Skip to main content

Scani5 follows a structured and intelligence-driven workflow that begins with complete asset discovery and ends with actionable remediation and compliance reporting. The platform not only detects vulnerabilities but also contextualizes them with real-world intelligence, ensuring that risks are prioritized and managed effectively.

Asset Discovery and Classification Phase

The first step in Scani5 is asset discovery and classification, which establishes visibility across the organization’s IT environment before any vulnerability analysis begins.

  • Automated Asset Inventory: Scani5 performs discovery scans to identify all assets, including servers, desktops, cloud workloads, applications, containers, and network devices. It maintains a continuously updated inventory, eliminating the need for manual tracking or spreadsheets.

  • Active vs Inactive Assets: Assets are categorized as active (online and in use) or inactive (retired, offline, or unused). This prevents wasted effort on systems that no longer have an impact on the environment.

  • Business Impact Categorization: Each asset is assigned a Critical, High, Medium, or Low category based on operational importance. For example, a production database server may be classified as Critical, while a test machine may be considered Low. This ensures that security teams focus remediation efforts where they matter most.

Vulnerability Detection Phase

  • Automated Active Scanning: Cloud-native agents and scanners are deployed across endpoints, servers, containers, and applications. They collect details such as OS type, kernel version, installed software, vendor patches, configuration issues, and open ports.

  • Database Correlation: Collected data is matched against global vulnerability databases to identify unpatched CVEs, misconfigurations, and other weaknesses.

  • Real-Time Impact (RTI) Scoring: Each vulnerability is scored based on severity, exploitability, and business impact. This ensures that vulnerabilities likely to cause operational disruption or data loss are prioritized.

  • Asset-Linked Vulnerabilities: Every vulnerability is mapped directly to an asset. For instance, Server-1 may show five CVEs, linked to both CVEs and CWEs, providing deeper insight into configuration or code flaws. This mapping provides traceability and simplifies remediation planning.

Threat Intelligence and Prioritization Phase

Scani5 integrates real-world threat intelligence to move beyond raw vulnerability data and prioritize issues based on the likelihood of exploitation.

  • Visibility Index: Vulnerabilities are assigned a visibility score based on mentions in security blogs, exploit databases, GitHub, forums, and social platforms. A higher score indicates growing attacker interest and a higher risk of exploitation.

  • Exploitability Metrics: The system checks whether ready-to-use exploits exist in platforms such as Metasploit, Exploit-DB, or GitHub. Vulnerabilities with “point-and-click” exploits receive higher priority, while theoretical risks remain lower until weaponized.

  • Attack Path and Exposure Mapping: Scani5 simulates how attackers could use a vulnerability to move laterally across the network. For example, a low-risk flaw on a test system may be reclassified as a high priority if it provides indirect access to production assets. This ensures vulnerabilities are prioritized not only by severity but also by potential attack path impact.

Scani5 – Advanced Feature Set

Scani5 provides an advanced feature set that strengthens vulnerability detection, prioritization, and reporting.

Automated Active Scanning

Continuously monitors servers, applications, and endpoints to identify vulnerabilities in real time, reducing the window of exposure.

RTI (Risk to Infrastructure) Score

Goes beyond severity ratings by evaluating how a vulnerability impacts overall infrastructure, considering exploitability, system criticality, interdependencies, and cascading risks.

CAR Score (Criticality & Risk) – RTI Scoring

The RTI score is designed to summarize the severity of a vulnerability by combining three metrics into a single normalized value:

  • CVSS score (overall severity rating from NVD, based on impact and exploitability).
  • Exploitability score (likelihood that the vulnerability can be successfully exploited).
  • Impact score (the potential damage if exploitation occurs).

Logic Used

From all available CVE JSON entries (e.g., if a vulnerability has multiple CVSS versions or vendor records), the system extracts:

  • CVSSv2 & CVSSv3 scores
  • Exploitability scores (v2 and v3)
  • Impact scores (v2 and v3)

The highest available score is taken for each metric.

  • Example: if multiple CVE records exist for the same CWE, the system chooses the maximum CVSS, maximum exploitability, and maximum impact values across them.
  • Preference is always given to CVSSv3 over v2 when both are available.

Formula

The result is rounded to two decimal places.

Example

  • CVSS = 8.0
  • Exploitability = 7.2
  • Impact = 9.0

Visibility Index (Social Score)

The Visibility Score quantifies the probability that a vulnerability is exposed to adversarial reconnaissance in real-world environments.
Unlike static severity models such as CVSS, it is a dynamic metric that recalibrates continuously based on temporal factors, primarily the age of the vulnerability since public disclosure.

Logic Used

  • For each CVE JSON record, the published date field is examined.

  • The system calculates the number of days since the vulnerability was disclosed.

  • Based on how old the CVE is, a weight is assigned:

    • Published ≤ 7 days ago → Score = 1.0 (very recent, high visibility).
    • Published ≤ 30 days ago → Score = 0.8 (still active in exploit cycles).
    • Published ≤ 90 days ago → Score = 0.5 (moderate visibility).
    • Published > 90 days ago → Score = 0.2 (older, lower visibility).

  • If the date is missing or parsing fails, the system assigns a random fallback score (0–9) to avoid breaking the pipeline.

  • The final visibility score is the average across all CVEs provided.

Example: If two CVEs in the group have scores of 1.0 and 0.5 →

AI-Driven Threat Intelligence Engine

Correlates vulnerabilities with global threat intelligence feeds, enabling detection of zero-days, emerging malware, and active exploit campaigns.

Asset Discovery & Classification

Builds and maintains an up-to-date inventory of IT assets, classifying them by business criticality to align remediation efforts with organizational priorities.

Attack Path & Exposure Mapping

Simulates potential attacker lateral movement, highlighting exploitable chains and weakest links to pre-emptively block high-risk attack paths.

Intelligent Dashboards (Role-Based Views)

Provides tailored dashboards for different stakeholders.

  • Security analysts receive technical insights.
  • IT teams see actionable tasks.
  • Executives get high-level risk metrics.

Executive Risk Reporting

Consolidates technical risks into high-level reports designed for decision-makers, presenting overall posture, compliance gaps, and trending risks in a business-focused format.