This article explains how the Cye Exposure Management Platform prioritizes findings, so you can focus remediation on the vulnerabilities that reduce the most risk.
Overview
The Cye Exposure Management Platform ranks findings with a dynamic algorithm that weighs technical and business factors together — not severity alone. The result is a recommended fix order built to deliver the largest risk reduction for the least effort.
What influences prioritization
The prioritization engine combines:
Severity of the finding
Whether it is Critical to Block
Probability (likelihood of successful exploitation)
Importance of the affected business asset
Position of the finding on the attack route
Whether the finding appears on multiple routes in the Org. Attack Graph
Set your prioritization objective
You can align prioritization to the strategic objective that matters most to your organization:
Business Asset Exposure — focus on the assets carrying the highest risk
Likelihood of attack — prioritize by probability of exploitation
Asset importance — factor in operational impact and asset criticality
You set this objective in Findings Priority Settings.
The priority rule
The factors above combine into a single ranked order, resolved by a clear precedence:
Critical to Block → Exposure Reduction → Severity
Critical to Block — a finding that blocks multiple attack paths takes the highest priority, regardless of its exposure value.
Exposure Reduction — among the remaining findings, ranking is driven primarily by the exposure of the business assets they affect. Every finding carries an exposure value whether or not it currently sits on an active attack route, so each business asset must have an exposure value assigned for ranking to be accurate. For how this dollar value is calculated, see Finding Exposure Reduction.
Severity — used as a tiebreaker when exposure-reduction values are close.
How the recommended fix order updates
The recommended order recalculates as you remediate, so it always reflects the current graph:
Finding 1 has the highest exposure reduction and is prioritized first.
Finding 2 becomes the top opportunity after Finding 1 is fixed.
Finding 3 rises to the top after Findings 1 and 2 are fixed.
Position on the attack route can outweigh raw exposure. A finding with the second-highest exposure score may still rank third because of where it sits on the path — and once the finding ahead of it is fixed, a different finding can move to the top.
Findings on multiple attack routes
If a finding appears on more than one attack path, it is marked Critical to Block, which raises its mitigation priority.
Wrap-up / Next Steps
Open the Findings page to work through findings in their recommended fix order.
Set your objective in Findings Priority Settings to align ranking with your security goals.
Review Finding Exposure Reduction to understand the dollar values behind the ranking.
For the underlying exposure formula and model, see How the Exposure Calculation Works.