sheer volume and alert fatigue a growing concern to the security of the organisation, C3M’s Risk Scoring Framework addresses the key enterprise challenges of false positives, inability to prioritise alerts and lack of visibility into alert impact.
C3M’s Risk Scoring is a customised, deep mesh in the cloud that follows the CVSS (Common Vulnerability Scoring System) framework and C3M’s own proprietary policy risk score framework. Analysing misconfigurations, in addition, to reporting on risks from connected or associated resources, C3M Risk Score comprehensively assesses every alert and delivers a risk score based on three factors:
- CVSS 3.1 Framework – using Exploitability, Impact and Scope criteria
- Risk Impact Factors – C3M intelligence with points based on attributes and risk factors of a resource with enterprises able to modify and adjust
- Alert Severity – based on the severity of a policy defined in C3M
The resultant risk score is rated between 1 and 10 and has four levels of Minor, Moderate, Major and Severe allowing security teams to immediately identify and resolve the most critical, high-risk threats that the enterprise is exposed to.
“Security teams face a flood of alerts from various cloud security solutions, with up to 100,000 in some organisations, where it is almost impossible to prioritise vulnerabilities. With up to 75% of alerts being false positives, much time is lost triaging leading to alert fatigue and worryingly, alerts being ignored. This is a perfect scenario for sophisticated attacks on the enterprise and digital supply chains,” said Paddy Viswanathan, CEO and Founder, C3M. “C3M’s Risk Scoring protects cloud infrastructures from attacks. For the first time, it enables enterprises to conclusively and comprehensively identify and prioritise vulnerabilities based on risk and impact, regardless of the amount of alerts they receive and alleviate alert fatigue. Risk Scoring is the natural evolution of cloud security and is yet another unique technical innovation from C3M to help build trust for enterprises’ in their cloud security operations.”
Risk Scoring is part of the default CSPM package from C3M and will be available as a free update to existing customers. It is offered in addition to the out of the box controls as standard in the C3M Cloud Control platform which checks for known attack paths in the cloud, including ransomware and many others.
About C3M
C3M, LLC is a San Francisco headquartered Cloud Security solutions provider. C3M’s Cloud Control is a 100% Agent-less, API based, cloud-native security solution that offers organisations complete cloud control through automated security intelligence, giving them actionable insights into the cloud, its security, and infrastructure, while also auto-remediating any security violations it detects. C3M Access Control helps enterprises gain complete control over identities and infrastructure entitlements, and right size identity privileges.