VulnCheck’s KEV Catalog Outpaces CISA In Vulnerability Notifications

Highlights:

• The KEV catalog, short for Known Exploited Vulnerabilities, furnishes security teams with advanced intelligence on vulnerabilities exploited in the wild.
• VulnCheck also offers citations for each CVE, providing security teams with a clearer understanding of why the vulnerability is included in the list.

Cyberthreat intelligence provider VulnCheck Inc. unveiled the launch of VulnCheck’s KEV catalog recently, a new free offering accessible as part of its community services.

The KEV catalog, short for Known Exploited Vulnerabilities, furnishes security teams with advanced intelligence on vulnerabilities exploited in the wild. This empowers them to manage threats better, tackle prioritization challenges, and stay ahead of adversaries.

It has been designed to address the rapid growth and exploitation of vulnerabilities by providing proactive intelligence to security teams. Currently, VulnCheck keeps track of 876 more vulnerabilities than the U.S. Cybersecurity and Infrastructure Agency exploited in the wild. On average, it alerts customers about exploits 27 days earlier than when they are added to the CISA KEV catalog.

VulnCheck’s KEV catalog empowers cybersecurity vendors and vulnerability management teams with faster and broader coverage. It provides an efficient machine-readable dataset for detection, prioritization, and remediation efforts.

Anthony Bettini, the founder and CEO said, “The CISA KEV catalog continues to be an invaluable tool and driving force in our industry, but there is an opportunity for broader visibility and often earlier indicators into known exploitation. This is why we decided to offer a community resource that provides broader known exploited vulnerability intelligence and reference materials, all delivered at machine speed.”

The new VulnCheck’s KEV catalog includes comprehensive tracking, offering security teams the largest real-time collection of known exploited vulnerabilities. The free offering encompasses all vulnerabilities listed in the CISA KEV catalog and approximately 80% more reported as exploited in the wild.

The catalog enhances CVEs with valuable context, as described by VulnCheck. It includes supplementary external links to exploit content available in VulnCheck XDB, referencing publicly available exploit proof-of-concept code whenever feasible. VulnCheck also offers citations for each CVE, providing security teams with a clearer understanding of why the vulnerability is included in the list. When threat actors, ransomware groups, or botnets are involved in exploiting the vulnerability, VulnCheck provides evidence to support its findings.

Established in 2021, VulnCheck is a venture capital-backed startup that has raised USD 3.2 million in funding, as reported by Tracxn. Investors include Sorenson Ventures Inc., In-Q-Tel Inc., Lux Capital LLC, and Aviso Ventures Inc.