Launched in partnership with CyberScoop, the RunSafe Pwn Index will leverage multiple sources of exploit data, including dark web marketplaces, payout services and private practitioners, to collect pricing data for zero-day exploits across mobile, server and embedded systems.
MCLEAN, Va. (PRWEB) March 06, 2019
RunSafe Security, the pioneer of a patented cyberhardening process for vulnerable embedded systems and, devices, today announced the release of the RunSafe Pwn Index™, a proprietary score and methodology to track the average price of cyber exploits targeting enterprise and government agency software assets. Launched in partnership with CyberScoop, a media company reaching top cybersecurity leaders, the RunSafe Pwn Index will leverage multiple sources of exploit data, including dark web marketplaces, payout services and private practitioners, to collect pricing data for zero-day exploits across mobile, server and embedded systems. This unprecedented level of granular insight will provide a window into the current economic motivations of attackers, empowering security teams to proactively employ defense in depth techniques that counter these trending exploits.
“The market for zero days and malicious exploits is constantly evolving. The price and volume of transactions for a given exploit represent a leading indicator on how enterprises and government agencies should think about the next attack,” said Joe Saunders, CEO, RunSafe Security. “In illuminating hacker economics via the RunSafe Pwn Index, we want to raise awareness that newer defenses focusing on prevention regardless of the exploit, such as binary stirring and moving target defense, ultimately disrupt the hacker economics rendering exploits inert. ”
The RunSafe Pwn Index Methodology
To create the RunSafe Pwn Index, RunSafe Security analysts collect pricing for zero-day exploits, and then categorize the data by Target Platform (IT Server, Mobile, Embedded) and Exploit Type (including but not limited to memory corruption, privilege escalation, remote code execution, command injection, denial of service). This “basket” of exploits is then aggregated, and from there, a weighted average price is assigned to each Exploit Type corresponding to each Target Platform. The overall Pwn Index and contributing parts are then derived from these calculations. As the prices and quantities of exploits shift over time, RunSafe Security will highlight the key drivers for those shifts.
"So much of the dark web leaves enterprises in the dark," said Greg Otto, Editor-in-chief of CyberScoop. "Unless a security team has someone infiltrating and scouring hacker forums, it’s hard to get a handle on how much money adversaries are spending on the latest exploits. We are so thrilled to partner with RunSafe Security in order to present the security community with a new way to shine a light on the threats the enterprises constantly face."
The RunSafe Pwn Index will be announced during the last month of every quarter on CyberScoop.com and via RunSafe Security’s website. For more information on RunSafe Security visit http://www.runsafesecurity.com and follow @runsafesecurity.
About RunSafe Security
RunSafe Security is the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable embedded systems and devices. With the ability to make each device functionally identical but logically unique, RunSafe Security renders threats inert by eliminating attack vectors, significantly reducing vulnerabilities and denying malware the uniformity required to propagate. Headquartered in McLean, Virginia, with an office in Huntsville, Alabama, RunSafe Security’s customers span the critical infrastructure, IIoT, automotive, medical, and national security industries.
CyberScoop reaches top cybersecurity leaders both online and in-person through our website, newsletter, events, radio and TV. With more than 350,000 unique visitors a month, CyberScoop engages a highly targeted audience of cybersecurity decision makers and influencers. For more information, visit cyberscoop.com and follow on Twitter @CyberScoopNews.