NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Schedule a Demo
Security Team Intelligence

ThreatForce: How NopSec Aggregates 80+ Intelligence Sources to Cut Through the Noise

ThreatForce

A celebrity vulnerability hits the news—CVSS 10.0, wall-to-wall coverage. Your team drops everything to patch it, but it doesn’t affect your particular environment. Meanwhile, a CVSS 6.6 sits in the backlog. No headlines, but it’s the one actively being weaponized against you.

That’s the gap between chasing scores and understanding threats. Most vulnerability management programs have the data. They don’t have the context.

ThreatForce exists to close that gap.

What Is ThreatForce?

ThreatForce is NopSec’s threat intelligence aggregation engine. It’s a dedicated system that continuously collects, correlates, and analyzes vulnerability data from more than 80 sources—both open source and commercial—to deliver context your scanner simply can’t provide.

This isn’t just about gathering data. ThreatForce is where our AI and machine learning models run, determining which vulnerabilities carry real-world risk and which ones are just noise.

Where the Intelligence Comes From

ThreatForce pulls from a deliberately broad range of sources:

Government and Industry Authorities such as:

  • CISA Alerts
  • CISA KEV (Known Exploited Vulnerabilities)
  • MITRE ATT&CK Framework
  • NVD (National Vulnerability Database)

Threat Intelligence Vendors such as:

  • CrowdStrike (actor profiles and indicators)
  • Recorded Future

Exploit and Vulnerability Databases

  • Exploit-DB
  • Metasploit
  • GitHub Exploits

Security Research and Advisories

  • Kaspersky SecureList
  • Trend Micro Blog
  • Malwarebytes
  • Akamai Blog

Vulnerability Aggregators

  • Vulners (primary aggregator—includes general vulnerability data, blog posts, exploit lists, and CVE correlation)
  • CVESearch

Our 80+ sources accounts for aggregators that themselves pull from multiple upstream feeds—giving ThreatForce substantially broader coverage than any single intelligence subscription could provide.

How ThreatForce Powers Risk Scoring

Raw threat data is just the beginning. ThreatForce correlates this information and uses it to train our AI risk model, which considers factors including:

Exploit Availability and Maturity: Is there a working exploit? Is it proof-of-concept or fully weaponized? Is it in Metasploit?

Active Exploitation: Is CISA tracking this as actively exploited? What does EPSS (Exploit Prediction Scoring System) say about likelihood?

Malware and Ransomware Associations: Has this vulnerability been linked to malware campaigns or ransomware operations?

Attack Path Relevance: We use LLM correlation against the MITRE ATT&CK framework to understand how a vulnerability fits into real-world attack chains.

Celebrity Vulnerability Status: Is this getting media attention that might put your organization under scrutiny—or is it hype without substance?

The result is the NopSec Risk Score, which can both increase priority for vulnerabilities with genuine exploitation activity and—critically—decrease priority for theoretical risks that aren’t actually being exploited. A CVSS 10.0 with no active exploits might drop significantly. A CVSS 6.6 linked to active malware campaigns might jump to urgent.

Why This Matters

Here’s what the data shows: in NopSec’s 2020 State of Vulnerability Risk Management report, filtering 10 million vulnerabilities through threat-based prioritization reduced the number representing active or potential threats to around 1 million. The truly urgent ones? Roughly 19,000.

That’s the difference between drowning in data and knowing what to fix first.

Organizations using ThreatForce-powered prioritization have seen mean time to remediation drop by more than 80%. Security teams stop chasing headlines and start following a rational, defensible patching strategy.

The Bottom Line

CVSS tells you theoretical severity. ThreatForce tells you real-world risk.

When your scanner outputs a sea of red, ThreatForce is how NopSec cuts through to show you the 10 things that actually matter—informed by 80+ intelligence sources, correlated through machine learning, and delivered as actionable priorities.

Because fixing less while securing more isn’t just a tagline. It’s what happens when threat intelligence actually works.

Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber thread exposure management system platform can organize your security chaos.