Kenna Security is now part of Cisco

|Learn more

Give ‘Em What They Want… and Nothing More

Mar 1, 2012
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

A lot of Risk I/O users rely on bug tracking and trouble ticketing to track their remediation workflow including status, ownership and due dates. We built Risk I/O to integrate directly into these solutions so our customers would never have to leave while tracking to close. That’s all well and good, but we have others who prefer not to use bug trackers or trouble ticketing or simply don’t have all of those resources in-house. Well I’m happy to show how this can be done now all within Risk I/O.

For awhile now we have had both custom asset tagging and custom fields. These are often used to collect data for tracking remediation such as status, ownership, expected remediation dates, SLA’s, etc. Last week we launched role-based access that allows you to control who has access to what down to the vulnerability level. In addition to our Standard and Admin roles, you can now create “tag-based” roles to control access within your Risk I/O instance.

Here’s a simple example:

We have several development teams each that own different applications and the bugs and vulnerabilities associated with them. We can tag each of those applications in the assets tab with these development teams. From there I can create a new role allowing for read-only or read-plus-write access to any assets and vulnerabilities that have that tag. I can also now create new users and give them the appropriate role, allowing them to work directly within Risk I/O to help manage remediation workflow.

We have focused relentlessly on simplicity and flexibility. With our new access control features I think we’ve found a great balance to allow you to keep it all within Risk I/O or use the remediation management tools you already have deployed in your environment.

…and since a picture is worth a thousand words, a short how-to video must be worth even more.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.