Category Archives: Vulnerability Intelligence

Moving from Vulnerability Remediation to Risk Measurement

Ed Bellis    June 6, 2016

Fighting security threats is hard enough, but it’s pretty much impossible if you’re fighting wrong battles. However, that’s what you’re doing if you’re focused on vulnerability remediation. I see it all the time: Security teams live by their spreadsheets. They have lists of vulnerabilities. They stack rank them by severity, start with the most critical, and commence to work through… Read more »

Must-Have Metrics for Vulnerability Management: Part 3

Ed Bellis    March 30, 2016

This is part 3 of a 3-part series on Must-Haves for Vulnerability Management. Read Part 1 here and Part 2 here. Must Have #4: Know Your Resources Once you have a good handle on your business, your assets, and what security risks are currently affecting your environment, you’ll need to understand your resources. What do you have at your disposal… Read more »

Must-Have Metrics for Vulnerability Management: Part 2

Ed Bellis    March 30, 2016

This blog is Part 2 in a 3-part series on Must-Have Metrics for Vuln Management. Read Part 1 here. Must-Have #2: Know Your Business In order to understand the most pertinent threats and measure the likelihood of exploits, you really need to understand these factors within the context of your business. A great way to apply this knowledge to security… Read more »

Must-Have Metrics for Vulnerability Management: Part I

Ed Bellis    March 29, 2016

In this series of blog posts, we’ll cover the must-have metrics for vulnerability management. The rising cadence of automated attacks means that security teams need to strive to make their own practices as precise and metric-driven as possible. Pouring through spreadsheets and creating 500-page PDFs is no longer enough to ensure that critical vulnerabilities are remediated in time. But what’s… Read more »

What You Miss When You Rely on CVSS Scores

Michael Roytman    February 26, 2015

Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat intelligence might expose a wealth of information about attackers and attack paths, integrating it into decision-making is no easy task. Too often, we make the mistake of taking the data given to us for granted – and this has disastrous consequences. In this blog post,… Read more »

The Problem With Your Threat Intelligence

Ed Bellis    February 11, 2015

It’s amazing how many organizations I see that have a threat feed or two and assume that they’re safe, sound, and on the leading edge of vulnerability management as a result. And to be clear, some of them are, because they’re using world-class practices and processes to make use of the data. But others? They’re not making use of their… Read more »

Vulnerability Management Decision Support: Identifying & Prioritizing Zero-Day Vulnerabilities

Andrea Bailiff-Gush    November 10, 2014

This is a guest blog post by Josh Ray, Senior Intelligence Director for Verisign iDefense Security Intelligence Services. One of the biggest challenges facing security teams today is staying up-to-date on the ever-changing security threat landscape. The inclusion of Verisign iDefense Security Intelligence Services’ zero-day vulnerability intelligence into Risk I/O’s threat processing engine provides security practitioners with actionable intelligence on… Read more »

11 Tips and Tricks for the RIO Power User

Ed Bellis    August 18, 2014

1. Keyboard Shortcuts Keyboard shortcuts are available from the home screen. Want to know what they are? Click the Keyboard Shortcuts link in the bottom right sidebar or just <shift>+? 2. Threat Trends Click-Through Clicking on any of the attack or breach bubbles within the threat trends view will filter your assets by only displaying those that are vulnerable to… Read more »

Black Hat 2014 Recap: Actionable Takeaways from a Security Data Scientist

Michael Roytman    August 13, 2014

This is my second Black Hat conference, and the best one yet. Last year was full of gloom about all sorts of devices exploited, revelations about the NSA and uncertainty about what threat intelligence meant or how good it was. This year, from the keynote down to an obscure track at BSides which I participated in, the tone was much… Read more »