Not All Vulnerabilities are Created Equal
September 14, 2019
In cybersecurity, not all vulnerabilities are created equal. This is why prioritization is essential to know which ones really matter for your organization. In this blog post, I’ll present a new feature that we’ve added in the Delve platform to better understand where a vulnerability stands in an ecosystem.
When a user clicks on a vulnerability from the panel, we can now see, at a glance, all relevant information without the need to access a different page.
One interesting value is the Delve Score. This is what the Delve AI gives as a score to a particular vulnerability. We use it to compare all vulnerabilities on a unified scale. The Common Vulnerability Scoring System (CVSS) is a value that is well known and used by Vulnerability Assessment tools. We use this as our reference starting point. The problem with this metric is that it doesn’t take into account the real context of the vulnerability. This is where the Delve AI comes into play.
The scoring panel shows a summary of how the Delve AI actually interpreted the vulnerability, and how it positions it in its ecosystem.
On the left of the panel, we can see the most influential factors that were taken into account by the AI. In the example shown precedently, we see for example that an outdated version of Bash that has Remote Exploits available.
The next picture shows a different vulnerability with very different factors, this time based more on the context sensitivity. The AI actually uses more than 30 of such factors to evaluate every vulnerability. By the way, if you are interested in learning more about the categories, we have just released a whitepaper that explains how the AI uses the data to do that categorization and prioritization.
Every criteria is regrouped in 3 main categories, all presented in a nifty triangle graph. The 3 axes each represent a specific family of factors.
- Predicted Exploitability: This group of factors represents how Delve AI estimates the likelihood of this vulnerability being exploited; it can be influenced by the existence of exploits and their relative ease of use, the typical timeframe for remediation for similar vulnerabilities in the past, and other external industry sources of information.
- Context Sensitivity: This group of factors represents the influence of the context in which this specific vulnerability exists, as it pertains to the importance and uniqueness of the underlying asset, its relationships with other vulnerabilities and assets, and various contextual information estimated by Delve's AI.
- Detection Reliability: This group of factors take into account the confidence Delve has in detecting this vulnerability; this can be influenced by not only the detection mechanism itself, but also how likely this vulnerability is to be a false-positive or a true-positive, using Delve AI's algorithms that are continuously trained through regular platform use.
Thanks to this new panel, we can easily understand how the AI categorized the vulnerability, and where remediation efforts should be put. As with everything in the platform, this is a work in progress. If you have suggestions on how we could make this new panel even better, feel free to contact us. All vulnerabilities are not equal, and your use cases are different too.