Five Common Vulnerability Management Mistakes to Avoid

Ed Bellis    July 21, 2015

Vulnerability Management is often undersourced and undertooled, and yet stands at the epicenter of protecting the organization from a breach. Bringing to bear best practices can mean the difference between success and failure, but what does “best practices” mean and what evidence exists that supports them? In the trenches as former CISO of Orbitz as well as my work with… Read more »

The Three CVEs that You’re Not Paying Attention to (But Probably Should)

Michael Roytman    June 17, 2015

The Risk I/O philosophy is all about fixing what matters – that is, using data to make decisions that make the most of the limited actions you can take in a day, a week, a month. It’s not about the sheer volume of vulnerabilities that your team closes — it’s closing the ones that reduce your overall risk the most…. Read more »

Security As Code at Cloud Security World

Ed Bellis    May 28, 2015

Last week Jason Rohwedder and I had the privilege of presenting a cloud automation use case at Cloud Security World. Our talk not only covered how we automate much of our security at Risk I/O, but how we use DevOps principles to ensure our security controls are consistent even at a high velocity. While we have spoken about some of… Read more »

Looking Before & Beyond a Breach: Lessons from a DBIR Featured Contributor

Michael Roytman    April 16, 2015

As you may know, the 2015 Verizon Data Breaches Investigations Report was recently released. This is the “gold standard” research document for information security, and we’re proud to say that Risk I/O was a featured vulnerabilities contributor, providing a rich correlated threat data set that spans 200M+ successful exploitations across 500+ common vulnerabilities and exposures from over 20,000 enterprises in more… Read more »

Vulnerability Management for the Midsize

Ed Bellis    March 19, 2015

It’s not fair. The big companies have the teams, the tools, and the processes required in order to run a best-in-class vulnerability management program. But guess what? The bad guys don’t care about how big you are. In fact, non-targeted exploits accounted for 75% of the breaches from Verizon’s 2013 Data Breach Investigation Report—meaning even mid-sized companies are equally or… Read more »

Vulnerability Cage Match

Andrea Bailiff-Gush    March 10, 2015

Sometimes you want to see the status of your open vulnerabilities across the various assets in your environment. And operating system continues to be an important datapoint. That’s why we’ve improved the TagView dashboard. With a new name, Compare, and an expanded set of filters (we’ve added the ability to filter by assets running a specific operating system) you can… Read more »

New! Features that Will Improve Your Vulnerability Prioritization

Andrea Bailiff-Gush    March 5, 2015

Today, we’re announcing new statuses, filters and displays that will impact how you sift through scan data, prioritize vulnerabilities and communicate with your team. New! Vulnerability Statuses We’ve added two new vulnerability statuses that will make it even easier for your team to track the lifecycle of a vulnerability: risk accepted & false positive. These statuses are flagged by the end user… Read more »

What You Miss When You Rely on CVSS Scores

Michael Roytman    February 26, 2015

Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat intelligence might expose a wealth of information about attackers and attack paths, integrating it into decision-making is no easy task. Too often, we make the mistake of taking the data given to us for granted – and this has disastrous consequences. In this blog post,… Read more »