Must-Have Metrics for Vulnerability Management: Part 3

Ed Bellis    March 30, 2016

This is part 3 of a 3-part series on Must-Haves for Vulnerability Management. Read Part 1 here and Part 2 here. Must Have #4: Know Your Resources Once you have a good handle on your business, your assets, and what security risks are currently affecting your environment, you’ll need to understand your resources. What do you have at your disposal… Read more »

Must-Have Metrics for Vulnerability Management: Part 2

Ed Bellis    March 30, 2016

This blog is Part 2 in a 3-part series on Must-Have Metrics for Vuln Management. Read Part 1 here. Must-Have #2: Know Your Business In order to understand the most pertinent threats and measure the likelihood of exploits, you really need to understand these factors within the context of your business. A great way to apply this knowledge to security… Read more »

Must-Have Metrics for Vulnerability Management: Part I

Ed Bellis    March 29, 2016

In this series of blog posts, we’ll cover the must-have metrics for vulnerability management. The rising cadence of automated attacks means that security teams need to strive to make their own practices as precise and metric-driven as possible. Pouring through spreadsheets and creating 500-page PDFs is no longer enough to ensure that critical vulnerabilities are remediated in time. But what’s… Read more »

Enhanced Reporting Capabilities in Kenna: It’s All About Risk

Greg Howard    March 9, 2016

We’re thrilled to announce our new reporting capabilities today. Kenna has always been an unparalleled platform for vulnerability prioritization–enabling security teams to identify their most critical vulnerabilities and take the right actions to help remediate them. But with the introduction of our new reports, Kenna becomes something else: a security analytics platform that helps organizations measure, monitor, and track their… Read more »

Reporting on Risk: One Metric to Bind Them All

Ed Bellis    January 11, 2016

In my previous post, I discussed ways that organizations have typically reported on risk: namely, talking about the number of closed vulnerabilities. I discussed how most stakeholders (and particularly non-technical executives) can’t make heads nor tails out of that kind of reporting. So what’s the best way to truly report on risk? Your first step is to understand the criticality… Read more »

A Holiday Poem about…Vulnerability Management?

Greg Howard    December 11, 2015

We sent out a little poem to our customers, and we thought you might want to see it. Any resemblance to widely known holiday poems, either living or dead, is entirely coincidental. t’s almost year end, and you must understand Security pros everywhere are tired of their scans We’re talking Qualys, Nessus —Rapid7 too— Producing too much data and making… Read more »

Podcast: Closing the Remediation Gap

Greg Howard    November 30, 2015

Our lead data scientist Michael Roytman just participated in a fun podcast called Cybercrime & Business, in which he discusses one of the biggest challenges around vulnerability management: the time it takes organizations to remediate vulnerabilities, or the remediation gap. Michael talks about his research and how even “conservative” estimates found that the window of opportunity for many exploits remains significant: On… Read more »

New Kenna Research: The Remediation Gap

Greg Howard    October 12, 2015

Following on our work in this year’s Verizon Data Breach Information Report, Kenna recently published a kind of sequel: “The Remediation Gap: Why Companies Are Losing the Battle Against Non-targeted Attacks.” Authored by our chief data scientist Michael Roytman, the report examined the proliferation of non-targeted attacks and companies’ ability to counter these threats through quick remediation. Kenna analyzed 50,000… Read more »

Vulnerability Reporting for the Masses

Greg Howard    October 2, 2015

Don’t just rely on vulnerability counts to understand your exposure to threats and exploits—visualize your trending risk in real-time with trending reports. Our new trend reports are the best place to understand your true level of risk. Find out what your historical score has been, where you are currently, and where you are trending. And see the impact of your remediations, all… Read more »