Tag Archives: vulnerability intelligence

How to Budget for Vulnerability Management in 2017

Greg Howard    June 30, 2016

It’s almost budgeting season! (Yes, try to restrain your excitement.) At Kenna, we thought we’d offer a few (admittedly biased) thoughts on how to approach your vulnerability management budgeting process. Here’s a hint: it’s not just about the scanner anymore. It’s about automating the tedious and error-prone processes of prioritization and reporting. Read the full infographic below:

Vulnerability Management Decision Support: Identifying & Prioritizing Zero-Day Vulnerabilities

Andrea Bailiff-Gush    November 10, 2014

This is a guest blog post by Josh Ray, Senior Intelligence Director for Verisign iDefense Security Intelligence Services. One of the biggest challenges facing security teams today is staying up-to-date on the ever-changing security threat landscape. The inclusion of Verisign iDefense Security Intelligence Services’ zero-day vulnerability intelligence into Risk I/O’s threat processing engine provides security practitioners with actionable intelligence on… Read more »

Black Hat 2014 Recap: Actionable Takeaways from a Security Data Scientist

Michael Roytman    August 13, 2014

This is my second Black Hat conference, and the best one yet. Last year was full of gloom about all sorts of devices exploited, revelations about the NSA and uncertainty about what threat intelligence meant or how good it was. This year, from the keynote down to an obscure track at BSides which I participated in, the tone was much… Read more »

Vulnerability Threat Management 2.0

jheuer    February 20, 2014

When it comes to managing your IT environment, there is often just too much to look at. As our Data Scientist Michael Roytman mentioned in his recent research paper, the biggest challenge isn’t finding security defects, but rather managing the mountain of data produced by security tools in order to fix what’s most important first. Well our latest version of… Read more »

See Our New Features in Action!

Andrea Bailiff-Gush    April 9, 2013

As you may recall reading, our development team has been busy over the last few weeks rolling out new features that will make it even easier to manage and monitor your vulnerabilities.We want to invite you to join us on Wednesday, April 17th at 2:00PM ET for a webinar given by Risk I/O CEO, Ed Bellis. Ed will provide an overview of these… Read more »

Playing Around with Game Theory: Smart Data > Big Data

Michael Roytman    February 6, 2013

There’s been a lot of talk about Big Data in the security space over the past couple of years, and it seems that almost every week a new Big Data offering enters the space, whether it’s in discussion, in development, or in production. It’s no secret that here at Risk I/O, we’ve embraced the industry’s demands and are hard at… Read more »

Using Databases to Automate Assessment and Remediation

guest blogger    January 31, 2013

The National Vulnerability Database (aka NVD) is a US Government repository for standards-based vulnerability management data. Its content is represented using the Security Content Automation Protocol, SCAP (pronounced “ess-cap”). SCAP is designed to facilitate reporting, collection, management, and monitoring of vulnerability data through automated software facilities. SCAP encompasses a wide range of inputs and information, and enables automation of vulnerability management,… Read more »

Automate All The Things: Our New-and-Improved API

Mike    January 29, 2013

We recently updated our API and wanted to let you know about it. For those of you unfamiliar with the Risk I/O API, it can be used to automate many functions of Risk I/O including the ability to add vulnerabilities from the few scanners Risk I/O doesn’t directly support, information gleaned from manual assessments, data integration between SIEM, GRC and… Read more »