10 Years of Kenna Security. 10 Days of Tips from Our Experts

Dec 9, 2020
Kenna Security

Share with Your Network

This month, Kenna Security turns 10. It’s a big milestone, to be sure, and it’s one we’re proud of. And as the company that pioneered risk-based vulnerability management (RBVM) and is now leading the push for modern vulnerability management, we’ve amassed a good bit of expertise and best practices that Security and IT organizations can use to reduce cyber risk.

So in the spirit of giving (‘tis the season, after all), we’re marking our first 10 years of innovation by sharing 10 days of vulnerability management tips from our experts. Each day through Dec. 10, you can return for a new tip and meet our team of tipsters.

We call it #Kenna10for10.

Tip #1

Ed Bellis

Want to drive down risk? Assign discrete remediation teams based on asset classes or functions, and have them compete to reduce their risk scores.

This tip comes from Kenna co-founder and CTO Ed Bellis. As the recognized father (godfather? princeling?) of RBVM and the former CISO of online travel giant Orbtiz, Ed knows firsthand what it means to face the prospect of remediating thousands of so-called “priority” vulns without a clear sense of which 2% to 4% actually pose a risk to your organization. In fact, that’s why Ed joined forces with Jeff Heuer to found Kenna 10 years ago. Follow him at @ebellis.


Tip #2

Jerry Gamblin

Remove patching objections by building out a well-documented and defined testing process to allay fears of unintended consequences.

This useful insight comes courtesy of Jerry Gamblin. As the principal security engineer for Kenna Security, Jerry directs highly technical security projects and knows what works and what doesn’t. People use words like “high caliber” and “visionary” to describe Jerry, so you may want to follow him at @jgamblin.

Tip #3

Linda Brown

Shut down entire classes of vulnerabilities at once by disabling underlying enablers like macros. Explicitly disallow them by pushing a policy via your Active Directory.

Linda Brown, author of today’s tip, knows all about efficiently knockin’ down vulns. After spending years working directly with Kenna customers as a top-performing member of our customer success team, Linda now heads up technical product management at Kenna. Linda’s a problem solver and a people helper, and her track record with our customers proves that she’s remarkably effective at both. Follow her at @LindaMarieBrown.

Tip #4

Charles Coaxum

Stay focused on what matters by nailing the fundamentals: identify, assess and prioritize your vulnerabilities.

Today’s tip comes from Charles Coaxum, our vice president of customer experience (CX) and resident CX thought leader. Charles and his team implement the best practices that define the state of the art in RBVM. If you follow him at @crcoaxum, you’ll no doubt learn some of what he’s picked up in his 14+ years in project management and customer success leadership at Oracle, AT&T, Centrify, Demandbase, and others.

Tip #5

M Roytman

Assign fast SLAs to your riskiest vulnerabilities. Just 2% of vulnerabilities are successfully exploited, so remediate those highest-risk vulns within days. You can take more time with the rest.

Our fifth tip in our #Kenna10for10 series comes from Michael Roytman, chief data scientist at Kenna. Michael is co-founder of the Dharma Platform, is a sought-after speaker, and is a Forbes 30 under 30 list alum. And if all that wasn’t enough to make the rest of us feel like worthless Netflix bingers, he also founded a thriving coffee roastery and cafe in Chicago. Follow him at @mroytman.

Tip #6

Ed Bellis

Making a case for tech refresh? Half of vulnerabilities affecting old, unsupported Windows platforms remain open well beyond two years.

Another tip from Ed Bellis, whose guiding hand helps us publish our popular Prioritization to Prediction research series in conjunction with Cyentia Institute. This helpful tip stems from that research.


Tip #7

Jerry Gamblin

Routinely monitor and audit your security scanners to ensure they scan and authenticate all assets fully and correctly. 

Jerry Gamblin returns with a tip that is likely to spare you some unpleasant and costly surprises.


Tip #8

Linda Brown

Ensure asset management is solid and accurate. That way you can know which assets represent the biggest risk if compromised–and you can ID the right teams to remediate them.

This tip from Linda Brown is a nice companion piece to Tip #7. Knowing as much as you can about the assets you and your teams are responsible for is key to your success.


Tip #9

Charles Coaxum

Results follow accessibility: By ensuring IT can directly access prioritized risk information, you’ll reduce turf wars and cut remediation time.

If anybody knows how to optimize your chances of success, it’s Charles Coaxum. Today’s tip is all about getting Security and IT teams prioritized around risk. No muss, no fuss. Best practices like these help you make it happen, together.


Tip #10

M Roytman

Make patching as automated as possible. Lower risk and ease remediation by regularly pushing patches from an automated solution.

Why make this harder than it needs to be? Our final #Kenna10for10 tip from Michael Roytman doesn’t mess around. Automation is key, especially when it comes to patching. Not everything can be automated or even patched, but as long as the Security team’s work is the exception and not the rule, there’s enough capacity to target the riskiest vulnerabilities. 

Got specific questions or needs when it comes to vulnerability management? Our experts are always here to help. Contact us today.

Pick a CVE, and we’ll show you its true risk

Send us any CVE that you want to learn more about, and we’ll set up a quick demo to show you the power and breadth of Kenna’s vulnerability intelligence.

Request a Demo

Read the Latest Content


Responsible Exposure and What It Means for the Industry

To prove that a vulnerability exists and is exploitable, researchers may develop exploit code, every once in a while that code becomes public.

The NSA ❤️ Risk-Based Vulnerability Management

The NSA has published an in-depth list of vulnerabilities that Chinese state hackers are using and spent a few hours digging through them.

5 CX Tips for Achieving a Self-Service Environment

Achieving a self-service environment for security solutions isn’t easy. Here are 5 ways CX Teams can help customers achieve it.

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.