On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years. Organizations often have a tough time knowing how well their security programs are performing against other businesses in the same industry. With this new benchmarking tool Kenna Security is providing businesses with more information to make informed decisions about how best to proceed with their vulnerability management programs.
Source: SoftwareReviews Product Scorecard, Accessed June 3, 2020.
Kenna Security’s short and simple Prioritization to Prediction Benchmark Survey is an excellent way to get a quick overview of your business’ vulnerability management program. The nine-question survey provides a high-level analysis of your current vulnerability management structure and compares your answers with those of other businesses. Companies are evaluated based on the maturity of their practices, their vulnerability management responses, remediation SLAs, patch deployment methods, and several other security dimensions. This gives businesses further insight and knowledge of both their successes and their failings with their respective vulnerability management programs.
Often a business’ first questionis “how are we doing compared to others in our industry?” Using Kenna Security’s benchmarking tool, businesses obtain a high-level answer to this question. Having any sort of benchmark is useful as a start to evaluating the performance of your vulnerability management program. Furthermore, as Kenna Security notes, having some form of quantifiable document to present to management or executives is a great way to get initiative buy-in or highlight areas of success or concern.
For each question on the survey, you are asked to evaluate some aspect of your vulnerability management program. Info-Tech recommends that you have at least one other decision-maker present to make sure your answers are representative of the business and comprehensive of the whole business picture. Once the survey is complete, for each question you answered you are given a statistical representation of your average and how you compare to other businesses. This report can give you a data-backed understanding of how your vulnerability management program is doing and confirmation of successes. This is a free offering from Kenna Security, so there is little in terms of downsides to filling out the survey. Whether you use this report as validation of the current vulnerability management program or as a method of enhancing the program, the benchmark survey is a great way to gain insight into current and future performance of your vulnerability management program.
By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
Microsoft recently previewed the specific features to tackle data security and risk management for end users with Microsoft Endpoint Data Loss Prevention (DLP) and Double Key Encryption. The reason for the launch? The increasing shift towards a remote work environment and a need to mitigate the accompanying risks.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
To bolster and broaden its data privacy capabilities for end users, cyber and data protection vendor Acronis has acquired DLP player DeviceLock. The acquisition aligns with the increasingly prevalent role that data privacy plays in cybersecurity.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.
I recently had the opportunity to speak with Jason Rohlf, VP Solutions, Mark Scheinkoenig, VP Commercial Sales, and Emily Figg, VP Marketing about their GRC solution at Onspring to discuss the product audience and upcoming features.