Category Archives: Remediation

The Spectre & Meltdown Vulnerabilities: A Risk Based Approach To Remediation

Ed Bellis    January 5, 2018

There’s been a lot information and chatter about 3 new vulnerabilities identified by researchers with some working exploits by Google’s Project Zero demonstrating a new class of timing attacks that work on most modern CPUs. First a little background: There are 3 known variants affecting different processors: CVE-2017-5753, CVE-2017-5754, CVE-2017-5715. These can affect Intel, ARM and AMD processors. Since not… Read more »

Nonprofits Cannot Ignore CyberSecurity

Chloe Messdaghi    October 26, 2017

Prior to joining Kenna Security, I worked with a number of nonprofits around the world. Each focused on providing shelter, education, health services, and food to children in need. The mission was clear and critical. Executing that mission wasn’t so easy. Nonprofits run on donated money. Though our goal was to save children, the strategy to drive the mission forward… Read more »

Equifax Lessons: Risk Hunting at Scale

Michael Roytman    September 15, 2017

This past week has seen another high profile breach in the news, one of the largest ever, and apparently the result of a known vulnerability.  Looking back at our analysis of the WannaCry attacks, we examined what we could  learn about prioritization from our 1 billion vulnerabilities under management. Out of those billion vulnerabilities, 259,451,953 were CVSS score of 9… Read more »

Malware exploitable vulnerabilities – Addressing the root cause

Michael Roytman    July 24, 2017

Today, we’re excited to announce our partnership with ReversingLabs – a leader in the world of malware research and analysis. Using metadata about malware samples submitted to ReversingLabs, and focusing on the subset of malware for which we know the Exploit that was used, we can start to treat the root cause of the problem. This is done by notifying… Read more »

Clash of the Titans: How InfoSec and Remediation Teams Can Finally Get Along

Ed Bellis    October 26, 2016

Why the bad blood between InfoSec and Remediation teams? The reality is, they need each other. They just don’t always work alongside each other, or use the same metrics, or see things the same way, or…well, let’s just say there’s a lot of baggage there. Why We Can’t All Just Get Along Within many organizations, security teams and remediation teams… Read more »

New Zero-Day Exploit Intelligence – Introducing Exodus

Greg Howard    August 1, 2016

One of Kenna’s primary differentiators is its use of external exploit intelligence. It’s that real-time context, informed by Kenna’s own proprietary, patented algorithm, which makes our customers’ vulnerability scan data tell a story. We’re able to provide a “headline news” of what’s happening in our customer’s environments and what threats they need to remediate quickly. (And by the way, when… Read more »

Podcast: Closing the Remediation Gap

Greg Howard    November 30, 2015

Our lead data scientist Michael Roytman just participated in a fun podcast called Cybercrime & Business, in which he discusses one of the biggest challenges around vulnerability management: the time it takes organizations to remediate vulnerabilities, or the remediation gap. Michael talks about his research and how even “conservative” estimates found that the window of opportunity for many exploits remains significant: On… Read more »

New Kenna Research: The Remediation Gap

Greg Howard    October 12, 2015

Following on our work in this year’s Verizon Data Breach Information Report, Kenna recently published a kind of sequel: “The Remediation Gap: Why Companies Are Losing the Battle Against Non-targeted Attacks.” Authored by our chief data scientist Michael Roytman, the report examined the proliferation of non-targeted attacks and companies’ ability to counter these threats through quick remediation. Kenna analyzed 50,000… Read more »

Vulnerability Reporting for the Masses

Greg Howard    October 2, 2015

Don’t just rely on vulnerability counts to understand your exposure to threats and exploits—visualize your trending risk in real-time with trending reports. Our new trend reports are the best place to understand your true level of risk. Find out what your historical score has been, where you are currently, and where you are trending. And see the impact of your remediations, all… Read more »

The Three CVEs that You’re Not Paying Attention to (But Probably Should)

Michael Roytman    June 17, 2015

The Risk I/O philosophy is all about fixing what matters – that is, using data to make decisions that make the most of the limited actions you can take in a day, a week, a month. It’s not about the sheer volume of vulnerabilities that your team closes — it’s closing the ones that reduce your overall risk the most…. Read more »