The company's threat intelligence feed pulls the latest vulnerabilities from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).
FREMONT, CA: Vulnerability management solution provider leveraging machine learning to automate vulnerability management scanning and prioritization, Delve Labs, launched a free, public vulnerability threat feed that identifies newly-published vulnerabilities that are likely to have an exploit published soon, and also identifies vulnerabilities that are strictly related to security topics trending in the community.
One of the stand out factors of Delve's intelligent vulnerability management solution is its machine-learning Contextual Prioritization, which evaluates over 40 elements for each vulnerability on an enterprise network, numbering all vulnerabilities from 1 ton in order of remediation priority, giving IT and security teams a clear order for their remediation activities. Two of these 40 plus factors are, whether or not a vulnerability is likely to have an exploit published for it when none exist at the current time, and whether topics closely related to the vulnerability are trending in security community discussions or dark web forums. Currently, the company is taking these two factors directly from its VM solution and making the results free for all.
"It's popular now to equate the likelihood a vulnerability will be exploited with remediation prioritization, but it's only a part of the equation," noted Serge-Olivier Paquette, Delve's Lead AI Researcher. "With this threat intelligence feed, we're making public less than 5% of the data we use to prioritize each vulnerability, not only to be good citizens of the information security community, but also to demonstrate how important it is to view prioritization in context. Potential exploitability is a useful element of prioritization, but it's not a panacea."
The company's threat intelligence feed pulls the latest vulnerabilities from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). It applies its proprietary, machine learning-based Exploit Publication Predictor (EPP) engine to each new vulnerability, publishing the results on Delve Labs' new threat intelligence webpage. The feed also lists new vulnerabilities published by NIST in the last 30 days, most likely to have an exploit developed, and is updated daily. The company's prioritization engine consumes data on ongoing conversations on social media, dark web sources, and other information security discussion boards, extracts popular topics, and then identifies vulnerabilities most closely related to those trending topics.