Blog – Kenna Security

Vulnerability Management & Risk Intelligence

  • Keeping Score on BlueKeep

    Vulnerability management – the act of patching and mitigating avenues for security breaches in IT systems – overwhelms most organizations. Most security teams end each day with more...

    Read Article
  • Kenna Security and VMware Collaborate to Empower IT to Mitigate Vulnerability Risk

    Kenna Security and VMware Collaborate to Empower IT to Mitigate Vulnerability Risk

    Keeping the company secure has historically been the security organization’s job, but the reality of the threat landscape now and in the future requires other parts of the company to be involved....

    Read Article
  • Good, Better, Best: What Matters in Vulnerability Remediation

    Good, Better, Best: What Matters in Vulnerability Remediation

    Never cared for what they say Never cared for games they play Never cared for what they do… Forever trust in who you are And nothing else matters. — NOTHING ELSE MATTERS, METALLICA We are well...

    Read Article
  • A Vulnerability Score On Its Own Is Useless

    A Vulnerability Score On Its Own Is Useless

    An increasingly popular feature of modern vulnerability risk management platforms is to include a “score” for each vulnerability listed in the system. The purpose of the vulnerability score, of...

    Read Article
  • Must-Attend Talks At Black Hat & DEF CON

    Must-Attend Talks At Black Hat & DEF CON

    It’s almost time for security summer camp. To clarify, this isn’t your regular, bug spray and marshmallow laden summer camp, this is the yearly outing that is Black Hat USA 2019, DEF CON 27, and...

    Read Article
  • [Video] Turning Data Science Into Security Decisions

    [Video] Turning Data Science Into Security Decisions

    What do I work on today? In security that’s the only question that matters.  Find out from the source, the Kenna employees who work on it, how Kenna’s data science algorithms ingest, aggregate,...

    Read Article
  • One-fifth of the most-used Docker containers have at least one critical vulnerability

    One-fifth of the most-used Docker containers have at least one critical vulnerability

    When CVE-2019-5021 was released on May 8, it made me wonder how widespread the issue of vulnerabilities in popular containers is. Businesses have increasingly come to rely on containers as an...

    Read Article
  • Make Your Vulnerability Management Efforts Count

    Make Your Vulnerability Management Efforts Count

    Enterprises of all sizes are inundated with more vulnerabilities than their teams can ever hope to remediate, so they need a way to prioritize which to fix first. Unfortunately, most use the...

    Read Article
  • The Summer Reading List

    The Summer Reading List

    You love reading, we love reading. That’s why this summer Kenna Security is sharing with you a list of titles our research team have read, are reading, or look forward to reading this summer. The...

    Read Article
  • [Video] Using Data Science to Simplify Cybersecurity

    Security is at the forefront of everybody’s mind. You walk through the airport, you see cybersecurity. You install apps on your phone because you’re not secure. It’s sort of in everyone’s face....

    Read Article
  • The New Application Attack Surface

    The New Application Attack Surface

    This post comes as a result of a conversation between Tyler Shields, VP Strategy of Sonatype and myself.   The way we create, deploy and operate applications has changed in the last few years....

    Read Article
  • Nearly 20% of the 1000 Most Popular Docker Containers Have No Root Password

    Nearly 20% of the 1000 Most Popular Docker Containers Have No Root Password

    Earlier this month, Talos released research showing that the Alpine Linux docker images were shipping with no (or nulled) root passwords. Alpine patched the docker files, and issued their response...

    Read Article
  • Predicting CVE-2019-0708

    Predicting CVE-2019-0708

    UPDATE 20190723: A working exploit is now available in Immunity Canvas. UPDATE 20190719: A technical document from Keenlab was posted detailing how to exploit the vulnerability. UPDATE 20190604:...

    Read Article
  • Gaining Visibility in an AppSec World

    Gaining Visibility in an AppSec World

    It’s no secret that application security professionals face an uphill battle as they attempt to influence development teams to remediate critical application vulnerabilities. But why is it such a...

    Read Article
  • Get Ahead of Zero-Day Vulnerabilities With Kenna Security + Exodus Intelligence

    Get Ahead of Zero-Day Vulnerabilities With Kenna Security + Exodus Intelligence

    Zero-days vulnerabilities are unknown vulnerabilities. The exact definition is that they are vulnerabilities that have not been released to the public. The problem is that attackers may discover...

    Read Article
  • “New-School” Vulnerability Management vs. Old-School Vulnerability Management: A 7 Round Smackdown

    “New-School” Vulnerability Management vs. Old-School Vulnerability Management: A 7 Round Smackdown

    I’ve been talking about the benefits of adopting a risk-based approach to vulnerability management (VM) for some time now. Since Jeff Heuer and I founded Kenna Security, in fact. For those of you...

    Read Article
  • Learn How to Build a World-Class Application Security Program

    Learn How to Build a World-Class Application Security Program

    Despite the growing importance of application security in organizations of all sizes, most face an increasing number of challenges to implement a strong application security program. Custom code,...

    Read Article
  • Genpact Steps Off the Vulnerability Management Treadmill

    Genpact Steps Off the Vulnerability Management Treadmill

    John Morin, Customer Success Manager, Kenna Security Let’s face it, vulnerability management is challenging. Larger companies can have tens of thousands of assets and millions of vulnerabilities....

    Read Article
  • Kenna Security Makes Noise at RSAC

    Kenna Security Makes Noise at RSAC

    Last week, more than 40,000 security professionals packed the relatively small city of San Francisco for the annual RSA Conference (RSAC). As the largest security conference in the world, RSAC...

    Read Article
  • Don’t Stop Me Now: The Race to Remediation Is On

    Don’t Stop Me Now: The Race to Remediation Is On

    “That’s why they call me Mr. Fahrenheit, cause I’m patching at the speed of light!” – Freddie Mercury(ish). Over the past several months, my team and I have worked with the Cyentia Institute to...

    Read Article
  • loading
    Loading More...