Perhaps more importantly, the opposite is true. That is, a vulnerability scored low by the generic CVSS rating could, on a specific location in a specific network, represent a much higher risk to the organization. Absent Contextual Prioritization, such a vulnerability would likely be deprioritized, and a critical exposure would go unpatched while less important vulnerability patching efforts consume precious remediation resources.
There are several scanning products on the market today that are very good at showing you all the many thousands of things that are broken. Only automated, meaningful, intelligent prioritization can confidently tell you what you need to fix first. Delve’s Contextual Prioritization has been developed to do just that, filling a gap in vulnerability management software that has been sorely missing since the first vulnerability management tools were made available nearly two decades ago.
There are multiple vulnerability process steps in the typical vulnerability management process, but none is more crucial than prioritization. With tens or hundreds of thousands of vulnerabilities on the typical corporate network, it's nearly impossible to manually prioritize remediation tasks, so a meaningful, automated means of prioritizing vulnerabilities is essential to an effective vulnerability management process. Moreover, to be confident in the prioritization results, the prioritization needs to be comprehensive, and based on more than just one or two factors. And, the prioritization must account for each individual vulnerability's context, from the asset on which it resides, to the part of the network housing the asset, to the organization itself, as well as the external threat environment. The calculation must be repeated multiple times daily, as internal and external factors are constantly changing. Finally, as the most important step in the vulnerability management process, the prioritization engine must rank vulnerabilities from 1 to n, not bundle them in groups. Remediation teams must be given a prescriptive list of tasks that will optimize risk reduction as part of vulnerability management process steps.
Delivering a robust prioritization element for the vulnerability management process that provides a meaningful, automated risk score for each vulnerability as described above is simply not possible without the use of artificial intelligence. Delve's AI engine powers all of the vulnerability management process steps, but it's value in the prioritization stage is irreplaceable. Delve's Contextual Prioritization accounts for 3 dozen factors for each of the thousands of vulnerabilities on the typical enterprise network, and revisits the calculated risk scores multiple times daily. The Delve AI engine also leverages anonymized data from other customers in the Delve cloud to arrive at the most informed, meaningful vulnerability risk score on the market, all without human intervention.