Tag Archives: remediation

The Spectre & Meltdown Vulnerabilities: A Risk Based Approach To Remediation

Ed Bellis    January 5, 2018

There’s been a lot information and chatter about 3 new vulnerabilities identified by researchers with some working exploits by Google’s Project Zero demonstrating a new class of timing attacks that work on most modern CPUs. First a little background: There are 3 known variants affecting different processors: CVE-2017-5753, CVE-2017-5754, CVE-2017-5715. These can affect Intel, ARM and AMD processors. Since not… Read more »

Nonprofits Cannot Ignore CyberSecurity

Chloe Messdaghi    October 26, 2017

Prior to joining Kenna Security, I worked with a number of nonprofits around the world. Each focused on providing shelter, education, health services, and food to children in need. The mission was clear and critical. Executing that mission wasn’t so easy. Nonprofits run on donated money. Though our goal was to save children, the strategy to drive the mission forward… Read more »

Equifax Lessons: Risk Hunting at Scale

Michael Roytman    September 15, 2017

This past week has seen another high profile breach in the news, one of the largest ever, and apparently the result of a known vulnerability.  Looking back at our analysis of the WannaCry attacks, we examined what we could  learn about prioritization from our 1 billion vulnerabilities under management. Out of those billion vulnerabilities, 259,451,953 were CVSS score of 9… Read more »

August 24th – Kenna Platform Demo

Chloe Messdaghi    August 15, 2017

Wish you weren’t overwhelmed by a metric ton of vulnerabilities? Wish you had a better way to understand your company’s exposure to risk? In 30 minutes, discover how the Kenna platform grants those wishes, and more. During the demo, we will cover: How Kenna’s algorithm works to correlate scan data with real-world exploit intelligence How to get started with a Kenna… Read more »

A Wannacry Post That Doesn’t Make Me Want To Cry

Ed Bellis    May 17, 2017

OK, admittedly, I am the last one who wanted to write Yet Another Post About WannaCry. There’s a ton of noise out there about the topic, both good and bad. As a CISO, I loathed all the “me too” coverage and “if you just bought our product you’d be safe” pitches following big security incidents. But this isn’t that post…… Read more »

Creating Risk Management Metrics that Matter

Ed Bellis    March 10, 2017

As a security team, you are what you measure. The problem is that too many security teams are tracking vulnerabilities, not measuring risk. This post examines how vital it is for security teams to establish risk-based metrics, offering examples of both the right and wrong measures to use. The paper then looks at the key steps to building risk management… Read more »

Clash of the Titans: How InfoSec and Remediation Teams Can Finally Get Along

Ed Bellis    October 26, 2016

Why the bad blood between InfoSec and Remediation teams? The reality is, they need each other. They just don’t always work alongside each other, or use the same metrics, or see things the same way, or…well, let’s just say there’s a lot of baggage there. Why We Can’t All Just Get Along Within many organizations, security teams and remediation teams… Read more »

New Zero-Day Exploit Intelligence – Introducing Exodus

Greg Howard    August 1, 2016

One of Kenna’s primary differentiators is its use of external exploit intelligence. It’s that real-time context, informed by Kenna’s own proprietary, patented algorithm, which makes our customers’ vulnerability scan data tell a story. We’re able to provide a “headline news” of what’s happening in our customer’s environments and what threats they need to remediate quickly. (And by the way, when… Read more »

Celebrity Treatment: How Vulns are Being Hyped, and When to Pay Attention

Ed Bellis    July 15, 2016

Like it or not, we live in an era of manufactured celebrity and large-scale hype creation. While this can make it easy to keep tabs on movie stars’ relationships, it doesn’t help security teams stay on top of what’s really important. To prioritize their efforts, there are five factors security teams should look at in assessing the true risk of… Read more »

Moving from Vulnerability Remediation to Risk Measurement

Ed Bellis    June 6, 2016

Fighting security threats is hard enough, but it’s pretty much impossible if you’re fighting wrong battles. However, that’s what you’re doing if you’re focused on vulnerability remediation. I see it all the time: Security teams live by their spreadsheets. They have lists of vulnerabilities. They stack rank them by severity, start with the most critical, and commence to work through… Read more »