Tag Archives: security

Clash of the Titans: How InfoSec and Remediation Teams Can Finally Get Along

Ed Bellis    October 26, 2016

Why the bad blood between InfoSec and Remediation teams? The reality is, they need each other. They just don’t always work alongside each other, or use the same metrics, or see things the same way, or…well, let’s just say there’s a lot of baggage there. Why We Can’t All Just Get Along Within many organizations, security teams and remediation teams… Read more »

New Zero-Day Exploit Intelligence – Introducing Exodus

Greg Howard    August 1, 2016

One of Kenna’s primary differentiators is its use of external exploit intelligence. It’s that real-time context, informed by Kenna’s own proprietary, patented algorithm, which makes our customers’ vulnerability scan data tell a story. We’re able to provide a “headline news” of what’s happening in our customer’s environments and what threats they need to remediate quickly. (And by the way, when… Read more »

Celebrity Treatment: How Vulns are Being Hyped, and When to Pay Attention

Ed Bellis    July 15, 2016

Like it or not, we live in an era of manufactured celebrity and large-scale hype creation. While this can make it easy to keep tabs on movie stars’ relationships, it doesn’t help security teams stay on top of what’s really important. To prioritize their efforts, there are five factors security teams should look at in assessing the true risk of… Read more »

How to Budget for Vulnerability Management in 2017

Greg Howard    June 30, 2016

It’s almost budgeting season! (Yes, try to restrain your excitement.) At Kenna, we thought we’d offer a few (admittedly biased) thoughts on how to approach your vulnerability management budgeting process. Here’s a hint: it’s not just about the scanner anymore. It’s about automating the tedious and error-prone processes of prioritization and reporting. Read the full infographic below:

Moving from Vulnerability Remediation to Risk Measurement

Ed Bellis    June 6, 2016

Fighting security threats is hard enough, but it’s pretty much impossible if you’re fighting wrong battles. However, that’s what you’re doing if you’re focused on vulnerability remediation. I see it all the time: Security teams live by their spreadsheets. They have lists of vulnerabilities. They stack rank them by severity, start with the most critical, and commence to work through… Read more »

The 2016 DBIR

Karim Toubba    May 11, 2016

This month Kenna Security participated in the Verizon data breach report, and for the second year running we used our data to drive the perspective of the vulnerability section. Since then there have been some questions and criticisms of a specific subset of the data referenced in a footnote in the vulnerability section – namely the top 10 vulnerability list…. Read more »

Reporting on Risk: One Metric to Bind Them All

Ed Bellis    January 11, 2016

In my previous post, I discussed ways that organizations have typically reported on risk: namely, talking about the number of closed vulnerabilities. I discussed how most stakeholders (and particularly non-technical executives) can’t make heads nor tails out of that kind of reporting. So what’s the best way to truly report on risk? Your first step is to understand the criticality… Read more »

How Reporting on Risk to the Board is Being Done Today

Ed Bellis    January 4, 2016

When I ran security at Orbitz, reporting on risk was always a challenge. My team wanted to ensure that we had a clear way to paint a picture of the organization’s exposure to risk—as well as describe the actions we had taken, month by month, in order to reduce that risk. But frankly, we weren’t very good at it. We… Read more »

Podcast: Closing the Remediation Gap

Greg Howard    November 30, 2015

Our lead data scientist Michael Roytman just participated in a fun podcast called Cybercrime & Business, in which he discusses one of the biggest challenges around vulnerability management: the time it takes organizations to remediate vulnerabilities, or the remediation gap. Michael talks about his research and how even “conservative” estimates found that the window of opportunity for many exploits remains significant: On… Read more »