Tag Archives: vulnerability management

Stop Putting Rocks in the Vault

rhuber    June 6, 2013

Imagine you are handed two items, a rock and a 400-troy-ounce bar of gold, and are tasked with protecting each from theft. You will spend more time considering how to secure the gold than the rock, because you know the underlying value of each. Context matters, yet vulnerability management systems often work under the assumption that all of your assets… Read more »

The Role of Security Mapping in Vulnerability Management

guest blogger    February 7, 2013

Increasingly, security management organizations are coming to rely on a unique type of geography to recognize where threats and vulnerabilities are active, and where security exploits are occurring. The geography in question maps fairly closely to the physical map of the world. Because Internet links that connect sites and users to service providers are involved, along with prevailing local Internet… Read more »

Using Databases to Automate Assessment and Remediation

guest blogger    January 31, 2013

The National Vulnerability Database (aka NVD) is a US Government repository for standards-based vulnerability management data. Its content is represented using the Security Content Automation Protocol, SCAP (pronounced “ess-cap”). SCAP is designed to facilitate reporting, collection, management, and monitoring of vulnerability data through automated software facilities. SCAP encompasses a wide range of inputs and information, and enables automation of vulnerability management,… Read more »

Five Architectural Requirements for an Agile Vulnerability Intelligence Platform

admin    January 24, 2013

This is the third post in a three-part series on Agile Risk Intelligence. The complete Agile Risk Intelligence e-book is now available. With vulnerability scanners deployed across the stack and the organization, security managers are swimming in data, but struggling to make sense of it. As I blogged about previously, current approaches lack the context and global visibility to deliver meaningful insight…. Read more »

Instinct to Insight: Five Gaps in Agile Risk Responsiveness

admin    January 17, 2013

This is the second post in a three-part series on Agile Risk Intelligence. The complete Agile Risk Intelligence e-book is now available. The thump from the far corner of the house reaches a mother’s ears. Before she is even aware of it, her subconscious begins to instinctively collect, correlate and process additional information.  Honed by millions of years of evolution and fine tuned… Read more »

The Case for Agile Risk Intelligence

admin    January 10, 2013

This is the first post in a three-part series on Agile Risk Intelligence. The complete Agile Risk Intelligence e-book is now available. Security executives have always embraced the challenging task of protecting the organizations’ users and assets. It’s a thankless job against a faceless enemy, but that’s always been part of the deal. However, today it seems like the objective… Read more »

Another Week, Another Integration: Retina meet Risk I/O

Andrea Bailiff-Gush    May 30, 2012

We’re beginning to sound a bit like a broken record, but yes, this week we launched another out-of-the-box integration with Risk I/O. Our goal has always been to build a complete vulnerability management platform that works with the tools you’re already using. That’s why we’ve added eEye Digital Security’s Retina Network Security Scanner to our arsenal of integrations. As a connector, you can… Read more »

Special Orders Don’t Upset Us

Ed Bellis    January 18, 2012

Just a quick post to give you an update on one of our newest features. A few months back we wrote about custom fields in Risk I/O and how to add your own data and metadata to your vulnerabilities and assets. Today I’m writing about taking this customization to the next step. We recognize different people within your company are… Read more »

The Scanner That Cried Wolf

Ed Bellis    January 5, 2012

Dealing with false positives during a vulnerability assessment is a fact of life. As applications and infrastructure grow larger and more complex, the likelihood of running into these Type I errors increases along with it. Although these issues become more commonplace as you grow, there are a number of known ways to help decrease the amount of false positives that are produced… Read more »