Category Archives: Vulnerability Management

Secret #5 of Vulnerability Scanning: You Can Actually Prioritize, Rather Than Just Analyze

Ed Bellis    January 20, 2015

This is the third post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Typically, security teams spend tons of time putting together Excel spreadsheets and swimming through countless rows of data. Doing so will get the job done, eventually…kind of. But the problem is, as… Read more »

Secret #4 of Vulnerability Scanning: Don’t Dump-and-Run, Make It Consumable

Ed Bellis    January 15, 2015

This is the second post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. You know what I’m talking about when I talk about the infamous dump-and-run. “Here’s your 300-page PDF with a laundry list of every vulnerability known to man!” From what I’ve… Read more »

Secret #1 of Vulnerability Scanning: CVSS Is Only Part of the Picture

Ed Bellis    January 8, 2015

This is the first post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Information security can be a thankless job. I know, I’ve lived it first-hand. When I ran Security at Orbitz, it was absolutely critical that my team and I stayed on top of… Read more »

Risk I/O Threat Processing – Now With Zero-Day Vulnerability Data

Andrea Bailiff-Gush    November 4, 2014

Today we are announcing the addition of zero-day vulnerability data from Verisign iDefense to our platform. With this addition, our vulnerability threat management platform now offers smarter prioritization based on unpublished vulnerability data, providing an early warning of exploits and vulnerabilities in your environment for which a fix is not currently available. Using our threat processing engine, Risk I/O continuously… Read more »

Mo’ Vulnerabilities, Mo’ Problems

Ryan Cunnane    September 19, 2014

*This originally appeared as a guest post in the Tripwire – The State of Security blog as Mo’ Vulnerabilities, Mo’ Problems…One Solution. Security practitioners juggle many tasks, with vulnerability management requiring the most time and effort to manage effectively. Prioritizing vulnerabilities, grouping those vulnerabilities and assets, and assigning them to the appropriate teams takes considerable time using current scanning technology…. Read more »

QualysGuard Connector: Now With WAS Inside

Andrea Bailiff-Gush    July 28, 2014

At Risk I/O, we’re always striving to ensure our integrations are seamless and complete. Risk I/O is happy to announce that as of today, our QualysGuard connector has expanded to pull in results from your Qualys VM and Qualys WAS scans. What does this mean for you? If you are a Risk I/O user with a Qualys connector, you’ll see both… Read more »

Heartbleed Is Not A Big Deal?

Michael Roytman    April 17, 2014

As of this morning we have observed 224 breaches related to CVE-2014-0160, the Heartbleed vulnerability. More than enough has been said about the technical details of the vulnerability, and our own Ryan Huber covered the details a few days ago. I want to talk about the vulnerability management implications of Heartbleed, because they are both terrifying and telling. The Common Vulnerability… Read more »

The More You Know… (Heartbleed Edition)

rhuber    April 9, 2014

Yesterday, the information security community was made aware of a critical vulnerability in some versions of OpenSSL, one of the most commonly used software “libraries” for secure internet communications. When your web browser is connected via HTTPS (your less tech savvy friends might refer to it as the “lock icon”), there is a high probability that OpenSSL is involved in… Read more »

A Simplified Interface, Perimeter Scanning & A Free Risk Profile (Oh My!)

Andrea Bailiff-Gush    March 11, 2014

The Risk I/O Team is excited to announce the latest release of our vulnerability threat management platform. In this release, we’ve updated the user interface, and made vulnerability scanning available for perimeters too. You can also now create a free risk profile on any technology. The latest release of our platform includes: Simplified User Interface – As you may have noticed,… Read more »

“Threat Intelligence” By Any Other Name: RSA 2014 Recap

Michael Roytman    March 4, 2014

I’m told that every year RSA has a theme, and that this theme is predictive of the year to come for the information security industry. Sometimes, that theme is hidden. Other times, (such as last year) that theme is a race car engine with the words “Big Data” splattered all over it jumping out at you on every corner. At… Read more »