Prediction Engine

Vulnerability Prediction Engine

Is your vulnerability management program able to clearly delineate between vulnerabilities that are predicted to be exploited in the wild vs ones that are currently being actively exploited in the wild?

Leveraging our data collection platform, NorthStar’s vulnerability prediction engine accurately identified over 44.2% of the vulnerabilities that would be exploited in the wild at some point in the future, providing an average notice of around 436 days in advance.



A yes/no, categorical prediction providing a definitive assessment on whether a CVE will eventually be exploited in the wild.


Reduce the number of CVE’s to focus on by more than 97%.


Give extra time to remediate over 45% of the CVE’s that are validated as exploited in the wild.

Provided an average of 280 days advance notice for a chance to fix CVEs that are validated as exploited in the wild.

How does Vulnerability Prediction Work?

Prediction begins with the collection of surveillance data that captures the footprint or breadcrumbs left behind online by attackers seeking to develop, deploy, and monetize exploits that are capable of leveraging an existing vulnerability. The appearance of these events and activities have proven reliable in determining the immediate risk posed by each vulnerability.

NorthStar Vulnerability Prediction Validation

NorthStar’s Prediction Engine

NorthStar’s vulnerability prediction engine is a yes/no categorical prediction. This provides a definitive assessment on whether a CVE will eventually be exploited in the wild. Each prediction comes with a timestamp representing when the prediction was first made based on all available data at the time.

YES = Take immediate action
NO = No immediate action needed

Our collection platform pulls data from thousands of sources daily with hundreds of new sources added weekly. Billions of unique data points are produced and analyzed daily from sources with each contributing to a consolidated and coherent view of the vulnerability threat landscape.

With this data, the Vulnerability Prediction Engine works to construct a clear picture of each vulnerability by identifying and tracking the major events associated with each, piecing these events together creating a “pattern of life” (POL).  This POL provides a forward-looking capability that is based on all available data.

Advanced machine learning and natural language processing techniques then work together to recognize, extract and store the individual instances of exploit related events that are associated with known software and hardware vulnerabilities. Once these individual event instances are identified across all available sources, they are fused together into a single model for each vulnerability creating a clear picture of where each vulnerability is on its path, starting from initial identification to potentially being exploited in the wild. As new information about the vulnerability is obtained, predictions are updated daily.

Sign up for a sneak peek!