Tag Archives: vulnerability management

What You Miss When You Rely on CVSS Scores

Michael Roytman    February 26, 2015

Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat intelligence might expose a wealth of information about attackers and attack paths, integrating it into decision-making is no easy task. Too often, we make the mistake of taking the data given to us for granted – and this has disastrous consequences. In this blog post,… Read more »

Secret #4 of Vulnerability Scanning: Don’t Dump-and-Run, Make It Consumable

Ed Bellis    January 15, 2015

This is the second post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. You know what I’m talking about when I talk about the infamous dump-and-run. “Here’s your 300-page PDF with a laundry list of every vulnerability known to man!” From what I’ve… Read more »

Vulnerability Management Decision Support: Identifying & Prioritizing Zero-Day Vulnerabilities

Andrea Bailiff-Gush    November 10, 2014

This is a guest blog post by Josh Ray, Senior Intelligence Director for Verisign iDefense Security Intelligence Services. One of the biggest challenges facing security teams today is staying up-to-date on the ever-changing security threat landscape. The inclusion of Verisign iDefense Security Intelligence Services’ zero-day vulnerability intelligence into Risk I/O’s threat processing engine provides security practitioners with actionable intelligence on… Read more »

Laying the Foundation for Change

Karim Toubba    October 14, 2014

This blog post was written by new CEO of Risk I/O, Karim Toubba. You can read more about our new CEO announcement here. I have always been drawn to solving substantive problems that lay the foundation for change, particularly in the security industry. To date, much has been written about the sophistication of the hacker and even the most casual news… Read more »

Mo’ Vulnerabilities, Mo’ Problems

Ryan Cunnane    September 19, 2014

*This originally appeared as a guest post in the Tripwire – The State of Security blog as Mo’ Vulnerabilities, Mo’ Problems…One Solution. Security practitioners juggle many tasks, with vulnerability management requiring the most time and effort to manage effectively. Prioritizing vulnerabilities, grouping those vulnerabilities and assets, and assigning them to the appropriate teams takes considerable time using current scanning technology…. Read more »

Black Hat 2014 Recap: Actionable Takeaways from a Security Data Scientist

Michael Roytman    August 13, 2014

This is my second Black Hat conference, and the best one yet. Last year was full of gloom about all sorts of devices exploited, revelations about the NSA and uncertainty about what threat intelligence meant or how good it was. This year, from the keynote down to an obscure track at BSides which I participated in, the tone was much… Read more »

There’s No Such Thing As a Cool Vulnerability

Michael Roytman    July 31, 2014

If you work in vulnerability management, all the vulnerabilities you’ll hear about at Black Hat are irrelevant. Every year at Black Hat and DEF CON, new vulnerabilities get released, explained and demoed. This year, you’ll see everything from remote car hacks, to hotel room takeovers, to virtual desktop attacks to Google Glass hacks. But once you get back home, don’t let… Read more »

QualysGuard Connector: Now With WAS Inside

Andrea Bailiff-Gush    July 28, 2014

At Risk I/O, we’re always striving to ensure our integrations are seamless and complete. Risk I/O is happy to announce that as of today, our QualysGuard connector has expanded to pull in results from your Qualys VM and Qualys WAS scans. What does this mean for you? If you are a Risk I/O user with a Qualys connector, you’ll see both… Read more »

Heartbleed Is Not A Big Deal?

Michael Roytman    April 17, 2014

As of this morning we have observed 224 breaches related to CVE-2014-0160, the Heartbleed vulnerability. More than enough has been said about the technical details of the vulnerability, and our own Ryan Huber covered the details a few days ago. I want to talk about the vulnerability management implications of Heartbleed, because they are both terrifying and telling. The Common Vulnerability… Read more »

“Threat Intelligence” By Any Other Name: RSA 2014 Recap

Michael Roytman    March 4, 2014

I’m told that every year RSA has a theme, and that this theme is predictive of the year to come for the information security industry. Sometimes, that theme is hidden. Other times, (such as last year) that theme is a race car engine with the words “Big Data” splattered all over it jumping out at you on every corner. At… Read more »