Step 1: Remove Engine

At one of my first jobs in the late 90s, one of my co-workers, a former mechanic and clearly good with cars, purchased an old manual for his used Datsun – pretty sure it was a Datsun, but don’t hold me to that – as he was planning a weekend project to replace the clutch. […]

Learning context at scale, for the benefit of all

This is part 3 in our series on contextual predictive prioritization. In part 1 we presented the overwhelming problem of vulnerability prioritization and in part 2 we presented our solution, contextual analysis, using hands-on examples of real vulnerabilities. This final article will showcase how machine learning actually enables prioritization at scale and across organizations, allowing […]

Data vs. Information

I’ve never much cared for the phrase “data-driven decision.”  It’s not that I endorse gut-level decision-making or shooting from the hip, but rather I take exception to the word “data” in this context.  In short, I think data is overrated. SIEMs can produce millions of logs in a day, but that data, on its own, […]

NorthSec: On giving back…

We always come from somewhere Almost no idea arises from a complete void. The idea of a genius thinker that possesses ideas that no one has is to startup world what unicorns are to biology: a fairy tale. Delve is certainly no exception to this reality. Before Delve had these revolutionary ideas of incorporating the […]

Gaining Context Awareness for Better Remediation Prioritization

In our previous blog post, we discussed the vulnerability management industry’s crippling problems. It’s inability to prioritize by context and it’s stubborn focus on chasing hype and predicting (mostly) irrelevant and naive threat metrics, in otherwise very impressive dashboards. We then presented our general strategy for solving this problem. We talked about how we aggregate […]

Prioritization is for Everyone

This series of blog articles will explain in various detail our perspective with regards to vulnerability management and prioritization. This post presents our dissatisfaction with the current state of the industry and our proposed solution. In part 2, we will discuss in more depth some specific implementation details that clearly differentiate our approach from the […]

Knowledge extraction on anonymized data – Differential Privacy

Anonymity at scale This article is the 3rd in a series on data anonymization. Remember that the purpose of data anonymization is to protect the privacy of an entity in a dataset while allowing the extraction of useful statistical information from the complete set. One of the main arguments of this series is the idea […]

Knowledge extraction on anonymized data – K-anonymity

Disclaimer: The following article’s example is artificially constructed to illustrate the purpose of the research and while remaining relevant, does not directly represent the methods used for Delve Labs customer data handling. How to protect your meaningful data in a provably secure way In the first article of this series we introduced the notion of […]

Knowledge extraction on anonymized data

How security researchers can gain (probable) insights on (almost) anonymous data. At Delve Labs, our main concern is to provide our customers with better tools, helping them understand their information security posture. Therefore, we require insight into many intricate and sensitive details of their IT environment. We need the ability to query highly private data […]

On the Security of Serverless Environments

A few years ago, cloud computing was only about spinning up virtual machines. The ability to add more on demand when the load increased fundamentally changed the way we think about uptime and reliability. Software development patterns evolved, andisolation and immutability became cornerstones with the emergence of microservices. At that time, the cloud offering exploded […]