Author Archives: Ed Bellis

Ed Bellis

About Ed Bellis

Ed is the CTO and a Cofounder of Kenna.

Announcing Our Latest Integration: Beyond Security

Ed Bellis    June 5, 2014

At Risk I/O, we’ve always made it our mission to integrate with the scanner tools used most. That’s why we’ve added integration with the BeyondSecurity AVDS web scanner to our vulnerability threat management platform. With the new BeyondSecurity AVDS connector, you can discover and eliminate your network’s most serious security weaknesses. Simply sync your scan data via our new connector and Risk I/O will… Read more »

Introducing Nessus Auto-Close with Risk I/O

Ed Bellis    November 13, 2013

One of the common issues with running multiple siloed scanners is tracking the state of vulnerabilities over time. Which vulnerabilities should be closed based on my subsequent findings (or lack thereof)? This problem can be exacerbated when centralizing these point scanners into a central repository such as Risk I/O. Our  Nessus connector now tracks the state of all reported vulnerabilities… Read more »

Introducing the Risk Meter

Ed Bellis    October 8, 2013

You may have noticed we’ve been publishing a lot of information lately on what factors go into the likelihood of a successful exploit. Our presentation at BSidesLV and subsequent events touched on some of the work we’ve been doing based on our processing of over a million successful breaches we have observed across the internet. While this data continues to… Read more »

Introducing Quick Lists

Ed Bellis    July 24, 2013

As you may have read, the Risk I/O platform now correlates live Internet attack data with your vulnerabilities. As your vulnerabilities are processed, we append any vulnerability with additional data around attacks, threats, or exploits. Together, they help to identify where attacks are most likely to occur within your environment. With the addition of this data, Risk I/O is now… Read more »

A Conference By Any Other Name

Ed Bellis    May 14, 2013

Last week I had the opportunity to present at the Best Practices for Technology Symposium. I have to be honest, I’ve never heard of this event and given the name it’s easily missed. In fact, given my recent post on “best practices” and vanity metrics I would have likely avoided an event with such a name. But that would have… Read more »

Best Practices = Vanity Metrics

Ed Bellis    March 21, 2013

After recently reading a post from Gary McGraw at Cigital arguing for software security training, I became a bit frustrated with cited “evidence” and posted this out on Twitter and received a short follow up from Lindsey Smith over at Tripwire… Now let me say upfront, I have a lot of respect for Gary and his work AND actually agree with… Read more »

Remediate…Like a Boss

Ed Bellis    March 12, 2013

The Risk I/O dev team has been developing features at a ridiculous pace with no signs of slowing down. We will be releasing a host of new functionality to our vulnerability intelligence platform over the weeks to come, so stay tuned. Our latest additions will help you identify patches that will reduce the most amount of risk across your environment… Read more »

RSA Week Recap

Ed Bellis    March 5, 2013

Well the dust has finally begun to settle after another whirlwind week of activity around the RSA Conference. As in years past, my favorite track turned out to be the hallway track, although admittedly I didn’t get to see many of the talks and avoided the show floor most of the time. One program I was able to not only… Read more »

Heads Up! (Display)

Ed Bellis    January 22, 2013

I’m happy to share our latest enhancement to visualizing your vulnerability data. Today, we are launching a new Heads-Up Display (HUD): a “mini dashboard” if you will,  that allows you to visualize the current state of your vulnerabilities and defects. Our new Heads-Up Display shows a live presentation of your vulnerabilities. It provides up-to-the-minute information on aspects of your vulnerability… Read more »