News

October 31, 2019

Delve Launches Contextual Vulnerability Prioritization With Unique Vulnerability Rating

Leader in AI-Driven Vulnerability Management Delivers First Risk-Related Vulnerability Rating Personalized to Each Enterprise Network Environment

Montreal and New York, October 31, 2019.  Delve, the pioneer in AI-Based vulnerability assessment and prioritization, today announced the release of its Contextual Vulnerability Prioritization, the first vulnerability prioritization solution that provides a unique vulnerability risk score for each asset in the enterprise, a stark improvement over the generic, one-size-fits-all vulnerability rating available previously.

Today, the typical vulnerability rating is based on a generic CVSS score, and the vulnerability rating for each vulnerability is the same for each vulnerability, irrespective of the environment in which the vulnerability is found.  So, in the most simple example, a vulnerability on a machine running web applications will receive the same vulnerability rating as that same vulnerability on an asset that is not connected to the internet.  Some vulnerability rating techniques add an internet-connection factor to their analysis, but this is only one of many factors that affects a meaningful risk rating in the real world.  Delve's Contextual Vulnerability Prioritization turns this generic vulnerability rating paradigm on its head, building a risk rating for each vulnerability based on its specific context on each network.  In fact, Delve's contextual prioritization risk rating could very well be different for the same vulnerability in different locations on the same enterprise network.

“Just about every organization struggles with an overwhelming number of network vulnerabilities, and determining which ones should be remediated first is both labor-intensive and colossally imprecise,” noted Gabriel Tremblay, Delve’s founder and CEO.  “Being able to automate vulnerability prioritization using factors wholly unique to every asset and its role in the enterprise completely changes the way IT and security teams can conduct vulnerability management operations.”

By leveraging the power of machine learning and other AI techniques, Delve builds a comprehensive view of each vulnerability and the network on which it resides to prioritize remediation efforts in context.  To date, vulnerability risk scoring has been independent of the vulnerability’s environment in the enterprise, but with Delve’s pioneering Contextual Prioritization, remediation efforts are now prioritized by a meaningful vulnerability rating - a risk score - based on nearly 3 dozen internal and external factors - unique to each network and enterprise, so IT and security teams know what to remediate first, based on the risk each vulnerability poses to their network.

“Delve’s been a game-changer for us,” added Darryl MacLeod, Information Security Manager at Securicy (securicy.com). “Delve’s Contextual Prioritization enables us to intelligently execute our vulnerability remediation efforts to maximize risk reduction with minimal resource expenditure.  No other vulnerability management vendor offers prioritization in the context of our unique network environment.”

With its roots established in penetration testing, Delve has combined that foundation with machine learning and other modern AI techniques to make Contextual Vulnerability Prioritization practical.  Added Pierre-David Oriol, Delve’s VP of Product, “the sheer volume of asset and vulnerability data on a typical enterprise network would make Contextual Prioritization impossible to implement without leveraging modern AI technology.”

Contextual Vulnerability Prioritization is available now and delivered with Delve’s core vulnerability management product.  To learn more, visit delvesecurity.com.

Contextual Vulnerability Prioritization

Delve's Contextual Vulnerability Prioritization accounts for nearly 3 dozen factors to rank each vulnerability in context, providing a meaningful alternative to legacy vulnerability risk scores that provide the same score for all vulnerabilities on all networks.

About Delve

Delve (delvesecurity.com) is transforming the way enterprises conduct vulnerability management. By leveraging the power of Artificial Intelligence and a view of each vulnerability in the context of its individual characteristics within the organization, the asset’s importance, and external factors, Delve delivers a meaningful, prioritized list of vulnerabilities that enables teams to reduce vulnerability risk while minimizing remediation activity. Delve was founded in 2014 and has offices in Montreal, New York, and San Francisco.

Contact:  Jeff Hill, VP of Marketing, [email protected].  908-872-8560

To learn more about Contextual Vulnerability Prioritization, download our white paper, "Introduction to Contextual Prioritization"