FAQ

Hackuity provides an agnostic solution to enrich and manage vulnerabilities from different scanners (network scanners, application scanners), sources (NIST NVD, CTI) or detection practices (EDR, pentests, bug bounty, compliance reports, etc.). This translates, among other things, into mechanisms for vulnerability deduplication and an algorithm for “scoring” vulnerabilities from multiple and cross-origin sources. Hackuity orchestrates your detection arsenal, normalizes your results, centralizes your baselines and provides a harmonized risk measurement.

Remediation teams thank Hackuity for: 1/ The standardization of collected vulnerabilities, which provides a standard format for describing vulnerabilities and remediation measures, regardless of the source. 2/ The enrichment of vulnerabilities with all the identified recommendations (vendors, NVD, CTI, scanners, …), but also with the Hackuity knowledge base. 3/ The native and bi-directional integration with workflows and tools (Jira, ServiceNow, …), which facilitates the collaboration with CISOs and helps identify bottlenecks. 4/ Drastically reduce the number of critical vulnerabilities, allowing you to focus on the most important vulnerabilities and significantly reduce false positive noise.

Several elements limit the loss of time related to false positives: 1/ Normalization and deduplication of vulnerabilities, which allows you to cross-reference results from all your detection tools, sources and practices. 2/ Results historization, which guarantees that a false positive qualified as such will not be requalified by a third party source in the future. 3/ Confidence scores that can be assigned to sources.

The TRS is a calculation algorithm to qualify the threat and prioritize remediation actions. The TRS goes far beyond the calculation of the CVSS score - it integrates all the components of the CVSS score (Base, Environmental & Temporal) by allowing automatic filling of attribute values, but it also allows the use of additional attributes for risk calculation. Thanks to the use of the TRS, in average, our customers divide by 38 the number of critical vulnerabilities to be managed in their organization.