Tag Archives: remediation

Must-Have Metrics for Vulnerability Management: Part 2

Ed Bellis    March 30, 2016

This blog is Part 2 in a 3-part series on Must-Have Metrics for Vuln Management. Read Part 1 here. Must-Have #2: Know Your Business In order to understand the most pertinent threats and measure the likelihood of exploits, you really need to understand these factors within the context of your business. A great way to apply this knowledge to security… Read more »

Podcast: Closing the Remediation Gap

Greg Howard    November 30, 2015

Our lead data scientist Michael Roytman just participated in a fun podcast called Cybercrime & Business, in which he discusses one of the biggest challenges around vulnerability management: the time it takes organizations to remediate vulnerabilities, or the remediation gap. Michael talks about his research and how even “conservative” estimates found that the window of opportunity for many exploits remains significant: On… Read more »

New Kenna Research: The Remediation Gap

Greg Howard    October 12, 2015

Following on our work in this year’s Verizon Data Breach Information Report, Kenna recently published a kind of sequel: “The Remediation Gap: Why Companies Are Losing the Battle Against Non-targeted Attacks.” Authored by our chief data scientist Michael Roytman, the report examined the proliferation of non-targeted attacks and companies’ ability to counter these threats through quick remediation. Kenna analyzed 50,000… Read more »

The Problem With Your Threat Intelligence

Ed Bellis    February 11, 2015

It’s amazing how many organizations I see that have a threat feed or two and assume that they’re safe, sound, and on the leading edge of vulnerability management as a result. And to be clear, some of them are, because they’re using world-class practices and processes to make use of the data. But others? They’re not making use of their… Read more »

Mo’ Vulnerabilities, Mo’ Problems

Ryan Cunnane    September 19, 2014

*This originally appeared as a guest post in the Tripwire – The State of Security blog as Mo’ Vulnerabilities, Mo’ Problems…One Solution. Security practitioners juggle many tasks, with vulnerability management requiring the most time and effort to manage effectively. Prioritizing vulnerabilities, grouping those vulnerabilities and assets, and assigning them to the appropriate teams takes considerable time using current scanning technology…. Read more »

Vulnerability Threat Management 2.0

jheuer    February 20, 2014

When it comes to managing your IT environment, there is often just too much to look at. As our Data Scientist Michael Roytman mentioned in his recent research paper, the biggest challenge isn’t finding security defects, but rather managing the mountain of data produced by security tools in order to fix what’s most important first. Well our latest version of… Read more »

Learn About How We’re Using Real-Time Attack Data!

Andrea Bailiff-Gush    June 24, 2013

The Risk I/O vulnerability intelligence platform has gotten smarter and even more powerful and we want you to see just how. As you may have heard, we recently announced the addition of real-time attack data to our vulnerability intelligence platform. This addition allows Risk I/O to correlate internet attack traffic with your vulnerabilities to help prioritize your remediation efforts. We’d… Read more »

Introducing Real-Time Attack Data to Risk I/O

jheuer    June 19, 2013

Today we are announcing the addition of real-time attack data to our Risk I/O vulnerability intelligence platform. With this addition, our vulnerability intelligence platform now offers smarter priority sorting based on real world data, giving insight into where attacks are most likely to occur. Using a processing engine, Risk I/O correlates live attack data from multiple sources, and prioritizes vulnerabilities… Read more »

Using Databases to Automate Assessment and Remediation

guest blogger    January 31, 2013

The National Vulnerability Database (aka NVD) is a US Government repository for standards-based vulnerability management data. Its content is represented using the Security Content Automation Protocol, SCAP (pronounced “ess-cap”). SCAP is designed to facilitate reporting, collection, management, and monitoring of vulnerability data through automated software facilities. SCAP encompasses a wide range of inputs and information, and enables automation of vulnerability management,… Read more »

Validating Vulnerabilities with Metasploit

Ed Bellis    September 13, 2012

We recently added the ability to track publicly available exploits for any vulnerabilities discovered in your environment, regardless of how they were discovered. We viewed this as a step in the right direction and one of many factors that go into prioritizing remediation efforts. Our friend Mike Rothman over at Securosis took notice of this, both acknowledging the need while… Read more »