Category Archives: Remediation

What You Miss When You Rely on CVSS Scores

Michael Roytman    February 26, 2015

Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat intelligence might expose a wealth of information about attackers and attack paths, integrating it into decision-making is no easy task. Too often, we make the mistake of taking the data given to us for granted – and this has disastrous consequences. In this blog post,… Read more »

Mo’ Vulnerabilities, Mo’ Problems

Ryan Cunnane    September 19, 2014

*This originally appeared as a guest post in the Tripwire – The State of Security blog as Mo’ Vulnerabilities, Mo’ Problems…One Solution. Security practitioners juggle many tasks, with vulnerability management requiring the most time and effort to manage effectively. Prioritizing vulnerabilities, grouping those vulnerabilities and assets, and assigning them to the appropriate teams takes considerable time using current scanning technology…. Read more »

On Physical Security

rhuber    March 31, 2014

Our mission at Risk I/O is to help businesses understand threats to their infrastructure, but as security practitioners we are interested in many forms of security, including physical. This blog post concerns something of particular interest to me, securing my office and a nearly successful theft, which was thwarted by a bit of hobbyist tech. Risk I/O is an emerging… Read more »

A Simplified Interface, Perimeter Scanning & A Free Risk Profile (Oh My!)

Andrea Bailiff-Gush    March 11, 2014

The Risk I/O Team is excited to announce the latest release of our vulnerability threat management platform. In this release, we’ve updated the user interface, and made vulnerability scanning available for perimeters too. You can also now create a free risk profile on any technology. The latest release of our platform includes: Simplified User Interface – As you may have noticed,… Read more »

Introducing Nessus Auto-Close with Risk I/O

Ed Bellis    November 13, 2013

One of the common issues with running multiple siloed scanners is tracking the state of vulnerabilities over time. Which vulnerabilities should be closed based on my subsequent findings (or lack thereof)? This problem can be exacerbated when centralizing these point scanners into a central repository such as Risk I/O. Our  Nessus connector now tracks the state of all reported vulnerabilities… Read more »

SIRAcon Attendees, Start Your Engines

Michael Roytman    October 25, 2013

“Information is the oil of the 21st century, and analytics is the combustion engine.” –  Peter Sondergaard, SVP Gartner This week I attended SIRAcon in Seattle, a conference hosted by the Society of Information Risk Analysts. I spoke about the methodology behind Risk I/O’s “fix what matters” approach to vulnerability management, and how we use live vulnerability and real-time breach data… Read more »

Learn About How We’re Using Real-Time Attack Data!

Andrea Bailiff-Gush    June 24, 2013

The Risk I/O vulnerability intelligence platform has gotten smarter and even more powerful and we want you to see just how. As you may have heard, we recently announced the addition of real-time attack data to our vulnerability intelligence platform. This addition allows Risk I/O to correlate internet attack traffic with your vulnerabilities to help prioritize your remediation efforts. We’d… Read more »

Introducing Real-Time Attack Data to Risk I/O

jheuer    June 19, 2013

Today we are announcing the addition of real-time attack data to our Risk I/O vulnerability intelligence platform. With this addition, our vulnerability intelligence platform now offers smarter priority sorting based on real world data, giving insight into where attacks are most likely to occur. Using a processing engine, Risk I/O correlates live attack data from multiple sources, and prioritizes vulnerabilities… Read more »

Remediate…Like a Boss

Ed Bellis    March 12, 2013

The Risk I/O dev team has been developing features at a ridiculous pace with no signs of slowing down. We will be releasing a host of new functionality to our vulnerability intelligence platform over the weeks to come, so stay tuned. Our latest additions will help you identify patches that will reduce the most amount of risk across your environment… Read more »

Using Databases to Automate Assessment and Remediation

guest blogger    January 31, 2013

The National Vulnerability Database (aka NVD) is a US Government repository for standards-based vulnerability management data. Its content is represented using the Security Content Automation Protocol, SCAP (pronounced “ess-cap”). SCAP is designed to facilitate reporting, collection, management, and monitoring of vulnerability data through automated software facilities. SCAP encompasses a wide range of inputs and information, and enables automation of vulnerability management,… Read more »