Category Archives: Security Management

Vulnerability Threat Management 2.0

jheuer    February 20, 2014

When it comes to managing your IT environment, there is often just too much to look at. As our Data Scientist Michael Roytman mentioned in his recent research paper, the biggest challenge isn’t finding security defects, but rather managing the mountain of data produced by security tools in order to fix what’s most important first. Well our latest version of… Read more »

What I Learned at BayThreat 2013

rhuber    December 9, 2013

BayThreat, an annual bay area information security conference, was this past weekend. As in years past it was top notch and well organized. The conference returned to it’s old home, the Hacker Dojo, for this fourth incarnation. Some highlights (in no particular order): Nick Sullivan spoke on white box cryptography, and the lack of a current open source implementation. White… Read more »

SIRAcon Attendees, Start Your Engines

Michael Roytman    October 25, 2013

“Information is the oil of the 21st century, and analytics is the combustion engine.” –  Peter Sondergaard, SVP Gartner This week I attended SIRAcon in Seattle, a conference hosted by the Society of Information Risk Analysts. I spoke about the methodology behind Risk I/O’s “fix what matters” approach to vulnerability management, and how we use live vulnerability and real-time breach data… Read more »

Mitigating Application DoS: SecTor Conference Talk

rhuber    October 14, 2013

I was recently invited to speak at one of my favorite security conferences, SecTor in Toronto. Many thanks to Risk I/O for giving me some official time to work on this side project over the last month (side note: we are hiring!). This blog post will summarize my SecTor presentation on application Denial of Service attacks. Application DoS has seen… Read more »

Stop Putting Rocks in the Vault

rhuber    June 6, 2013

Imagine you are handed two items, a rock and a 400-troy-ounce bar of gold, and are tasked with protecting each from theft. You will spend more time considering how to secure the gold than the rock, because you know the underlying value of each. Context matters, yet vulnerability management systems often work under the assumption that all of your assets… Read more »

Risk I/O’s Vulnerability SmartSearch Is Now Even Smarter

jheuer    May 8, 2013

Our SmartSearch feature has gotten, well, even smarter. You already know that with SmartSearch you can choose many fields from many criteria at once, enabling you to filter down to only the vulnerabilities or assets you need. Well now you can save the SmartSearch(es) you perform on your vulnerabilities and assets in Risk I/O for reference later. Saving a vulnerability… Read more »

The Transformation of Cyber Attacks

Jacques Benkoski    March 26, 2013

This is a guest blog post by Jacques Benkoski, Risk I/O investor and Board member. A complete, global transformation of the landscape in the security software domain is underway. Countless articles have been written about how we have moved beyond the casual attacker cooking a virus for fun and/or profit to something completely different and far more dangerous to the… Read more »

Best Practices = Vanity Metrics

Ed Bellis    March 21, 2013

After recently reading a post from Gary McGraw at Cigital arguing for software security training, I became a bit frustrated with cited “evidence” and posted this out on Twitter and received a short follow up from Lindsey Smith over at Tripwire… Now let me say upfront, I have a lot of respect for Gary and his work AND actually agree with… Read more »

RSA Week Recap

Ed Bellis    March 5, 2013

Well the dust has finally begun to settle after another whirlwind week of activity around the RSA Conference. As in years past, my favorite track turned out to be the hallway track, although admittedly I didn’t get to see many of the talks and avoided the show floor most of the time. One program I was able to not only… Read more »

Security Intelligence != SIEM

Ed Bellis    March 5, 2012

I’ve just returned from RSA, BSides and Metricon and thought I would pen a few of my thoughts while they’re still fresh in my mind. On Monday I had the privilege of participating in a panel on Data Driven Security at Metricon 6.5. Scott Crawford moderated and has a great blog series on data driven security. It was an interesting… Read more »