|By Xenia von Wedel||
|February 21, 2014 02:03 PM EST||
Thanks for taking the time to answer my questions. Please tell us, what is Risk I/O all about and what do you do?
Ed Bellis: To really understand a company's risk, you can't look at threats and vulnerabilities separately; you have to bring them together in context. This is exactly what we've done at Risk I/O. We emerged in 2012 as the first SaaS platform to use big data security analytics to tell a security pro two important things: number one: which vulnerabilities pose the greatest risk to their organization, and number two: their likelihood of experiencing a breach. Our platform finds the most critical security issues within an organization and prioritizes what's most important.
What are you launching at RSA?
Bellis: Risk I/O has fully updated its user interface and streamlined the process from identifying a critical vulnerability to remediation in a single click. We're now offering a free a risk profile to anyone through our public RiskDB application, which takes into account the threat data that we're collecting and gives you a technology risk profile of your organization.
Additionally, we're bundling in perimeter scanning, so we've become a one-stop-shop for identifying the most critical risks. Customers no longer require additional security tools in order to identify these risks.
Who is your target audience and how do you intend to reach them? What is the biggest challenge you face right now in telling your story and winning over new clients?
Bellis: For Risk I/O, while our customers span from the Fortune 10 all the way down to SMB, our primary target has been the mid-markets and small enterprise. Our customers/users are typically in information security or have information security responsibilities. So, it could range from being a Chief Security Officer in a large organization to a Network Administrator in smaller organizations.
The biggest challenge we face, is educating the market that the existing way of doing business simply doesn't work. What I mean by this, is traditionally, to assess security risks and prioritize what is most important, this usually falls on teams of people sorting through the data, spreadsheets, and writing their own scripts. As an emerging tech company, we're branding ourselves in this new space.
I'd be curious to hear any general thoughts you have on market trends...
Bellis: Specifically, talking about vulnerability management, the first evolution was vulnerability assessment, or, to put it another way, customers wanted to know where are all my vulnerabilities? Now, we've got to the stage, where they know where their vulnerabilities are, and they're everywhere. The next problem to solve is what do I do next? What do I fix first? How do I fix them?
At Risk I/O, we believe that using real-world and real-time data is going to help in the decision-making process and prioritization will become key to this segment.
What's the business model? How will you make money?
Bellis: As a business model, Risk I/O operates as a Software as a Service, and we sell subscriptions to our product. We offer subscriptions that are monthly or annually and are based on the number of technology assets an organizations is managing. We start our pricing at $1 per asset, per month, and offer bulk discount as the number of assets go up.
Who are your competitors?
Bellis: Far and away, the current way of doing business, which, again, are teams of people going through spreadsheets and writing their own scripts, and trying to figure out through lots of time and people resources, what's a priority. The reality is, the current way of doing business just isn't working.
How do you differentiate from your competitors?
Bellis: What really sets Risk I/O apart is that we give you the visibility outside your network, outside of your firewall, to let you know what the threat landscape looks like and what are the most important issues you have internally. So, we use real-world, real-time data to help you make better security decisions.
Who founded the company, when? What can you tell me about the story of the company's founding?
Bellis: In 2010, I cofounded Risk I/O with our CTO Jeff Heuer. A little background on me, I was a former Chief Information Security Officer at Orbitz for about six years, where I was dealing with the very problem that we're solving at Risk I/O. Originally, I reached out to peers at Orbitz thinking there would had to be a solution in market, only to find that they were dealing with the same issue I was. So, that's when I gave my Cofounder Jeff a call and expressed the need to build a solution to solve this very real, very big problem.
What is your distribution model? Where to buy your product?
Bellis: We're a SaaS model, and you can sign-up directly on website and everyone gets a 30-day free trial. More information here, https://www.risk.io/
What's next on your product roadmap?
Bellis: We're looking to expand the amount of threat sources that we use both internally and externally. We'll continue to work through additional distribution partners and add integrations into more vulnerability assessment tools as well as remediation management tools.
What else would you like to add?
Bellis: Check out our white paper on Adopting A Real-Time, Data-Driven Security Practice
Risk I/O is a threat management platform that processes external Internet breach and exploit data with an organization's vulnerability scan data to monitor, measure and prioritize vulnerability remediation across their IT environment. As a result, organizations know their likelihood of experiencing a breach and what vulnerabilities pose the greatest risk. Risk I/O processes over a billion vulnerabilities a month against Internet breach data for its users. Risk I/O is used by over 800 companies, including multiple Fortune 500 companies and two from the Fortune 10. Backed by US Venture Partners, Tugboat Ventures, Costanoa Venture Capital, and Hyde Park Angels, Risk I/O is headquartered in Chicago, IL. More information about Risk I/O can be found at www.risk.io