Author Archives: Michael Roytman

Michael Roytman

About Michael Roytman

Michael is the Chief Data Scientist at Kenna.

Equifax Lessons: Risk Hunting at Scale

Michael Roytman    September 15, 2017

This past week has seen another high profile breach in the news, one of the largest ever, and apparently the result of a known vulnerability.  Looking back at our analysis of the WannaCry attacks, we examined what we could  learn about prioritization from our 1 billion vulnerabilities under management. Out of those billion vulnerabilities, 259,451,953 were CVSS score of 9… Read more »

Treating the Root Cause: Security in Healthcare

Michael Roytman    August 29, 2017

Treating the Root Cause: Security in Healthcare Security is healthcare, and it’s apparent even in the language we use to describe malicious software. Viruses, worms and the like have long been examples of malware so-called because they propagate as disease, but more relevantly to us – they are also treated as such. Symptomatic treatment is any medical therapy of a… Read more »

Malware exploitable vulnerabilities – Addressing the root cause

Michael Roytman    July 24, 2017

Today, we’re excited to announce our partnership with ReversingLabs – a leader in the world of malware research and analysis. Using metadata about malware samples submitted to ReversingLabs, and focusing on the subset of malware for which we know the Exploit that was used, we can start to treat the root cause of the problem. This is done by notifying… Read more »

Collaborative Data Science – Inside the 2016 Verizon DBIR Vulnerability Section.

Michael Roytman    May 1, 2016

The best part about working in a nascent, yet-unsolved-perhaps-never-to-be-solved industry is that the smartest minds are often struggling with the same problems, and are only a tweet or a phone call away if you need help. I’ve had help from fellow data scientists, NIST and MITRE folk, competitors, practitioners, professors and the like. While rock-star-syndromes are surely out there and… Read more »

The Three CVEs that You’re Not Paying Attention to (But Probably Should)

Michael Roytman    June 17, 2015

The Risk I/O philosophy is all about fixing what matters – that is, using data to make decisions that make the most of the limited actions you can take in a day, a week, a month. It’s not about the sheer volume of vulnerabilities that your team closes — it’s closing the ones that reduce your overall risk the most…. Read more »

Looking Before & Beyond a Breach: Lessons from a DBIR Featured Contributor

Michael Roytman    April 16, 2015

As you may know, the 2015 Verizon Data Breaches Investigations Report was recently released. This is the “gold standard” research document for information security, and we’re proud to say that Risk I/O was a featured vulnerabilities contributor, providing a rich correlated threat data set that spans 200M+ successful exploitations across 500+ common vulnerabilities and exposures from over 20,000 enterprises in more… Read more »

What You Miss When You Rely on CVSS Scores

Michael Roytman    February 26, 2015

Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat intelligence might expose a wealth of information about attackers and attack paths, integrating it into decision-making is no easy task. Too often, we make the mistake of taking the data given to us for granted – and this has disastrous consequences. In this blog post,… Read more »

Black Hat 2014 Recap: Actionable Takeaways from a Security Data Scientist

Michael Roytman    August 13, 2014

This is my second Black Hat conference, and the best one yet. Last year was full of gloom about all sorts of devices exploited, revelations about the NSA and uncertainty about what threat intelligence meant or how good it was. This year, from the keynote down to an obscure track at BSides which I participated in, the tone was much… Read more »

There’s No Such Thing As a Cool Vulnerability

Michael Roytman    July 31, 2014

If you work in vulnerability management, all the vulnerabilities you’ll hear about at Black Hat are irrelevant. Every year at Black Hat and DEF CON, new vulnerabilities get released, explained and demoed. This year, you’ll see everything from remote car hacks, to hotel room takeovers, to virtual desktop attacks to Google Glass hacks. But once you get back home, don’t let… Read more »

Heartbleed Is Not A Big Deal?

Michael Roytman    April 17, 2014

As of this morning we have observed 224 breaches related to CVE-2014-0160, the Heartbleed vulnerability. More than enough has been said about the technical details of the vulnerability, and our own Ryan Huber covered the details a few days ago. I want to talk about the vulnerability management implications of Heartbleed, because they are both terrifying and telling. The Common Vulnerability… Read more »