Category Archives: Prioritization

Equifax Lessons: Risk Hunting at Scale

Michael Roytman    September 15, 2017

This past week has seen another high profile breach in the news, one of the largest ever, and apparently the result of a known vulnerability.  Looking back at our analysis of the WannaCry attacks, we examined what we could  learn about prioritization from our 1 billion vulnerabilities under management. Out of those billion vulnerabilities, 259,451,953 were CVSS score of 9… Read more »

Malware exploitable vulnerabilities – Addressing the root cause

Michael Roytman    July 24, 2017

Today, we’re excited to announce our partnership with ReversingLabs – a leader in the world of malware research and analysis. Using metadata about malware samples submitted to ReversingLabs, and focusing on the subset of malware for which we know the Exploit that was used, we can start to treat the root cause of the problem. This is done by notifying… Read more »

Clash of the Titans: How InfoSec and Remediation Teams Can Finally Get Along

Ed Bellis    October 26, 2016

Why the bad blood between InfoSec and Remediation teams? The reality is, they need each other. They just don’t always work alongside each other, or use the same metrics, or see things the same way, or…well, let’s just say there’s a lot of baggage there. Why We Can’t All Just Get Along Within many organizations, security teams and remediation teams… Read more »

Looking Before & Beyond a Breach: Lessons from a DBIR Featured Contributor

Michael Roytman    April 16, 2015

As you may know, the 2015 Verizon Data Breaches Investigations Report was recently released. This is the “gold standard” research document for information security, and we’re proud to say that Risk I/O was a featured vulnerabilities contributor, providing a rich correlated threat data set that spans 200M+ successful exploitations across 500+ common vulnerabilities and exposures from over 20,000 enterprises in more… Read more »

Vulnerability Cage Match

Andrea Bailiff-Gush    March 10, 2015

Sometimes you want to see the status of your open vulnerabilities across the various assets in your environment. And operating system continues to be an important datapoint. That’s why we’ve improved the TagView dashboard. With a new name, Compare, and an expanded set of filters (we’ve added the ability to filter by assets running a specific operating system) you can… Read more »

What a Difference a Year Makes: Reflecting on our Dell SecureWorks Partnership

Ryan Cunnane    February 18, 2015

What a different a year makes. Nearly a year ago, Risk I/O was in the beginning phases of what would become one of our greatest successes to date: a partnership with Dell SecureWorks.  As we celebrate the one-year anniversary of the partnership, we wanted to highlight its significance and firm validation in the marketplace. Partnership highlights include: Threat intelligence supplied by Dell SecureWorks’… Read more »