Home > Categories > Governance, Risk and Compliance > Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

Software Category

Governance, Risk and Compliance

Write Review

Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

What Happened?

Kenna Security deployed its new data-driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind. These risk-based SLAs will draw on Kenna’s data and experience collected in over a decade of cybersecurity. Kenna.VM comes with CrowdStrike’s Falcon Spotlight endpoint detection and Twistlock container security tool. The product offers a strong analytical source from which to manage and understand your business’s security risk tolerance and security level.

Source: SoftwareReviews Kenna Security, Accessed May 7, 2020

Kenna Security’s goal is to help an organization determine what risk level is acceptable for their business. By understanding your appropriate risk tolerance level, Kenna Security can recommend appropriate SLAs that are based on risk and a data-driven approach, not recommendations based on arbitrary timelines. As Jason Rolleston, chief product officer at Kenna Security said, “effective cybersecurity is about managing acceptable risk.” In conjunction with CrowdStrike and Twistlock, Kenna Security offers an accurate picture of a company’s security risk landscape.

The vendor also provides Kenna.VI, which is a research tool to be used in tandem with Kenna.VM. Kenna.VI’s database is based on years of research conducted by Kenna Security and its partners. Companies can use this to search for Common Vulnerabilities and Exposures (CVEs) that are being exploited. This allows for businesses to prepare their security networks for these contingencies and harden their defenses in relation to the vulnerabilities that they are most likely to face. Thus, Kenna.VI saves team resources and cuts down on spending.

Our Take

Any security program offered in a bundle will often provide a comprehensive overview of the security status of a business. This is for two reasons. First, patch data can come from a multitude of sources, not just internal scanners and, by partnering with additional cybersecurity partners, Kenna Security’s analysis of a business’s internal security tolerance and vulnerabilities comes from multiple sources, increasing the fiduciary relationship of each data set.

Second, Kenna.VM is designed to be as simple as possible for IT and security to interact with one another. The Hierarchical Risk Meters (HRMs) show intuitive visualization of the organization’s assets. These HRMs can also dig deeper to analyze CVE score histories – offering even more clarity into the risks the business faces and how security has changed over time. Kenna.VM and VI, together with their partners, offer a great depth of knowledge and resources for businesses to use to understand their security risk and tolerance. Especially important is knowing what unique threats your business faces. When a budget is tight, being able to redirect funding to known threat vectors instead of a generalized program is an excellent cost-savings method while still addressing the security needs of the business.

The principle of having only one vendor as part of your vulnerability management platform was the norm for a long period of time. More and more, we are seeing vendors combining their strengths by working with other vendors as a package deal to augment and enhance any failing between their offerings. On the consumer end, the benefits of multiple vendors working to secure your network gives you more eyes on the scene, alternative perspectives, and insights that would have otherwise been missed.

Want to Know More?

Design and Implement a Vulnerability Management Program

Build and Information Security Strategy for Small Enterprises

Vulnerability Management Policy

Other Recent Research in Governance, Risk and Compliance

Governance, Risk and Compliance

FBI Looking to Implement a Governance Risk Compliance Tool

The Department of Justice is looking to acquire a GRC tool for the Office of the CIO within the FBI’s Enterprise Information Security Section.

Governance, Risk and Compliance

IAPP’s 2020 Privacy Tech Vendor Report Highlights Data Subject Request (DSR) Feature

The International Association of Privacy Professionals (IAPP) has released its 2020 Privacy Tech Vendor report, reviewing key software solution vendors within the space. This year’s report highlighted the recent addition of Data Subject Request (DSR) to the feature categories.

Governance, Risk and Compliance

Titus’ Timely Release of Illuminate 2020 Pushes Privacy Angle

In early March, Titus released Titus Illuminate 2020, which was the company’s answer to the question of analyzing data at rest. This latest version of Illuminate leverages machine learning and AI in an effort to manage data that contains potentially sensitive or high-risk personal information.

Governance, Risk and Compliance

PHEMI: A Data Privacy Tool for Healthcare Providers

PHEMI is a data privacy solution focused on keeping data-processing activities secure by redacting information based on the role of the accessor. Thus, allowing such data to be used for multiple use cases without compromising privacy.