Cyber defenders are stretched to the limit in many organizations, as applications and users proliferate while threat actors become more sophisticated. New platforms and systems each have distinct security issues that must be addressed.
To protect the business, security teams must filter out the noise and effectively prioritize which risks must be dealt with immediately. Yet, security teams are already experiencing alert overload, and distinguishing a high-severity risk from a less urgent one is often hard.
Scoring the risks makes it clear which weaknesses need to be addressed first, which strengthens the organization’s SaaS security posture management. The Common Weakness Scoring System (CWSS), developed by The MITRE Corporation, provides the basis of a consistent and flexible scoring solution that identifies and ranks software weaknesses. Here’s how the CWSS informs an automated, real-time scoring approach, along with steps security teams can take now to prioritize their efforts.
Building a framework for SaaS risk management
CWSS provides a mechanism to rank and prioritize software vulnerabilities. It differs from the MITRE ATT&CK knowledge base, which focuses on the tactics and behavior used by attackers, but the two frameworks can work in parallel.
Mapping the weaknesses measured by CWSS to threat vectors found in ATT&CK — in particular, to the framework’s SaaS Matrix — can help security teams better understand the level of risk to their organization. However, uncovering weaknesses, tracing app-to-app connections, and spotting unusual activity can be tedious manual processes requiring significant time and effort. These processes can also be automated using tools that take advantage of these frameworks and knowledge bases to create a risk-prioritizing dashboard.
Additionally, SaaS risk scoring must account for the severity of the risk before it can identify which threats are most urgent. Risk severity can vary based on the applications in use, how they are configured, access controls, and more. Your scoring system must also factor in the potential effect on business operations and the likelihood of an attack being successful.
Automated remediation empowers security practitioners
Since security teams already have alert overload, the goal of a real-world scoring system should be to automate as much as possible, allowing cyber defenders to focus on what rises to the top of the priority list. An automated solution should:
- Identify SaaS security weaknesses, monitoring the entire SaaS environment holistically to spot system vulnerabilities and emerging threats before they can impact business continuity or the company’s reputation. This includes looking for abnormal user behavior, such as excessive file downloads and leaked credentials. It should also look closely at user privileges and app-to-app connectivity to limit data sharing only to authorized apps.
- Prioritize risks by severity, ranking them as low, medium, high, or critical to clearly show which of them need immediate attention. Context is crucial; factors such as attack stage, technical impact, likelihood of exploitation, control effectiveness, authentication strength, and acquired privileges must be considered. For example, a less used — and therefore less monitored — system could provide an opening into the environment, but if it meets all security requirements, such as enforcing MFA, it may present less of a risk than other apps.
- Remeditate through automated capabilities wherever possible. Even if manual intervention is needed, an effective system will guide users through each step.
- Monitor applications, user behavior, and configuration drift. People and processes evolve, and so does the threat environment. The automated system should provide real-time updates to spot new issues as they arise.
Wing Security’s CWSS-based dashboard prioritizes SaaS risk
A scoring dashboard needs to be comprehensive but still provide real-time information at a glance. What matters is ensuring security teams can see the severity of issues quickly so they can proactively mitigate vulnerabilities.
Wing Security puts this approach into practice with the industry’s first CWSS-based dashboard. Using the CWSS framework as a starting point, we have developed a unique, automated approach that gives security practitioners real-time awareness of SaaS security risks. A simple, easy-to-understand scoring system allows users to understand and respond before weaknesses can be exploited.
Wing Security’s solution creates an effective total security score based on three key factors:
- Security State: This is based on the number of open issues, severity level, and organization size. The severity mechanism prioritizes issues using MITRE CWSS, ranking vulnerabilities by severity (Low to Critical) while considering the attack stage (as per MITRE ATT&CK), technical impact, required privileges, and likelihood of exploitation. Contextual prioritization factors, such as app connectivity, internal controls, and authentication strength, ensure the most critical issues are addressed first.
- Discovery Score: This reflects the number of activated connectors relative to the significance of certain applications. SaaS discovery is crucial to understanding the depth and breadth of potential risk, as it highlights avenues for data to migrate across applications. The system scans and monitors the entire SaaS environment to identify security vulnerabilities, misconfigurations, and emerging threats.
Issues identified include: apps experiencing emergent threats, misconfigured apps, abnormal user behavior (e.g., excessive file downloads), and internal users with leaked credentials (identity-focused risk). The platform provides insights into app-to-app connectivity, the security state of each application, and user privileges.
- Maturity Score: This represents the depth of asset management through active remediation, policy automation, app classifications, and user access reviews. The maturity score measures an organization’s ability to fix security issues efficiently and continuously improve its SaaS security posture.
With automated remediation, prioritized risks are resolved rapidly, minimizing manual effort and reducing real-time risk exposure. For manual fixes, the system provides clear remediation guidance and details on the top 5 critical issues, ensuring teams focus on what matters most. By continuously identifying and prioritizing new risks, the maturity score drives ongoing improvement, strengthening the organization’s overall security resilience.
Wing’s SaaS Security Health Score reflects the environment’s overall security state, highlighting key metrics to help security teams focus on the top five most pressing risks. The clear, easily understood scoring system enables security teams to take action before an incident impacts the business. By focusing resources on the most critical vulnerabilities, this structured approach enables efficient risk management.
Security automation lessens the burden on security teams while also reducing alert fatigue. Wing Security’s CWSS dashboard allows security leaders to focus resources where they are needed most: closing the entryways into your systems and data quickly while ensuring the business can move forward without disruption.
