Home > Categories > IT Asset Management > Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

Software Category

IT Asset Management

Write Review

Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

What Happened?

Kenna Security deployed its new data-driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind. These risk-based SLAs will draw on Kenna’s data and experience collected in over a decade of cybersecurity. Kenna.VM comes with CrowdStrike’s Falcon Spotlight endpoint detection and Twistlock container security tool. The product offers a strong analytical source from which to manage and understand your business’s security risk tolerance and security level.

Source: SoftwareReviews Kenna Security, Accessed May 7, 2020

Kenna Security’s goal is to help an organization determine what risk level is acceptable for their business. By understanding your appropriate risk tolerance level, Kenna Security can recommend appropriate SLAs that are based on risk and a data-driven approach, not recommendations based on arbitrary timelines. As Jason Rolleston, chief product officer at Kenna Security said, “effective cybersecurity is about managing acceptable risk.” In conjunction with CrowdStrike and Twistlock, Kenna Security offers an accurate picture of a company’s security risk landscape.

The vendor also provides Kenna.VI, which is a research tool to be used in tandem with Kenna.VM. Kenna.VI’s database is based on years of research conducted by Kenna Security and its partners. Companies can use this to search for Common Vulnerabilities and Exposures (CVEs) that are being exploited. This allows for businesses to prepare their security networks for these contingencies and harden their defenses in relation to the vulnerabilities that they are most likely to face. Thus, Kenna.VI saves team resources and cuts down on spending.

Our Take

Any security program offered in a bundle will often provide a comprehensive overview of the security status of a business. This is for two reasons. First, patch data can come from a multitude of sources, not just internal scanners and, by partnering with additional cybersecurity partners, Kenna Security’s analysis of a business’s internal security tolerance and vulnerabilities comes from multiple sources, increasing the fiduciary relationship of each data set.

Second, Kenna.VM is designed to be as simple as possible for IT and security to interact with one another. The Hierarchical Risk Meters (HRMs) show intuitive visualization of the organization’s assets. These HRMs can also dig deeper to analyze CVE score histories – offering even more clarity into the risks the business faces and how security has changed over time. Kenna.VM and VI, together with their partners, offer a great depth of knowledge and resources for businesses to use to understand their security risk and tolerance. Especially important is knowing what unique threats your business faces. When a budget is tight, being able to redirect funding to known threat vectors instead of a generalized program is an excellent cost-savings method while still addressing the security needs of the business.

The principle of having only one vendor as part of your vulnerability management platform was the norm for a long period of time. More and more, we are seeing vendors combining their strengths by working with other vendors as a package deal to augment and enhance any failing between their offerings. On the consumer end, the benefits of multiple vendors working to secure your network gives you more eyes on the scene, alternative perspectives, and insights that would have otherwise been missed.

Want to Know More?

Design and Implement a Vulnerability Management Program

Build and Information Security Strategy for Small Enterprises

Vulnerability Management Policy

Other Recent Research in IT Asset Management

IT Asset Management

Rapid7 Penetration Tests Show That Businesses Are Getting Better at Network Security

We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.

IT Asset Management

IBM Zero-Day Vulnerabilities Leave Enterprises Open to Remote Execution Attacks

Four zero-day vulnerabilities were discovered in IBM’s Data Risk Manager. While the vulnerabilities are concerning, more so is IBM’s response when addressed. The company simply stated, “It’s out of scope.” – meaning it had no intention to rectify or address the issue.

IT Asset Management

Will New IoT Security Frameworks Push Compliance Obligations to the Forefront of Security Discussions?

The Internet of Things is increasingly embedded with our daily lives. While these devices make life more accessible, for every new device, a new attack vector for cyberattackers is created.