Tag Archives: vulnerability scanners

Must-Have Metrics for Vulnerability Management: Part I

Ed Bellis    March 29, 2016

In this series of blog posts, we’ll cover the must-have metrics for vulnerability management. The rising cadence of automated attacks means that security teams need to strive to make their own practices as precise and metric-driven as possible. Pouring through spreadsheets and creating 500-page PDFs is no longer enough to ensure that critical vulnerabilities are remediated in time. But what’s… Read more »

Vulnerability Management for the Midsize

Ed Bellis    March 19, 2015

It’s not fair. The big companies have the teams, the tools, and the processes required in order to run a best-in-class vulnerability management program. But guess what? The bad guys don’t care about how big you are. In fact, non-targeted exploits accounted for 75% of the breaches from Verizon’s 2013 Data Breach Investigation Report—meaning even mid-sized companies are equally or… Read more »

Secret #5 of Vulnerability Scanning: You Can Actually Prioritize, Rather Than Just Analyze

Ed Bellis    January 20, 2015

This is the third post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Typically, security teams spend tons of time putting together Excel spreadsheets and swimming through countless rows of data. Doing so will get the job done, eventually…kind of. But the problem is, as… Read more »

Secret #4 of Vulnerability Scanning: Don’t Dump-and-Run, Make It Consumable

Ed Bellis    January 15, 2015

This is the second post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. You know what I’m talking about when I talk about the infamous dump-and-run. “Here’s your 300-page PDF with a laundry list of every vulnerability known to man!” From what I’ve… Read more »

Secret #1 of Vulnerability Scanning: CVSS Is Only Part of the Picture

Ed Bellis    January 8, 2015

This is the first post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Information security can be a thankless job. I know, I’ve lived it first-hand. When I ran Security at Orbitz, it was absolutely critical that my team and I stayed on top of… Read more »

A Simplified Interface, Perimeter Scanning & A Free Risk Profile (Oh My!)

Andrea Bailiff-Gush    March 11, 2014

The Risk I/O Team is excited to announce the latest release of our vulnerability threat management platform. In this release, we’ve updated the user interface, and made vulnerability scanning available for perimeters too. You can also now create a free risk profile on any technology. The latest release of our platform includes: Simplified User Interface – As you may have noticed,… Read more »

Nmap + Risk I/O = Peanut Butter + Chocolate

Ed Bellis    September 3, 2013

No, I’m not speaking of a fancy new risk formula, but rather about one of our most popular integrations: Nmap. Nmap can be a pretty powerful tool for asset discovery and figuring out what services and ports are open across your network. It can also be a great way to find configuration issues that could result in security weaknesses for your… Read more »

Stop Putting Rocks in the Vault

rhuber    June 6, 2013

Imagine you are handed two items, a rock and a 400-troy-ounce bar of gold, and are tasked with protecting each from theft. You will spend more time considering how to secure the gold than the rock, because you know the underlying value of each. Context matters, yet vulnerability management systems often work under the assumption that all of your assets… Read more »