Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Risk I/O Enhances Vulnerability Threat Management Platform

Risk I/O, a vulnerability intelligence platform designed to help organizations report and mitigate security vulnerabilities, has released the latest version of its SaaS-based vulnerability threat management platform.

Risk I/O, a vulnerability intelligence platform designed to help organizations report and mitigate security vulnerabilities, has released the latest version of its SaaS-based vulnerability threat management platform.

With the release, Risk I/O offers a perimeter scan and a breach analysis that displays the most likely entry points with a prioritized remediation list to quickly reduce the risk of a breach.

All of this information is summarized in a “Risk Meter”, the company said. Risk I/O is also offering a free “Technology Threat Service” via RiskDB, identifying a technology’s security risk based on known Internet breaches and attacks.

“Vulnerability assessment and remediation is a daunting task for any business, particularly those with small security teams that are strapped for resources. There is such a vast amount of vulnerability data generated every day, many companies just don’t know where to start,” said Ed Bellis, CEO and cofounder of Chicago-based Risk I/O.

“With Risk Meter scoring, you know which assets are most at risk, so you know exactly where to start. This saves time and helps reduce risk exposure,” Bellis said.

“Relying solely on the knowledge of existing vulnerabilities, provided by vulnerability scanners, is only the first step in a streamlined vulnerability management process,” Torsten George, VP of Worldwide Marketing and Products at Agiliance, noted in a recent SecurityWeek column. “Without putting vulnerabilities into the context of the risk associated with them, organizations often misalign their remediation resources.” 

This problem is exactly what Risk I/O hopes to resolve.

Risk I/O’s platform continuously aggregates attack data, breach data and exploit data from across the Internet, and correlates the data with an organization’s vulnerability scan results to monitor exposure.

Advertisement. Scroll to continue reading.

According to Risk I/O, highlights from the latest release of Risk I/O include:

Risk Meter Risk Scoring – With Risk I/O’s unique Risk Meter scoring, security teams now have a prioritized view of their greatest exposure to known Internet breaches and exploits, in near real-time. The risk score includes a summary of the number of vulnerabilities found in each environment, as well as how many are easily exploitable, observed as breaches in the wild, and how many are popular targets.

Bundled Perimeter Scan – For businesses that need to understand their vulnerability and exploit risk in real-time but lack vulnerability scan data, Risk I/O now bundles a perimeter scan with its service. The perimeter scan can be up-and-running within minutes and allows organizations to start gaining visibility immediately.

Technology Threat Service – Risk I/O offers RiskDB, a free, centralized, and open repository of security vulnerabilities sourced from vulnerability databases. It provides up-to-the-minute information on security-related software flaws, misconfigurations, vulnerabilities, and threat advisories that can be used to aid in vulnerability remediation and compliance. Security teams can now receive an immediate risk score in near real-time.

“Any group dealing with a sizable environment isn’t struggling with finding security defects, but rather with managing the mountain of data produced by their vulnerability assessments, penetration testing, and threat modeling in order to fix what’s most important first,” explained Risk I/O Data Scientist, Michael Roytman.

“Its our goal to help companies understand their security risk and prioritize what is most important,”continued Bellis. “By offering a free risk profile through RiskDB and a perimeter scan, any company can understand where they are most at risk regardless of the tools they have deployed.”

“In today’s fast moving threat environment, vulnerability management, when deployed as a stand-alone discipline that does not apply risk-based metrics for ranking and prioritizing remediation efforts may be making organizations less, not more secure,” George concluded in his column.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.