Category Archives: Metrics

Kenna Security and ReversingLabs Partner to Identify and Prevent Malware Threats

Chloe Messdaghi December 13, 2017

Today, we are pleased to announce our results from our partnership with ReversingLabs, a leading provider of threat intelligence solutions that accelerate and broaden an organization’s ability to detect threats, respond to incidents, and gain visibility into advanced attacks. The technology partnership integrates ReversingLabs’ real-time malware threat intelligence into the Kenna Security Platform. Kenna Security customers benefit from: The ability… Read more »

Creating Risk Management Metrics that Matter

Ed Bellis March 10, 2017

As a security team, you are what you measure. The problem is that too many security teams are tracking vulnerabilities, not measuring risk. This post examines how vital it is for security teams to establish risk-based metrics, offering examples of both the right and wrong measures to use. The paper then looks at the key steps to building risk management… Read more »

Reporting on Risk: One Metric to Bind Them All

Ed Bellis January 11, 2016

In my previous post, I discussed ways that organizations have typically reported on risk: namely, talking about the number of closed vulnerabilities. I discussed how most stakeholders (and particularly non-technical executives) can’t make heads nor tails out of that kind of reporting. So what’s the best way to truly report on risk? Your first step is to understand the criticality… Read more »

Vulnerability Cage Match

Andrea Bailiff-Gush March 10, 2015

Sometimes you want to see the status of your open vulnerabilities across the various assets in your environment. And operating system continues to be an important datapoint. That’s why we’ve improved the TagView dashboard. With a new name, Compare, and an expanded set of filters (we’ve added the ability to filter by assets running a specific operating system) you can… Read more »

“Threat Intelligence” By Any Other Name: RSA 2014 Recap

Michael Roytman March 4, 2014

I’m told that every year RSA has a theme, and that this theme is predictive of the year to come for the information security industry. Sometimes, that theme is hidden. Other times, (such as last year) that theme is a race car engine with the words “Big Data” splattered all over it jumping out at you on every corner. At… Read more »

SIRAcon Attendees, Start Your Engines

Michael Roytman October 25, 2013

“Information is the oil of the 21st century, and analytics is the combustion engine.” – Peter Sondergaard, SVP Gartner This week I attended SIRAcon in Seattle, a conference hosted by the Society of Information Risk Analysts. I spoke about the methodology behind Risk I/O’s “fix what matters” approach to vulnerability management, and how we use live vulnerability and real-time breach data… Read more »

Introducing the Risk Meter

Ed Bellis October 8, 2013

You may have noticed we’ve been publishing a lot of information lately on what factors go into the likelihood of a successful exploit. Our presentation at BSidesLV and subsequent events touched on some of the work we’ve been doing based on our processing of over a million successful breaches we have observed across the internet. While this data continues to… Read more »

Stop Fixing All The Things – Our BSidesLV Talk

Michael Roytman August 6, 2013

Last week at BSidesLV, Ed Bellis and I presented our view on how vulnerability statistics should be done. We think it’s a different and useful approach to vulnerability assessments. Our contention is that the definitions of vulnerabilities in NVD and OSVDB are just that – definitions. As security practitioners, we care about which vulnerabilities matter. Much like looking at a… Read more »

Filtered Dashboards 2.0

jheuer July 9, 2013

We recently added new functionality to our filtered dashboard feature, which we think you’ll be excited about. As we mentioned in an earlier blog post, our new filtering feature allows you to use custom tags to see different views of your vulnerability metrics on both the Analyst and Executive tabs of the dashboard. This empowers you to perform comparisons across… Read more »

A Conference By Any Other Name

Ed Bellis May 14, 2013

Last week I had the opportunity to present at the Best Practices for Technology Symposium. I have to be honest, I’ve never heard of this event and given the name it’s easily missed. In fact, given my recent post on “best practices” and vanity metrics I would have likely avoided an event with such a name. But that would have… Read more »