Build your risk-based vulnerability program
Contact Us
Talk to an Expert
Request a demo

10 Years of Kenna Security. 10 Days of Tips from Our Experts

Dec 9, 2020
Kenna Security

Share with Your Network

This month, Kenna Security turns 10. It’s a big milestone, to be sure, and it’s one we’re proud of. And as the company that pioneered risk-based vulnerability management (RBVM) and is now leading the push for modern vulnerability management, we’ve amassed a good bit of expertise and best practices that Security and IT organizations can use to reduce cyber risk.

So in the spirit of giving (‘tis the season, after all), we’re marking our first 10 years of innovation by sharing 10 days of vulnerability management tips from our experts. Each day through Dec. 10, you can return for a new tip and meet our team of tipsters.

We call it #Kenna10for10.

Tip #1

Want to drive down risk? Assign discrete remediation teams based on asset classes or functions, and have them compete to reduce their risk scores.

This tip comes from Kenna co-founder and CTO Ed Bellis. As the recognized father (godfather? princeling?) of RBVM and the former CISO of online travel giant Orbtiz, Ed knows firsthand what it means to face the prospect of remediating thousands of so-called “priority” vulns without a clear sense of which 2% to 4% actually pose a risk to your organization. In fact, that’s why Ed joined forces with Jeff Heuer to found Kenna 10 years ago. Follow him at @ebellis.

Tip #2

Remove patching objections by building out a well-documented and defined testing process to allay fears of unintended consequences.

This useful insight comes courtesy of Jerry Gamblin. As the principal security engineer for Kenna Security, Jerry directs highly technical security projects and knows what works and what doesn’t. People use words like “high caliber” and “visionary” to describe Jerry, so you may want to follow him at @jgamblin.

Tip #3

Shut down entire classes of vulnerabilities at once by disabling underlying enablers like macros. Explicitly disallow them by pushing a policy via your Active Directory.

Linda Brown, author of today’s tip, knows all about efficiently knockin’ down vulns. After spending years working directly with Kenna customers as a top-performing member of our customer success team, Linda now heads up technical product management at Kenna. Linda’s a problem solver and a people helper, and her track record with our customers proves that she’s remarkably effective at both. Follow her at @LindaMarieBrown.

Tip #4

Stay focused on what matters by nailing the fundamentals: identify, assess and prioritize your vulnerabilities.

Today’s tip comes from Charles Coaxum, our vice president of customer experience (CX) and resident CX thought leader. Charles and his team implement the best practices that define the state of the art in RBVM. If you follow him at @crcoaxum, you’ll no doubt learn some of what he’s picked up in his 14+ years in project management and customer success leadership at Oracle, AT&T, Centrify, Demandbase, and others.

Tip #5


Assign fast SLAs to your riskiest vulnerabilities. Just 2% of vulnerabilities are successfully exploited, so remediate those highest-risk vulns within days. You can take more time with the rest.

Our fifth tip in our #Kenna10for10 series comes from Michael Roytman, chief data scientist at Kenna. Michael is co-founder of the Dharma Platform, is a sought-after speaker, and is a Forbes 30 under 30 list alum. And if all that wasn’t enough to make the rest of us feel like worthless Netflix bingers, he also founded a thriving coffee roastery and cafe in Chicago. Follow him at @mroytman.

Tip #6

Making a case for tech refresh? Half of vulnerabilities affecting old, unsupported Windows platforms remain open well beyond two years.

Another tip from Ed Bellis, whose guiding hand helps us publish our popular Prioritization to Prediction research series in conjunction with Cyentia Institute. This helpful tip stems from that research.

Tip #7

Routinely monitor and audit your security scanners to ensure they scan and authenticate all assets fully and correctly. 

Jerry Gamblin returns with a tip that is likely to spare you some unpleasant and costly surprises.

Tip #8

Ensure asset management is solid and accurate. That way you can know which assets represent the biggest risk if compromised–and you can ID the right teams to remediate them.

This tip from Linda Brown is a nice companion piece to Tip #7. Knowing as much as you can about the assets you and your teams are responsible for is key to your success.

Tip #9

Results follow accessibility: By ensuring IT can directly access prioritized risk information, you’ll reduce turf wars and cut remediation time.

If anybody knows how to optimize your chances of success, it’s Charles Coaxum. Today’s tip is all about getting Security and IT teams prioritized around risk. No muss, no fuss. Best practices like these help you make it happen, together.

Tip #10

Make patching as automated as possible. Lower risk and ease remediation by regularly pushing patches from an automated solution.

Why make this harder than it needs to be? Our final #Kenna10for10 tip from Michael Roytman doesn’t mess around. Automation is key, especially when it comes to patching. Not everything can be automated or even patched, but as long as the Security team’s work is the exception and not the rule, there’s enough capacity to target the riskiest vulnerabilities. 

Got specific questions or needs when it comes to vulnerability management? Our experts are always here to help. Contact us today.

Share with Your Network

Pick a CVE, and we’ll show you its true risk

Send us any CVE that you want to learn more about, and we’ll set up a quick demo to show you the power and breadth of Kenna’s vulnerability intelligence.

Request a Demo

Read the Latest Content


Responsible Exposure and What It Means for the Industry

There’s a debate that crops up continously in security circles over the role of security researchers that hunt for vulnerabilities.  On the one hand, this group of professionals perform a vital service. They find vulnerabilities in systems before bad guys do.  To prove that a vulnerability exists and is exploitable, the researchers may develop exploit…


The NSA ❤️ Risk-Based Vulnerability Management

Growing up I loved the Spy vs. Spy comic in MAD Magazine where one spy always tried to get an advantage over the other. One tactic neither spy used, though, was publishing a list of the attacks the other spy was likely to try, which is why I was both bemused and amused when the…


5 CX Tips for Achieving a Self-Service Environment

Among cybersecurity solution providers, the notion of a self-service environment has long been a kind of Holy Grail, shimmering gloriously in the distance but too often proving elusive. One reason is that medium to large enterprises, with their vast scale and unique requirements, expect and deserve more hands-on, bespoke attention. Another is that achieving a…


© 2021 Kenna Security. All Rights Reserved. Privacy Policy.