Tag Archives: security

Catching Bees with Honey – One HoneyPot Farm’s Quest to Protect the Net

David Hunt    June 11, 2015

They say you can catch more bees with honey than vinegar. On the web, that bee is someone hacking through the layers of the web itself. The honey is the vulnerability of poorly secured websites and servers. When lucky, the hacker finds a way to get to the data and can harvest it for his or her own benefit. But… Read more »

Vulnerability Management for the Midsize

Ed Bellis    March 19, 2015

It’s not fair. The big companies have the teams, the tools, and the processes required in order to run a best-in-class vulnerability management program. But guess what? The bad guys don’t care about how big you are. In fact, non-targeted exploits accounted for 75% of the breaches from Verizon’s 2013 Data Breach Investigation Report—meaning even mid-sized companies are equally or… Read more »

What You Miss When You Rely on CVSS Scores

Michael Roytman    February 26, 2015

Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat intelligence might expose a wealth of information about attackers and attack paths, integrating it into decision-making is no easy task. Too often, we make the mistake of taking the data given to us for granted – and this has disastrous consequences. In this blog post,… Read more »

Secret #5 of Vulnerability Scanning: You Can Actually Prioritize, Rather Than Just Analyze

Ed Bellis    January 20, 2015

This is the third post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Typically, security teams spend tons of time putting together Excel spreadsheets and swimming through countless rows of data. Doing so will get the job done, eventually…kind of. But the problem is, as… Read more »

Secret #4 of Vulnerability Scanning: Don’t Dump-and-Run, Make It Consumable

Ed Bellis    January 15, 2015

This is the second post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. You know what I’m talking about when I talk about the infamous dump-and-run. “Here’s your 300-page PDF with a laundry list of every vulnerability known to man!” From what I’ve… Read more »

Secret #1 of Vulnerability Scanning: CVSS Is Only Part of the Picture

Ed Bellis    January 8, 2015

This is the first post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Information security can be a thankless job. I know, I’ve lived it first-hand. When I ran Security at Orbitz, it was absolutely critical that my team and I stayed on top of… Read more »

Risk I/O Threat Processing – Now With Zero-Day Vulnerability Data

Andrea Bailiff-Gush    November 4, 2014

Today we are announcing the addition of zero-day vulnerability data from Verisign iDefense to our platform. With this addition, our vulnerability threat management platform now offers smarter prioritization based on unpublished vulnerability data, providing an early warning of exploits and vulnerabilities in your environment for which a fix is not currently available. Using our threat processing engine, Risk I/O continuously… Read more »

Laying the Foundation for Change

Karim Toubba    October 14, 2014

This blog post was written by new CEO of Risk I/O, Karim Toubba. You can read more about our new CEO announcement here. I have always been drawn to solving substantive problems that lay the foundation for change, particularly in the security industry. To date, much has been written about the sophistication of the hacker and even the most casual news… Read more »

Risk I/O Now Integrates With OpenVAS

Ed Bellis    October 6, 2014

Last week we quietly launched our 26th and latest connector. With our latest integration our customers can load their OpenVAS results directly into Risk I/O for threat processing and prioritization. To take advantage of the OpenVAS integration, navigate to the Connectors tab and click New Connector. From there select the OpenVAS connector, name it and save it. You can then click… Read more »

Heartbleed Is Not A Big Deal?

Michael Roytman    April 17, 2014

As of this morning we have observed 224 breaches related to CVE-2014-0160, the Heartbleed vulnerability. More than enough has been said about the technical details of the vulnerability, and our own Ryan Huber covered the details a few days ago. I want to talk about the vulnerability management implications of Heartbleed, because they are both terrifying and telling. The Common Vulnerability… Read more »