A score per asset. A score per domain. And a real signal underneath.
Risk scores are useful when they reflect real-world exploitation, not theoretical severity. Deepinfo scores every asset and every domain on a unified scale, with vulnerability scoring enriched by EPSS exploit-prediction and CISA KEV "actively exploited" flags. Boards see the score; analysts see the math.
A unified risk score that tracks real exploitation signal.
Every monitored asset gets a security score on a unified scale. The score rolls up the issues detected on the asset, weighted by severity and by real-world exploitation signal. Every domain (which may have many assets) gets a domain-level score that aggregates across its asset inventory.
Vulnerability scoring goes beyond CVSS. Every CVE detected is enriched with EPSS, the Exploit Prediction Scoring System, which models likelihood of exploitation in the next 30 days based on real-world data. Every CVE is also flagged against CISA's Known Exploited Vulnerabilities catalog. A "critical" CVSS with low EPSS and no KEV listing genuinely deprioritizes against a "high" CVSS with high EPSS and an active KEV flag.
Three signals feed every score.
CVSS gives the theoretical baseline. EPSS adds the exploitation likelihood. CISA KEV adds the confirmed-in-the-wild signal.
CVSS: the baseline.
Common Vulnerability Scoring System. Tells you how severe a vulnerability could be in theory. Necessary, not sufficient.
EPSS: exploit prediction.
Exploit Prediction Scoring System. Models the probability that a vulnerability will be exploited in the next 30 days using real-world attack data. EPSS lets you separate the genuine queue-toppers from the theoretical-criticals.
CISA KEV: confirmed exploitation.
CISA Known Exploited Vulnerabilities catalog. CVEs confirmed to be exploited in the wild. Every CVE in our system carries a KEV flag. KEV-listed CVEs jump to the top of the queue automatically.
Where scores show up in your workflow.
Per-asset score
On every asset in your monitored inventory.
Per-domain score
Aggregating across all assets in a domain.
Score timeline
Per asset and per domain, showing trajectory over weeks and months.
Top-N worst assets
Dashboard view for triage.
Score-change alerts
When an asset or domain crosses a configurable threshold.
Per-CVE detail
CVSS, EPSS percentile, EPSS probability, and KEV status with date added.
Compliance-mapped breakdown
What's contributing to a score (OWASP / PCI / HIPAA / CWE / CAPEC / WASC).
Scoring closes the EASM workflow.
Smart Asset Discovery finds the inventory. Continuous Scanning surfaces the data. Comprehensive Risk Detection classifies issues. Remediation with Actionable Insights routes them to your team. Complete Risk Scoring rolls everything into the unified scores that go on the dashboard, into reports, and into board presentations. Every score is traceable back to the issues, the evidence, the assets.
“The score is only as useful as the signal underneath it. EPSS plus CISA KEV under every CVE means our queue is ranked by what's actually being exploited, not by theoretical CVSS. Patching priorities now match real risk.”
Explore the full platform.
See your entire attack surface. Act on what matters.
Continuous discovery and monitoring of every internet-facing asset, including subsidiaries and acquired companies.
See module CTI · CYBER THREAT INTELLIGENCESee what’s exposed. Act before it’s exploited.
Dark-web monitoring, breach corpora, infostealer logs, and threat-actor activity tied to your organization.
See module BRP · BRAND RISK PROTECTIONKeep an eye on the internet. Protect your brand.
Lookalike domains, fake apps, fraudulent listings, and brand abuse caught in hours, not weeks.
See module TPRM · THIRD-PARTY RISK MANAGEMENTEvery third party carries risk. See all of it.
Continuous external monitoring of every approved vendor with the same depth as your own surface.
See module DSI · DEEP SEARCH AND INSIGHTSExplore the entire internet. See every layer.
400M domains, 2B subdomains, 200B DNS records, 30B SSL certificates. All queryable directly.
See moduleGet a security score for your domain.
Run Deepinfo against your domain. The free threat exposure report includes your current security score plus a breakdown of what's driving it.