Vulnerability Management and WWII Aircraft Professor Anderson, a legend in the Aerospace Engineering Department at the University of Maryland, was one of the best professors I ever had. He just loved Aerospace Engineering, and especially its history. At the end of each technical chapter in the textbook he wrote (and…
In cybersecurity, not all vulnerabilities are created equal. This is why prioritization is essential to know which ones really matter for your organization. In this blog post, I’ll present a new feature that we’ve added in the Delve platform to better understand where a vulnerability stands in an ecosystem. When…
At one of my first jobs in the late 90s, one of my co-workers, a former mechanic and clearly good with cars, purchased an old manual for his used Datsun – pretty sure it was a Datsun, but don’t hold me to that – as he was planning a weekend…
This is part 3 in our series on contextual predictive prioritization. In part 1 we presented the overwhelming problem of vulnerability prioritization and in part 2 we presented our solution, contextual analysis, using hands-on examples of real vulnerabilities. This final article will showcase how machine learning actually enables prioritization at scale and across organizations,…
I’ve never much cared for the phrase “data-driven decision.” It’s not that I endorse gut-level decision-making or shooting from the hip, but rather I take exception to the word “data” in this context. In short, I think data is overrated. SIEMs can produce millions of logs in a day, but…
We always come from somewhere Almost no idea arises from a complete void. The idea of a genius thinker that possesses ideas that no one has is to startup world what unicorns are to biology: a fairy tale. Delve is certainly no exception to this reality. Before Delve had these…
In our previous blog post, we discussed the vulnerability management industry’s crippling problems. It’s inability to prioritize by context and it’s stubborn focus on chasing hype and predicting (mostly) irrelevant and naive threat metrics, in otherwise very impressive dashboards. We then presented our general strategy for solving this problem. We…
This series of blog articles will explain in various detail our perspective with regards to vulnerability management and prioritization. This post presents our dissatisfaction with the current state of the industry and our proposed solution. In part 2, we will discuss in more depth some specific implementation details that clearly differentiate…
Anonymity at scale This article is the 3rd in a series on data anonymization. Remember that the purpose of data anonymization is to protect the privacy of an entity in a dataset while allowing the extraction of useful statistical information from the complete set. One of the main arguments of…