Making sense of all the data that various tools collect is important if an enterprise wants to truly understand its risks.
Ed Bellis knows this better than anyone after serving as the CISO of travel website Orbitz.
“We had a bunch of different tools doing assessments, including network, dynamic and static application scanning,” Bellis told eSecurity Planet. “On top of that we had the usual pen testers, auditors and professional services, and they were all producing a lot of overlapping data. It just became an absolute nightmare to manage and figure out what was important.”
While at Orbitz, Bellis used a set of scripts and spreadsheets to manage all that data. After discussions with some of his peers in the industry, Bellis realized that he was not alone in the challenge of managing vulnerabilities. That realization led him to help found a company called Risk I/O in 2010. The Risk I/O vulnerability intelligence platform, a software-as-a-service (SaaS)-based offering, was launched in 2011. In late 2012 the company raised over $5 million in venture funding.
“The one thing I’ve learned through all of this is while our problems were painful at Orbitz, they were relatively tiny in comparison to some of the folks that are using Risk I/O today,” Bellis said.
Read the full story at eSecurity Planet:
Risk I/O Lowers Risk by Raising IT Security Intelligence
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.