Tag Archives: Data Science

Equifax Lessons: Risk Hunting at Scale

Michael Roytman    September 15, 2017

This past week has seen another high profile breach in the news, one of the largest ever, and apparently the result of a known vulnerability.  Looking back at our analysis of the WannaCry attacks, we examined what we could  learn about prioritization from our 1 billion vulnerabilities under management. Out of those billion vulnerabilities, 259,451,953 were CVSS score of 9… Read more »

Treating the Root Cause: Security in Healthcare

Michael Roytman    August 29, 2017

Treating the Root Cause: Security in Healthcare Security is healthcare, and it’s apparent even in the language we use to describe malicious software. Viruses, worms and the like have long been examples of malware so-called because they propagate as disease, but more relevantly to us – they are also treated as such. Symptomatic treatment is any medical therapy of a… Read more »

Enhanced Reporting Capabilities in Kenna: It’s All About Risk

Greg Howard    March 9, 2016

We’re thrilled to announce our new reporting capabilities today. Kenna has always been an unparalleled platform for vulnerability prioritization–enabling security teams to identify their most critical vulnerabilities and take the right actions to help remediate them. But with the introduction of our new reports, Kenna becomes something else: a security analytics platform that helps organizations measure, monitor, and track their… Read more »

Looking Before & Beyond a Breach: Lessons from a DBIR Featured Contributor

Michael Roytman    April 16, 2015

As you may know, the 2015 Verizon Data Breaches Investigations Report was recently released. This is the “gold standard” research document for information security, and we’re proud to say that Risk I/O was a featured vulnerabilities contributor, providing a rich correlated threat data set that spans 200M+ successful exploitations across 500+ common vulnerabilities and exposures from over 20,000 enterprises in more… Read more »

Stop Fixing All The Things – Our BSidesLV Talk

Michael Roytman    August 6, 2013

Last week at BSidesLV, Ed Bellis and I presented our view on how vulnerability statistics should be done. We think it’s a different and useful approach to vulnerability assessments. Our contention is that the definitions of vulnerabilities in NVD and OSVDB are just that – definitions. As security practitioners, we care about which vulnerabilities matter. Much like looking at a… Read more »

Data Fundamentalism

Michael Roytman    April 26, 2013

A Tale of Two Uncertainties There are fields where precision is of the utmost importance. In fields of exploration (physics, chemistry, arguably mathematics), we attempt to seek out the truths of the world around us, to get better and better models of what’s going on. In fields of manufacturing (chocolate making, farming, engine casting) precision matters because it produces better… Read more »

Metricon 8 From Outside the Establishment: Size Does(n’t?) Matter.

Michael Roytman    March 8, 2013

This was my first time attending RSA, and on top of that I am fairly new to the Security industry. If RSA were a Senate race, I would be Ashley Judd. I am not, however, new to statistics. The following is an outsider’s perspective on Metricon, one without any preconceptions of the space. Spoiler: to be more secure as an… Read more »