Welcome!

Related Topics: Cloud Security, Java IoT, Linux Containers, Agile Computing

Cloud Security: Blog Post

Risk I/O Is a One-Stop-Shop for Identifying the Most Critical Risks

RSA Interview with Ed Bellis, CEO and Cofounder of Risk I/O

Thanks for taking the time to answer my questions. Please tell us, what is Risk I/O all about and what do you do?

Ed Bellis: To really understand a company's risk, you can't look at threats and vulnerabilities separately; you have to bring them together in context. This is exactly what we've done at Risk I/O. We emerged in 2012 as the first SaaS platform to use big data security analytics to tell a security pro two important things: number one: which vulnerabilities pose the greatest risk to their organization, and number two: their likelihood of experiencing a breach. Our platform finds the most critical security issues within an organization and prioritizes what's most important.

What are you launching at RSA?

Bellis: Risk I/O has fully updated its user interface and streamlined the process from identifying a critical vulnerability to remediation in a single click. We're now offering a free a risk profile to anyone through our public RiskDB application, which takes into account the threat data that we're collecting and gives you a technology risk profile of your organization.

Additionally, we're bundling in perimeter scanning, so we've become a one-stop-shop for identifying the most critical risks. Customers no longer require additional security tools in order to identify these risks.

Who is your target audience and how do you intend to reach them? What is the biggest challenge you face right now in telling your story and winning over new clients?

Bellis: For Risk I/O, while our customers span from the Fortune 10 all the way down to SMB, our primary target has been the mid-markets and small enterprise. Our customers/users are typically in information security or have information security responsibilities. So, it could range from being a Chief Security Officer in a large organization to a Network Administrator in smaller organizations.

The biggest challenge we face, is educating the market that the existing way of doing business simply doesn't work. What I mean by this, is traditionally, to assess security risks and prioritize what is most important, this usually falls on teams of people sorting through the data, spreadsheets, and writing their own scripts. As an emerging tech company, we're branding ourselves in this new space.

I'd be curious to hear any general thoughts you have on market trends...

Bellis: Specifically, talking about vulnerability management, the first evolution was vulnerability assessment, or, to put it another way, customers wanted to know where are all my vulnerabilities? Now, we've got to the stage, where they know where their vulnerabilities are, and they're everywhere. The next problem to solve is what do I do next? What do I fix first? How do I fix them?

At Risk I/O, we believe that using real-world and real-time data is going to help in the decision-making process and prioritization will become key to this segment.

What's the business model? How will you make money?

Bellis: As a business model, Risk I/O operates as a Software as a Service, and we sell subscriptions to our product. We offer subscriptions that are monthly or annually and are based on the number of technology assets an organizations is managing. We start our pricing at $1 per asset, per month, and offer bulk discount as the number of assets go up.

Who are your competitors?

Bellis: Far and away, the current way of doing business, which, again, are teams of people going through spreadsheets and writing their own scripts, and trying to figure out through lots of time and people resources, what's a priority. The reality is, the current way of doing business just isn't working.

How do you differentiate from your competitors?

Bellis: What really sets Risk I/O apart is that we give you the visibility outside your network, outside of your firewall, to let you know what the threat landscape looks like and what are the most important issues you have internally. So, we use real-world, real-time data to help you make better security decisions.

Who founded the company, when? What can you tell me about the story of the company's founding?

Bellis: In 2010, I cofounded Risk I/O with our CTO Jeff Heuer. A little background on me, I was a former Chief Information Security Officer at Orbitz for about six years, where I was dealing with the very problem that we're solving at Risk I/O. Originally, I reached out to peers at Orbitz thinking there would had to be a solution in market, only to find that they were dealing with the same issue I was. So, that's when I gave my Cofounder Jeff a call and expressed the need to build a solution to solve this very real, very big problem.

What is your distribution model? Where to buy your product?

Bellis: We're a SaaS model, and you can sign-up directly on website and everyone gets a 30-day free trial. More information here, https://www.risk.io/

What's next on your product roadmap?

Bellis: We're looking to expand the amount of threat sources that we use both internally and externally. We'll continue to work through additional distribution partners and add integrations into more vulnerability assessment tools as well as remediation management tools.

What else would you like to add?

Bellis: Check out our white paper on Adopting A Real-Time,  Data-Driven Security Practice

Risk I/O is a threat management platform that processes external Internet breach and exploit data with an organization's vulnerability scan data to monitor, measure and prioritize vulnerability remediation across their IT environment. As a result, organizations know their likelihood of experiencing a breach and what vulnerabilities pose the greatest risk. Risk I/O processes over a billion vulnerabilities a month against Internet breach data for its users. Risk I/O is used by over 800 companies, including multiple Fortune 500 companies and two from the Fortune 10. Backed by US Venture Partners, Tugboat Ventures, Costanoa Venture Capital, and Hyde Park Angels, Risk I/O is headquartered in Chicago, IL. More information about Risk I/O can be found at www.risk.io

More Stories By Xenia von Wedel

Xenia von Wedel is a Tech blogger and Enterprise Media Consultant in Mountain View, serving clients in a variety of industries worldwide. She is focused on thought leadership content creation and syndication, media outreach and strategy. She mainly writes about Enterprise, B2B solutions, social media and open source software, but throws the occasional oddball into the mix. Buy her a coffee if you like her article: http://xeniar.tip.me

Latest Stories
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Connected devices and the industrial internet are growing exponentially every year with Cisco expecting 50 billion devices to be in operation by 2020. In this period of growth, location-based insights are becoming invaluable to many businesses as they adopt new connected technologies. Knowing when and where these devices connect from is critical for a number of scenarios in supply chain management, disaster management, emergency response, M2M, location marketing and more. In his session at @Th...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We are a modern development application platform and we have a suite of products that allow you to application release automation, we do version control, and we do application life cycle management," explained Flint Brenton, CEO of CollabNet, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Application transformation and DevOps practices are two sides of the same coin. Enterprises that want to capture value faster, need to deliver value faster – time value of money principle. To do that enterprises need to build cloud-native apps as microservices by empowering teams to build, ship, and run in production. In his session at @DevOpsSummit at 19th Cloud Expo, Neil Gehani, senior product manager at HPE, discussed what every business should plan for how to structure their teams to delive...
Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. In the eyes of many, containers are at the brink of becoming a pervasive technology in enterprise IT to accelerate application delivery. In this presentation, attendees learned about the: The transformation of IT to a DevOps, microservices, and container-based architecture What are containers and how DevOps practices can operate in a container-based environment A demonstration of how ...
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"Qosmos has launched L7Viewer, a network traffic analysis tool, so it analyzes all the traffic between the virtual machine and the data center and the virtual machine and the external world," stated Sebastien Synold, Product Line Manager at Qosmos, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web ...
Redis is not only the fastest database, but it has become the most popular among the new wave of applications running in containers. Redis speeds up just about every data interaction between your users or operational systems. In his session at 18th Cloud Expo, Dave Nielsen, Developer Relations at Redis Labs, shared the functions and data structures used to solve everyday use cases that are driving Redis' popularity.