Creating Risk Management Metrics that Matter

Ed Bellis    March 10, 2017

As a security team, you are what you measure. The problem is that too many security teams are tracking vulnerabilities, not measuring risk. This post examines how vital it is for security teams to establish risk-based metrics, offering examples of both the right and wrong measures to use. The paper then looks at the key steps to building risk management… Read more »

Introducing Easy, Accessible, Relevant 0-Day Data — via Exodus

Greg Howard    February 7, 2017

We’re thrilled to announce the go-live of our partnership with Exodus, giving us the ability to offer our customers premium access to 0-day data. Many of our customers have sophisticated vulnerability management programs, and they care a great deal about fortifying their efforts with zero-day intelligence. However, zero-day information is extraordinarily difficult to integrate with internal assets and meta data,… Read more »

Moving to a Risk-Based Approach: Kenna’s New Funding​

Karim Toubba    December 8, 2016

It’s been an exciting time at Kenna; we recently announced that we closed our Series B funding, a $15M round led by PeakSpan Capital. It’s a milestone that means far less to me in regards to money than it does in regards to the validation of our perspective on security and risk. When Kenna first began this journey, our point-of-view… Read more »

Clash of the Titans: How InfoSec and Remediation Teams Can Finally Get Along

Ed Bellis    October 26, 2016

Why the bad blood between InfoSec and Remediation teams? The reality is, they need each other. They just don’t always work alongside each other, or use the same metrics, or see things the same way, or…well, let’s just say there’s a lot of baggage there. Why We Can’t All Just Get Along Within many organizations, security teams and remediation teams… Read more »

New Zero-Day Exploit Intelligence – Introducing Exodus

Greg Howard    August 1, 2016

One of Kenna’s primary differentiators is its use of external exploit intelligence. It’s that real-time context, informed by Kenna’s own proprietary, patented algorithm, which makes our customers’ vulnerability scan data tell a story. We’re able to provide a “headline news” of what’s happening in our customer’s environments and what threats they need to remediate quickly. (And by the way, when… Read more »

Celebrity Treatment: How Vulns are Being Hyped, and When to Pay Attention

Ed Bellis    July 15, 2016

Like it or not, we live in an era of manufactured celebrity and large-scale hype creation. While this can make it easy to keep tabs on movie stars’ relationships, it doesn’t help security teams stay on top of what’s really important. To prioritize their efforts, there are five factors security teams should look at in assessing the true risk of… Read more »

How to Budget for Vulnerability Management in 2017

Greg Howard    June 30, 2016

It’s almost budgeting season! (Yes, try to restrain your excitement.) At Kenna, we thought we’d offer a few (admittedly biased) thoughts on how to approach your vulnerability management budgeting process. Here’s a hint: it’s not just about the scanner anymore. It’s about automating the tedious and error-prone processes of prioritization and reporting. Read the full infographic below:

Moving from Vulnerability Remediation to Risk Measurement

Ed Bellis    June 6, 2016

Fighting security threats is hard enough, but it’s pretty much impossible if you’re fighting wrong battles. However, that’s what you’re doing if you’re focused on vulnerability remediation. I see it all the time: Security teams live by their spreadsheets. They have lists of vulnerabilities. They stack rank them by severity, start with the most critical, and commence to work through… Read more »

The 2016 DBIR

Karim Toubba    May 11, 2016

This month Kenna Security participated in the Verizon data breach report, and for the second year running we used our data to drive the perspective of the vulnerability section. Since then there have been some questions and criticisms of a specific subset of the data referenced in a footnote in the vulnerability section – namely the top 10 vulnerability list…. Read more »

Collaborative Data Science – Inside the 2016 Verizon DBIR Vulnerability Section.

Michael Roytman    May 1, 2016

The best part about working in a nascent, yet-unsolved-perhaps-never-to-be-solved industry is that the smartest minds are often struggling with the same problems, and are only a tweet or a phone call away if you need help. I’ve had help from fellow data scientists, NIST and MITRE folk, competitors, practitioners, professors and the like. While rock-star-syndromes are surely out there and… Read more »