Tag Archives: security

On Physical Security

rhuber    March 31, 2014

Our mission at Risk I/O is to help businesses understand threats to their infrastructure, but as security practitioners we are interested in many forms of security, including physical. This blog post concerns something of particular interest to me, securing my office and a nearly successful theft, which was thwarted by a bit of hobbyist tech. Risk I/O is an emerging… Read more »

Vulnerability Threat Management 2.0

jheuer    February 20, 2014

When it comes to managing your IT environment, there is often just too much to look at. As our Data Scientist Michael Roytman mentioned in his recent research paper, the biggest challenge isn’t finding security defects, but rather managing the mountain of data produced by security tools in order to fix what’s most important first. Well our latest version of… Read more »

What I Learned at BayThreat 2013

rhuber    December 9, 2013

BayThreat, an annual bay area information security conference, was this past weekend. As in years past it was top notch and well organized. The conference returned to it’s old home, the Hacker Dojo, for this fourth incarnation. Some highlights (in no particular order): Nick Sullivan spoke on white box cryptography, and the lack of a current open source implementation. White… Read more »

Introducing Nessus Auto-Close with Risk I/O

Ed Bellis    November 13, 2013

One of the common issues with running multiple siloed scanners is tracking the state of vulnerabilities over time. Which vulnerabilities should be closed based on my subsequent findings (or lack thereof)? This problem can be exacerbated when centralizing these point scanners into a central repository such as Risk I/O. Our  Nessus connector now tracks the state of all reported vulnerabilities… Read more »

SIRAcon Attendees, Start Your Engines

Michael Roytman    October 25, 2013

“Information is the oil of the 21st century, and analytics is the combustion engine.” –  Peter Sondergaard, SVP Gartner This week I attended SIRAcon in Seattle, a conference hosted by the Society of Information Risk Analysts. I spoke about the methodology behind Risk I/O’s “fix what matters” approach to vulnerability management, and how we use live vulnerability and real-time breach data… Read more »

Joining the Data Revolution

Andrea Bailiff-Gush    August 22, 2012

Here at Risk I/O, we’re really big fans of data. Given the right data you can make insightful business decisions very quickly. This is one of the core values we build into every feature release. With our data-driven approach to security, we’re excited to have been selected by the DataWeek Awards as a Top Innovator in the Security/e-Governance category. This is the first… Read more »

Proving A Negative

Ed Bellis    April 19, 2012

Just a quick fun post. Happened to catch this episode of Arthur this morning during the kids breakfast and it sadly reminded me of our industry. One of the big problems in justifying security is proving a negative. In other words, we weren’t hacked so the controls I’ve implemented must be the right ones. Apparently ‘bad luck’ has the same… Read more »

My Keynote At IANS Security Forum

Ed Bellis    April 17, 2012

Last week I had the pleasure of delivering a keynote presentation at the IANS Twin Cities Security Forum. Having been involved and participated in IANS events in the past I knew what to expect. They always do a great job with their Security Forums with a very unique format. Probably what I like the most about these forums is the… Read more »

To the Cloud, and Beyond!

Andrea Bailiff-Gush    July 20, 2011

We are pleased to announce our entry into the Rackspace Cloud Network! Our flagship product (which you learned in a recent blog post will soon be called Risk I/O ) now provides vulnerability management services to “Rackers” who store their data and run their applications in the Rackspace Cloud. According to Nisan Sivathasan, director of corporate development at Rackspace, the addition of… Read more »