Introduction

Welcome to BaseFortify, a cutting-edge Threat Intelligence and Attack Surface Management (ASM) platform designed to revolutionize cybersecurity strategies. Developed by Axxemble, the creators of the acclaimed ISMS solution Base27, BaseFortify provides organizations of all sizes with real-time vulnerability tracking, risk assessment, and automated security intelligence.

This whitepaper explores the core functionalities, methodologies, and benefits of BaseFortify, including its integration with NVD API 2.0, advanced CVE matching techniques, Canonical Naming conventions, and risk prioritization through CVSS and EPSS scoring. We also examine Attack Surface Management (ASM) principles and how BaseFortify assists organizations in reducing their attack surfaces effectively. By leveraging the latest cybersecurity research and intelligence sources, BaseFortify provides actionable insights that help businesses stay ahead of evolving threats.

Why BaseFortify?

In today's evolving threat landscape, staying ahead of cyber threats is crucial. Small and medium-sized businesses (SMBs), however, often lack dedicated cybersecurity resources, leaving them vulnerable to attacks. BaseFortify bridges this gap by offering an automated, intelligent solution that continuously monitors for vulnerabilities, issues real-time alerts, and provides risk-based prioritization.

BaseFortify is powered by daily CVE updates from MITRE and the National Vulnerability Database (NVD) to track emerging vulnerabilities. Its advanced matching algorithms identify risks specific to your infrastructure, ensuring that security teams can act before attackers exploit vulnerabilities. With seamless API integration, BaseFortify delivers real-time threat intelligence using the latest NVD API 2.0, which enhances data retrieval speed and filtering capabilities. By incorporating CVSS 4.0 and EPSS risk scoring, businesses can better prioritize which vulnerabilities pose the most significant risk based on real-world exploitation trends.

Our Offerings

BaseFortify provides two distinct tiers to accommodate organizations with different security needs. The free tier includes a watch list for up to 100 components, weekly vulnerability summary reports, and advanced matching algorithms for early threat detection. For organizations that require a more advanced solution, the premium tier offers unlimited component watch lists, immediate vulnerability alerts, vulnerability forecasting powered by deep learning, and an improved user experience with a dark mode UI.

Attack Surface Management (ASM) and BaseFortify

Attack Surface Management (ASM) is the practice of continuously identifying, monitoring, and mitigating an organization’s external and internal attack surfaces—the sum of all potential entry points that an attacker could exploit. Modern security risks have expanded beyond traditional IT infrastructure, requiring a more proactive, data-driven approach to security.

ASM principles include continuous discovery of digital assets, risk assessment based on vulnerability intelligence (CVE, CPE, CVSS, EPSS), and automated monitoring to detect unauthorized access points. BaseFortify integrates these principles by offering real-time scanning of attack surfaces to detect security weaknesses, automated risk prioritization using CVSS & EPSS, CPE-based asset tracking to map vulnerabilities to real-world infrastructure, and mitigation recommendations with security insights to ensure proactive risk management.

To further explore Attack Surface Management principles, refer to resources such as MITRE ATT&CK and Forrester’s Research on ASM.

CVE Intelligence: How BaseFortify Tracks & Prioritizes Threats

Many organizations assume that older CVEs are irrelevant, but vulnerabilities evolve over time. BaseFortify ensures that CVE data remains up-to-date, capturing newly affected versions of software, additional exploit data and attack patterns, and updated CVSS & EPSS scores for prioritization. Staying ahead of potential exploits requires continuous monitoring of sources like the National Vulnerability Database (NVD) and the Exploit Prediction Scoring System (EPSS).

To effectively prioritize vulnerabilities, BaseFortify employs the Common Vulnerability Scoring System (CVSS) and the Exploit Prediction Scoring System (EPSS). CVSS scores range from 0-10, measuring intrinsic severity through three key metrics: Base (fixed severity), Temporal (changes over time), and Environmental (customized per organization). EPSS predicts the likelihood of exploitation in real-world attacks, assigning scores from 0-1 to help organizations focus on actively targeted threats. By combining CVSS and EPSS, BaseFortify enables smarter security decisions by balancing severity with real-world risk.

Canonical Naming & CPE-Based Vulnerability Matching

One challenge in cybersecurity is matching vulnerabilities to real-world assets. BaseFortify solves this using Canonical Naming, ensuring that vendors and products are consistently labeled in both UI and databases. The Common Platform Enumeration (CPE) format is strictly followed to ensure accurate matching. Users can input system details via PowerShell or Terminal commands to retrieve precise CPE annotations.

For example, when identifying a system’s operating system, users can execute the following PowerShell command:

        Get-CimInstance Win32_OperatingSystem | foreach {Write-Output "cpe:/o:$($_.Caption):$($_.Version):"}

This method ensures accurate CVE matching, reducing false positives and enabling faster threat response. More details on CPE conventions can be found on MITRE’s CPE Dictionary.

Future-Proofing Security with BaseFortify

With the recent transition to NVD API 2.0, BaseFortify provides faster, real-time CVE retrieval, improved filtering for enhanced vulnerability tracking, and seamless compatibility with CVSS 4.0 and EPSS. Automated cybersecurity workflows help organizations monitor assets continuously, prioritize risks dynamically, and mitigate security gaps using actionable intelligence from MITRE TTPs, Exploit-DB, and OSINT sources. By automating reporting and compliance tracking for cybersecurity frameworks such as NIS2 and GDPR, BaseFortify ensures regulatory compliance while enhancing security posture.

Conclusion

BaseFortify represents a shift in cybersecurity, combining Threat Intelligence, Attack Surface Management, and Automated Risk Prioritization into a single, powerful platform. Whether an SMB looking for easy vulnerability tracking or a large enterprise needing full-spectrum threat intelligence, BaseFortify provides the tools, insights, and automation required to stay ahead of cyber threats. Register for a free account today and explore the future of cybersecurity intelligence with BaseFortify.

For additional security resources, visit:

• National Vulnerability Database (NVD)
• MITRE ATT&CK Framework
• FIRST EPSS Scoring System
• Exploit Database (OffSec)
• Cybersecurity & Infrastructure Security Agency (CISA)