New Kenna Research: The Remediation Gap

Greg Howard    October 12, 2015

Following on our work in this year’s Verizon Data Breach Information Report, Kenna recently published a kind of sequel: “The Remediation Gap: Why Companies Are Losing the Battle Against Non-targeted Attacks.” Authored by our chief data scientist Michael Roytman, the report examined the proliferation of non-targeted attacks and companies’ ability to counter these threats through quick remediation. Kenna analyzed 50,000… Read more »

Vulnerability Reporting for the Masses

Greg Howard    October 2, 2015

Don’t just rely on vulnerability counts to understand your exposure to threats and exploits—visualize your trending risk in real-time with trending reports. Our new trend reports are the best place to understand your true level of risk. Find out what your historical score has been, where you are currently, and where you are trending. And see the impact of your remediations, all… Read more »

Five Common Vulnerability Management Mistakes to Avoid

Ed Bellis    July 21, 2015

Vulnerability Management is often undersourced and undertooled, and yet stands at the epicenter of protecting the organization from a breach. Bringing to bear best practices can mean the difference between success and failure, but what does “best practices” mean and what evidence exists that supports them? In the trenches as former CISO of Orbitz as well as my work with… Read more »

The Three CVEs that You’re Not Paying Attention to (But Probably Should)

Michael Roytman    June 17, 2015

The Risk I/O philosophy is all about fixing what matters – that is, using data to make decisions that make the most of the limited actions you can take in a day, a week, a month. It’s not about the sheer volume of vulnerabilities that your team closes — it’s closing the ones that reduce your overall risk the most…. Read more »

Security As Code at Cloud Security World

Ed Bellis    May 28, 2015

Last week Jason Rohwedder and I had the privilege of presenting a cloud automation use case at Cloud Security World. Our talk not only covered how we automate much of our security at Risk I/O, but how we use DevOps principles to ensure our security controls are consistent even at a high velocity. While we have spoken about some of… Read more »

Looking Before & Beyond a Breach: Lessons from a DBIR Featured Contributor

Michael Roytman    April 16, 2015

As you may know, the 2015 Verizon Data Breaches Investigations Report was recently released. This is the “gold standard” research document for information security, and we’re proud to say that Risk I/O was a featured vulnerabilities contributor, providing a rich correlated threat data set that spans 200M+ successful exploitations across 500+ common vulnerabilities and exposures from over 20,000 enterprises in more… Read more »

Vulnerability Management for the Midsize

Ed Bellis    March 19, 2015

It’s not fair. The big companies have the teams, the tools, and the processes required in order to run a best-in-class vulnerability management program. But guess what? The bad guys don’t care about how big you are. In fact, non-targeted exploits accounted for 75% of the breaches from Verizon’s 2013 Data Breach Investigation Report—meaning even mid-sized companies are equally or… Read more »