Category Archives: Vulnerability Intelligence

A Simplified Interface, Perimeter Scanning & A Free Risk Profile (Oh My!)

Andrea Bailiff-Gush    March 11, 2014

The Risk I/O Team is excited to announce the latest release of our vulnerability threat management platform. In this release, we’ve updated the user interface, and made vulnerability scanning available for perimeters too. You can also now create a free risk profile on any technology. The latest release of our platform includes: Simplified User Interface – As you may have noticed,… Read more »

“Threat Intelligence” By Any Other Name: RSA 2014 Recap

Michael Roytman    March 4, 2014

I’m told that every year RSA has a theme, and that this theme is predictive of the year to come for the information security industry. Sometimes, that theme is hidden. Other times, (such as last year) that theme is a race car engine with the words “Big Data” splattered all over it jumping out at you on every corner. At… Read more »

Vulnerability Threat Management 2.0

jheuer    February 20, 2014

When it comes to managing your IT environment, there is often just too much to look at. As our Data Scientist Michael Roytman mentioned in his recent research paper, the biggest challenge isn’t finding security defects, but rather managing the mountain of data produced by security tools in order to fix what’s most important first. Well our latest version of… Read more »

Measuring vs. Modeling

Andrea Bailiff-Gush    December 10, 2013

This month our data scientist Michael Roytman is featured in the USENIX Association’s Journal alongside Dan Geer. Their article harkens back to our long-running theme of focusing on remediating the vulnerabilities which _actually_ generate risk for your environment. Michael and Dan argue that using CVSS as a guide for remediation is not only ineffective at identifying vulnerabilities likely to be… Read more »

SIRAcon Attendees, Start Your Engines

Michael Roytman    October 25, 2013

“Information is the oil of the 21st century, and analytics is the combustion engine.” –  Peter Sondergaard, SVP Gartner This week I attended SIRAcon in Seattle, a conference hosted by the Society of Information Risk Analysts. I spoke about the methodology behind Risk I/O’s “fix what matters” approach to vulnerability management, and how we use live vulnerability and real-time breach data… Read more »

Introducing the Risk Meter

Ed Bellis    October 8, 2013

You may have noticed we’ve been publishing a lot of information lately on what factors go into the likelihood of a successful exploit. Our presentation at BSidesLV and subsequent events touched on some of the work we’ve been doing based on our processing of over a million successful breaches we have observed across the internet. While this data continues to… Read more »

Stop Putting Rocks in the Vault

rhuber    June 6, 2013

Imagine you are handed two items, a rock and a 400-troy-ounce bar of gold, and are tasked with protecting each from theft. You will spend more time considering how to secure the gold than the rock, because you know the underlying value of each. Context matters, yet vulnerability management systems often work under the assumption that all of your assets… Read more »

Risk I/O’s Vulnerability SmartSearch Is Now Even Smarter

jheuer    May 8, 2013

Our SmartSearch feature has gotten, well, even smarter. You already know that with SmartSearch you can choose many fields from many criteria at once, enabling you to filter down to only the vulnerabilities or assets you need. Well now you can save the SmartSearch(es) you perform on your vulnerabilities and assets in Risk I/O for reference later. Saving a vulnerability… Read more »

Data Fundamentalism

Michael Roytman    April 26, 2013

A Tale of Two Uncertainties There are fields where precision is of the utmost importance. In fields of exploration (physics, chemistry, arguably mathematics), we attempt to seek out the truths of the world around us, to get better and better models of what’s going on. In fields of manufacturing (chocolate making, farming, engine casting) precision matters because it produces better… Read more »