Systems and methods for prioritizing security findings using machine learning models

Abstract

Systems and methods for prioritizing various security findings to allow a security platform to focus on a proper subset of (e.g., the most important) one or more software application stacks of an enterprise are described. In one embodiment, a method includes generating a profile for an enterprise that indicates one or more software application stacks and a network architecture for the one or more software application stacks, determining one or more vulnerability features of the one or more software application stacks, generating one or more exploitability scores by a first machine learning model based at least in part on the one or more vulnerability features, determining a proper subset of the one or more software application stacks based at least in part on the one or more exploitability scores, determining one or more vulnerabilities of the proper subset of the one or more software application stacks and one or more vulnerabilities of the network architecture, providing the one or more vulnerabilities of the proper subset of the one or more software application stacks, the one or more vulnerabilities of the network architecture, and the profile as input to a second machine learning model, generating an inference by the second machine learning model that indicates one or more attack paths for an attacker in the proper subset of the one or more software application stacks and the network architecture, and transmitting the inference to a storage location or a security software application.