Kenna & VMware Carbon Black Collaborate  
Learn More >
Contact Us
Talk to an Expert
Request a demo

15+ Threat Intel Feeds Power Modern Vulnerability Management

Oct 6, 2020
John Alexander

Share with Your Network

One question we often get from customers or prospective clients is why we use 15+ threat and exploit intelligence feeds? Seems excessive, right? Why not just 4 or 5 feeds? Or 10? Why do we use more than 15 threat and exploit intelligence feeds to power the Kenna.VM modern vulnerability management platform? 

The answer is simple: coverage breadth and depth. You need lots of feeds to cover all of the threat and vulnerability data categories. A small number of feeds leaves you with less than stellar coverage. You just can’t get good coverage (breadth) with a small number of feeds. For a visual breakdown of this idea, check out the chart below that our Security Research Team created (and which is heavily used within Kenna) that shows the different threat and vulnerability data categories. 

Threat Intelligence and Vulnerability Categories 

Threat Intelligence and Vulnerability Categories. You need lots of feeds to cover all of the threat and vulnerability data categories. A small number of feeds leaves you with less than stellar coverage. You just can’t get good coverage (breadth) with a small number of feeds. For a visual breakdown of this idea, check out the chart below that our Security Research Team created (and which is heavily used within Kenna) that shows the different threat and vulnerability data categories.

Feeds and categories defined

Let’s dive into Kenna’s definition of a threat intelligence feed: it’s the sum of all the information we collect from a single source. For example, Reversing Labs and Exodus Intelligence are both feeds. And our definition of a threat or vulnerability category is exactly what it sounds like: a “category” of threat and/or vulnerability data. Chatter and Exploit Databases are examples of categories. 

A feed can provide data on one to six threat or vulnerability categories, but more commonly a feed will only supply data for one category. So to achieve comprehensive coverage, you need multiple feeds. Without an adequate amount, you won’t have enough coverage to provide high fidelity risk prioritization throughout the CVE lifecycle.

These threat and vulnerability categories vary in their relative importance to each other in their ability to predict vulnerability risk and in their utility in predicting risk at different points in the CVE lifecycle (i.e. CVE Named, CVE Score Assigned, Exploit Released, and Exploitation in the Wild). For example, the category “chatter” is extremely important in helping to score a vuln in the early stages of the CVE lifecycle and becomes less important as other categories of threat and vulnerability data become available.

Optimizing your risk prioritization

One of the basic tenets of Kenna is that risk scores are dynamic and they can change over time.  To get the best possible risk prioritization at every stage of the CVE lifecycle you need to cover all the threat or vuln categories we have listed. Failing to do so diminishes your ability to significantly prioritize risk during part of the CVE lifecycle.

Quick exercise: let’s assume we have six feeds and we cover all of the threat vuln categories. We’re good, right? We have full coverage of all categories and are firing on all cylinders? Actually, no. In this scenario, we have breadth but are lacking in depth. To make up for this, we need to make sure each threat or vuln category is deeply covered by our feeds as well.

The potency of modern vulnerability management 

To do this, we use Kenna Security’s data science. The beauty of Kenna.VM’s machine learning models is that we know which vulns were successfully exploited, so we can measure the predictive accuracy of our scoring algorithms and contextual data. For those that are familiar with the power of Kenna Security’s modern vulnerability management platform, that accuracy is 94%.

Every single feed invited into Kenna.VM has been rigorously tested using machine learning models to see if it improves our predictive accuracy – and if it doesn’t pass muster, it won’t be added to the mix.

15+ intelligence feeds—and many more?

Hopefully now, it’s clear why we at Kenna rely on more than 15 intelligence feeds; to achieve the breadth and depth of contextual threat and vulnerability intelligence so that our predictive risk scoring algorithms are as precise and accurate as possible.  

You may still be wondering why not even more feeds? Our security research team is always looking at and evaluating new feeds. In fact, just last year we added a feed that bolstered our risk prediction capabilities in the early stages of the CVE lifecycle with a wealth of  Pre-NVD chatter information (certain types of chatter occur before a CVE is published to the NIST NVD database). And our research team consistently partners with our feed providers to improve their data (breadth and depth of category coverage) to enhance vulnerability risk scoring. 

Rest assured, we at Kenna are always on the hunt for the next feed and improved contextual information that can bring even more valuable insight to your modern vulnerability management solution. 

To see how our threat and exploit intelligence feeds works request a demo today

Share with Your Network

Put Kenna to the test! Pick a CVE, and we’ll show you its true risk.

Send us any CVE that you want to learn more about, and we’ll set up a quick demo to show you the power and breadth of Kenna’s vulnerability intelligence.

Request a Demo

Read the Latest Content

Podcast

Winning The Remediation Race with Cyentia Institute

We discuss the third report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 3: Winning the Remediation Race looks at (1) how quickly and (2) how many vulnerabilities a given organization can handle. Answering two key questions: Can organizations remediate all…

READ MORE
Vulnerability Management

Risk-based SLAs 101

Earlier this year, my colleague Lindsey Compton, introduced the concept of risk-based service-level agreements (SLAs)—a new addition to Kenna.VM, our flagship risk-based vulnerability management solution. This is a first for our industry, so we’ve been engaging with customers and prospects on this new feature, answering any and all questions that pop up as folks get…

READ MORE
Risk-Based Vulnerability Management

Analysts Agree: The Future of Vulnerability Management Will Be Risk-Based

There’s nothing quite like respected industry analysts signaling that you’re on the right track. What’s even better is when they signal the groundbreaking path you blazed in risk-based vulnerability management (RBVM) is the one they think everyone else should now follow. This, we believe, is the thrust of many recent industry analyst reports outlining the…

READ MORE
FacebookLinkedInTwitterYouTube

© 2020 Kenna Security. All Rights Reserved. Privacy Policy.