Risk scores are calculated daily based on the following factors to provide a comprehensive analysis of your account.
We rate detected vulnerabilities using a 1-5 severity level scale. Risk points are assigned for each severity level as follows:
Severity 5, +600 risk points
An attacker can take full control.
Severity 4, +300 risk points
An attacker can access critical data.
Severity 3, +100 risk points
An attacker can access sensitive data.
Severity 2, +25 risk points
An attacker can access configuration data.
Severity 1, +10 risk points
An attacker can access unnecessary data.
An attack is more likely to happen when your perimeter has more open ports than the average organization. We add 25 risk points per open port.
The longer a vulnerability exists, the more likely it is to be exploited. When a target has any active vulnerabilities, we add 1 additional risk point each day until resolved.
Last scan days
Scanning frequently enables you to stay ahead of new issues. The longer you go without scanning, the higher the likelihood of an issue not being accounted for. We add 2 additional risk points for each day since your last scan.
Certain assets that present a high or medium risk will add points to your risk score as follows.
|High Risk||Medium Risk|
Use the risk score calculator in your account to get a better understanding of potential risk and how that might impact you. Input custom values into the calculator to explore different risk situations and quickly see the expected risk score projection.