Gaining Context Awareness for Better Remediation Prioritization

In our previous blog post, we discussed the vulnerability management industry’s crippling problems. It’s inability to prioritize by context and it’s stubborn focus on chasing hype and predicting (mostly) irrelevant and naive threat metrics, in otherwise very impressive dashboards. We then presented our general strategy for solving this problem. We talked about how we aggregate […]

Prioritization is for Everyone

This series of blog articles will explain in various detail our perspective with regards to vulnerability management and prioritization. This post presents our dissatisfaction with the current state of the industry and our proposed solution. In part 2, we will discuss in more depth some specific implementation details that clearly differentiate our approach from the […]

Knowledge extraction on anonymized data – Differential Privacy

Anonymity at scale This article is the 3rd in a series on data anonymization. Remember that the purpose of data anonymization is to protect the privacy of an entity in a dataset while allowing the extraction of useful statistical information from the complete set. One of the main arguments of this series is the idea […]

Knowledge extraction on anonymized data – K-anonymity

Disclaimer: The following article’s example is artificially constructed to illustrate the purpose of the research and while remaining relevant, does not directly represent the methods used for Delve Labs customer data handling. How to protect your meaningful data in a provably secure way In the first article of this series we introduced the notion of […]

Knowledge extraction on anonymized data

How security researchers can gain (probable) insights on (almost) anonymous data. At Delve Labs, our main concern is to provide our customers with better tools, helping them understand their information security posture. Therefore, we require insight into many intricate and sensitive details of their IT environment. We need the ability to query highly private data […]

On the Security of Serverless Environments

A few years ago, cloud computing was only about spinning up virtual machines. The ability to add more on demand when the load increased fundamentally changed the way we think about uptime and reliability. Software development patterns evolved, andisolation and immutability became cornerstones with the emergence of microservices. At that time, the cloud offering exploded […]

Following Up on the Deserialization Attacks Presentation from BlackHat USA 2017

One of the main axioms of secure programming is a rather simple principle: never trust the user input. It might seem obvious, but this is even more relevant if the user input relates to something in the code, whether it be used to generate a piece of code, or simply a class or function name. […]

A photograph rendered in the style of "Starry Night" by a deep convolutional neural network.

Machine Learning and You

The Future is Machine Learning In recent years, machine learning and artificial intelligence have become prominent in industry and the minds of the public. The availability of more data than ever before, combined with the unwavering growth in capabilities of hardware systems, has allowed machine learning techniques to be scaled with unprecedented ambition. The field […]

Docker Security

Docker Security In Production

Delve Labs was present during the GoSec 2016 conference, where our lead infrastructure architect presented an overview of the current options available for securing Docker in production environments. Text from the slides follows:

Will 50% False Positive Detection Rate Work for IoT Security?

During a talk at the NullCon conference in Goa, India, a researcher from NCC Group shared troubling statistics regarding the current vulnerability scanner landscape. Using an automated scanner, they targeted 100 of their customer’s assets, which turned up over 900,000 vulnerabilities with a false positive rate of 89% to 50% depending on the industry.