Category Archives: Vulnerability Management

New Zero-Day Exploit Intelligence – Introducing Exodus

Greg Howard    August 1, 2016

One of Kenna’s primary differentiators is its use of external exploit intelligence. It’s that real-time context, informed by Kenna’s own proprietary, patented algorithm, which makes our customers’ vulnerability scan data tell a story. We’re able to provide a “headline news” of what’s happening in our customer’s environments and what threats they need to remediate quickly. (And by the way, when… Read more »

How to Budget for Vulnerability Management in 2017

Greg Howard    June 30, 2016

It’s almost budgeting season! (Yes, try to restrain your excitement.) At Kenna, we thought we’d offer a few (admittedly biased) thoughts on how to approach your vulnerability management budgeting process. Here’s a hint: it’s not just about the scanner anymore. It’s about automating the tedious and error-prone processes of prioritization and reporting. Read the full infographic below:

Collaborative Data Science – Inside the 2016 Verizon DBIR Vulnerability Section.

Michael Roytman    May 1, 2016

The best part about working in a nascent, yet-unsolved-perhaps-never-to-be-solved industry is that the smartest minds are often struggling with the same problems, and are only a tweet or a phone call away if you need help. I’ve had help from fellow data scientists, NIST and MITRE folk, competitors, practitioners, professors and the like. While rock-star-syndromes are surely out there and… Read more »

Must-Have Metrics for Vulnerability Management: Part 3

Ed Bellis    March 30, 2016

This is part 3 of a 3-part series on Must-Haves for Vulnerability Management. Read Part 1 here and Part 2 here. Must Have #4: Know Your Resources Once you have a good handle on your business, your assets, and what security risks are currently affecting your environment, you’ll need to understand your resources. What do you have at your disposal… Read more »

Must-Have Metrics for Vulnerability Management: Part 2

Ed Bellis    March 30, 2016

This blog is Part 2 in a 3-part series on Must-Have Metrics for Vuln Management. Read Part 1 here. Must-Have #2: Know Your Business In order to understand the most pertinent threats and measure the likelihood of exploits, you really need to understand these factors within the context of your business. A great way to apply this knowledge to security… Read more »

Must-Have Metrics for Vulnerability Management: Part I

Ed Bellis    March 29, 2016

In this series of blog posts, we’ll cover the must-have metrics for vulnerability management. The rising cadence of automated attacks means that security teams need to strive to make their own practices as precise and metric-driven as possible. Pouring through spreadsheets and creating 500-page PDFs is no longer enough to ensure that critical vulnerabilities are remediated in time. But what’s… Read more »

A Holiday Poem about…Vulnerability Management?

Greg Howard    December 11, 2015

We sent out a little poem to our customers, and we thought you might want to see it. Any resemblance to widely known holiday poems, either living or dead, is entirely coincidental. t’s almost year end, and you must understand Security pros everywhere are tired of their scans We’re talking Qualys, Nessus —Rapid7 too— Producing too much data and making… Read more »

Podcast: Closing the Remediation Gap

Greg Howard    November 30, 2015

Our lead data scientist Michael Roytman just participated in a fun podcast called Cybercrime & Business, in which he discusses one of the biggest challenges around vulnerability management: the time it takes organizations to remediate vulnerabilities, or the remediation gap. Michael talks about his research and how even “conservative” estimates found that the window of opportunity for many exploits remains significant: On… Read more »