New Product Updates Enable Intuitive, Data-Driven Vulnerability Management

April 28, 2020 Jason Rolleston

Even though we’re all remote these days, we can feel the excitement here at Kenna Security today as we unveil some exciting updates to our existing modern vulnerability management product, Kenna.VM, and introduce a brand new product that I’m incredibly excited to tell you about.

The “everything is at risk” approach to vulnerability management has been costing businesses time and money for too long. Given the collective intelligence the Kenna Security team has gained from working with some of the world’s largest and most complex organizations, I’d say we’ve been put in a unique position to help organizations succeed at vulnerability management. And true success with vulnerability management is really only possible when security and IT teams have the right tools to work together, strategically. Many of today’s updates are making it easier to enable exactly that. 

I’d love to spend some time today talking to you about our new product updates in a little bit more detail than what we could fit into a single press release. So, here goes:

Risk-Based SLAs 

Without a doubt, the most exciting piece of today’s news is the availability of risk-based service-level agreements (SLAs) for Kenna customers. Your team can now set intelligent, evidence-based SLAs and then work to meet or even beat them. Gone are the days of needing to rely on arbitrary 30-, 60-, 90-day remediation deadlines. With Kenna, you can determine the right level of risk for your organization and receive suggested timeframes based on data.

We’re really excited to be able to deliver these types of recommendations—it’s something that really isn’t possible without the type of data and research that Kenna Security has collected over the last decade. We have worked with organizations in various stages of maturity in terms of their vulnerability management program, and one thing we’ve learned is that as organizations mature, the conversation becomes less about how to reduce your risk score and more about how to efficiently respond to risk proactively and maintain an acceptable level risk. We’re confident that our patent-pending risk-based SLAs are going to be instrumental in helping companies achieve this. 

New Connectors with CrowdStrike and Twistlock

We’ve added two new connectors to our vulnerability management platform. Connectors with CrowdStrike’s Falcon Spotlight endpoint detection and response (EDR) and the Twistlock container security tool will give you the ability to make use of rich data coming from diverse sources within your environment. These connectors speak to our belief in a multi-vendor approach that allows our customers to get the most realistic picture of risk in their environment. 

Hierarchical Risk Meters

We know that many security tools can be an IT headache, and we’re always looking for ways to help our many IT users have a more intuitive and efficient experience within Kenna.VM. The latest updates to Kenna.VM include hierarchical risk meters (HRMs), which allow large enterprises to simplify asset management by organizing risk meters more intuitively. For example, you can add a child risk meter, where the child is a subset of its parent with additive filters, enabling a better visual hierarchy and a more intuitive way to assign permissions. You can see examples below of what these types of risk meters might look like. 

Enhanced CVE Score Transparency

We’re also offering enhanced CVE score transparency in the API, which essentially will help users better understand the “what” and “when” behind our CVE scores. This means that you can easily query and view CVE score histories yourself, without having to wait on support. This is particularly useful again for IT users, who benefit from additional context behind a CVE score change. This, in addition to HRMs, help facilitate the kind of “self-service” model for IT that we know makes a significant difference in the efficiency of a vulnerability management program. 

Kenna.VI and Kenna.VI+ 

Last but absolutely not least, I’ll talk a bit about our newest product: Kenna.VI. At Kenna, we know how much more effective it is to take a proactive, rather than reactive approach to VM. We pride ourselves on providing evidence-based guidance and predictive data science that allows businesses like yours to stay ahead of the next major threat. 

With Kenna.VI, a new vulnerability research tool, we’re putting rich, real-time threat intelligence at your fingertips. Kenna.VI combines real-world threat intel—not theory or guesswork—with rigorous data science. Your security team can now confidently identify and understand the most important threats to watch and which ones to address. And with predictive insights to highlight trends and imminent threats, you’re empowered with instant vigilance over an ever-changing attack surface. 

What you get with Kenna.VI is something unique in the industry: a unified source of curated and processed intelligence that encompasses vulnerability volume and velocity contextual data, and more than 15 threat intelligence feeds, including hacker forums, exploit-kit resources, and real-time exploits. This type of data makes it easy for security teams to proactively answer questions about new vulnerabilities, such as “Has it already been exploited? Is there a high likelihood that it will be? Are there fixes already available?” 

Kenna.VI offers users access to an intuitive UI in which they can search and browse our vulnerability intel database. For organizations that are seeking to use this kind of data beyond simple research, we also offer Kenna.VI+, an exponentially more powerful tool that includes access to our RESTful API, which will allow users to query and export vulnerability data and use that data as they see fit in their vulnerability management program. We’re really excited to see Kenna.VI become a reality, because we believe that this product is extremely well suited for many organizations that would benefit from Kenna Security’s rich vulnerability intel but are restricted by industry regulations that make it impossible to share data via the cloud. With Kenna.VI, for the first time, organizations that fit this bill will be able to access and use Kenna Security’s intel.

And there you have it—the latest from Kenna Security. If you’d like to learn more about our added risk-based SLA capabilities, join me for my next webinar, where I’ll discuss how your organization can now leverage Kenna’s years of research and data to guide SLAs and ultimately stay ahead of your next threat. I could go on and on about how our new product and features can help your business save time and resources but I recommend you see for yourself and sign up for a demo. I think you’ll be very glad you did. 

The post New Product Updates Enable Intuitive, Data-Driven Vulnerability Management appeared first on Kenna Security.

Previous Article
Introducing SLAs for Vulnerability Management
Introducing SLAs for Vulnerability Management

Difficult tasks with arbitrary deadlines.  If you work in cybersecurity, difficult tasks are nothing new. B...

Next Article
The Cost Savings of Effective Vulnerability Management (Part 1)
The Cost Savings of Effective Vulnerability Management (Part 1)

As our world grapples with a changing economy, most businesses are being asked to stretch budgets as far as...