FACT uses Artificial Intelligence (AI), specifically Machine Learning (ML) and Natural Language Processing (NLP), to perform the extraordinarily difficult task of linking vulnerabilities to products.
The National Vulnerability Database (NVD) is far from complete and rarely maps component vulnerabilities back to the products containing those components.
Thanks to mergers and acquisitions (and even simple spelling errors), the vendor name on a product often doesn't match the vendor name in the NVD disclosure details or the Common Platform Enumeration (CPE) listing.
Even the most experienced security analysts cannot efficiently match vulnerabilities with their installed products (or the other way around). With AI, FACT creates these vulnerability associations quickly and comprehensively.
Just searching for the vendor name on your device doesn’t work. You need to know the vendor’s merger and acquisition history as well as any rebranding or renaming the product line underwent.
Vendors have the ability to review and manage the vulnerabilities, approving, rejecting, and mitigating them as appropriate. This added level of intelligence saves asset owners from false-positive alerts and streamlines communication between parties.