AI-Powered Risk Scoring
Infracast's TrueRiskβ’ scoring engine uses contextual analysis and threat intelligence to prioritize findings based on real-world exploitability and business impact.
Overviewβ
Traditional vulnerability scoring (CVSS) treats all vulnerabilities equally regardless of context. A CVSS 9.8 on an isolated dev server isn't the same risk as a CVSS 7.0 on an internet-facing production database.
TrueRisk combines multiple factors to calculate a 0-100 risk score that reflects actual risk to your organization:
- Network Exposure β Is the asset internet-facing or behind multiple firewalls?
- Asset Criticality β Production database vs. dev sandbox
- Blast Radius β What can an attacker reach from this asset?
- Exploitability β Is there a known exploit? Is it in CISA KEV?
- IAM Context β Does this asset have privileged access to other resources?
Key Featuresβ
TrueRisk Scoring (0-100)β
Every finding receives a contextual risk score:
| Score | Rating | Action |
|---|---|---|
| 80-100 | Critical | Immediate remediation required |
| 60-79 | High | Remediate within 7 days |
| 40-59 | Medium | Remediate within 30 days |
| 0-39 | Low | Address during maintenance |
CISA KEV Integrationβ
Findings related to CISA Known Exploited Vulnerabilities are automatically escalated to CRITICAL priority. These are vulnerabilities actively being exploited in the wild.
EPSS Scoringβ
We integrate FIRST EPSS (Exploit Prediction Scoring System) to assess the probability a vulnerability will be exploited in the next 30 days.
Risk Clustersβ
Related findings are grouped into risk clusters β issues that share root causes or affect the same blast radius. Remediating one cluster item often reduces risk across multiple findings.
Remediation ROIβ
Each remediation action shows its ROI score β how much risk reduction you get for the effort required. Focus on high-ROI fixes first.
API Endpointsβ
# Get risk summary for tenant
GET /api/v1/tenants/{tenantId}/risk/summary
# Get risk details for a specific finding
GET /api/v1/tenants/{tenantId}/risk/findings/{findingId}
# Get risk clusters
GET /api/v1/tenants/{tenantId}/risk/clusters
# Get prioritized remediations
GET /api/v1/tenants/{tenantId}/risk/remediations
Availabilityβ
| Tier | Access |
|---|---|
| Free | β |
| Pro | β |
| Business | β |
| Enterprise | β |
| Enterprise+ | β |
Relatedβ
- CIEM β IAM security analysis
- Attack Paths β Toxic combination detection
- VulnDB β Vulnerability intelligence