Author Archives: Ed Bellis

Ed Bellis

About Ed Bellis

Ed is the CTO and a Cofounder of Kenna.

No More Traffic Signals

Ed Bellis    March 23, 2012

Red, Yellow, Ugh… I have been frustrated by the state of prioritization in security for several years. I recently wrote about how a data-driven approach can help prioritize remediation when there are a large amount of issues to contend with. It seems that much of the industry got together years ago and decided we could drop millions of issues into… Read more »

Security Intelligence != SIEM

Ed Bellis    March 5, 2012

I’ve just returned from RSA, BSides and Metricon and thought I would pen a few of my thoughts while they’re still fresh in my mind. On Monday I had the privilege of participating in a panel on Data Driven Security at Metricon 6.5. Scott Crawford moderated and has a great blog series on data driven security. It was an interesting… Read more »

Give ‘Em What They Want… and Nothing More

Ed Bellis    March 1, 2012

A lot of Risk I/O users rely on bug tracking and trouble ticketing to track their remediation workflow including status, ownership and due dates. We built Risk I/O to integrate directly into these solutions so our customers would never have to leave while tracking to close. That’s all well and good, but we have others who prefer not to use… Read more »

Special Orders Don’t Upset Us

Ed Bellis    January 18, 2012

Just a quick post to give you an update on one of our newest features. A few months back we wrote about custom fields in Risk I/O and how to add your own data and metadata to your vulnerabilities and assets. Today I’m writing about taking this customization to the next step. We recognize different people within your company are… Read more »

Losing Our Religion

Ed Bellis    January 16, 2012

An article in the Wall Street Journal last week caught my eye. After being teased into thinking the feds may be going new school a few weeks back, I am tempted to think this move by the banks might truly be. Having spent some time in my career in this world, I can vouch that this is actually a pretty… Read more »

The Scanner That Cried Wolf

Ed Bellis    January 5, 2012

Dealing with false positives during a vulnerability assessment is a fact of life. As applications and infrastructure grow larger and more complex, the likelihood of running into these Type I errors increases along with it. Although these issues become more commonplace as you grow, there are a number of known ways to help decrease the amount of false positives that are produced… Read more »

BayThreat: From Shaman to Scientist

Ed Bellis    December 20, 2011

I recently gave an updated talk on my data driven security use case at BayThreat 2 in Mountain View. First off, thanks to Marisa Fagan and all the organizers, this year was even better than last. Also, apologies for not being able to stay for the entire weekend, alas duty called. I have been making my rounds at various security… Read more »

Are The Feds Going New School?

Ed Bellis    December 1, 2011

Probably not… As much as the headlines of a new bill in Washington grabbed my interest with a twinkle of hope, it turns out in some ways this may be a step away from a new wave of information sharing. It appears to promote information sharing regarding security breaches between the private sector and the government by blanketing companies with… Read more »

Same As It Ever Was

Ed Bellis    November 21, 2011

A couple of weeks ago I was invited by IANS to participate in a panel presentation in one of their Executive Client Briefings. The theme for the event was on building risk-based management frameworks and I headed up the Next Generation Threat Management portion. First off, many thanks to the folks at IANS for having me, as usual they did… Read more »