Eliminate the Friction Between IT and Security

Apr 28, 2022
Kenna Security

Share with Your Network

Every business in the world wants passionate people on their team. People who care. People who want to get the job done.

But what happens when passionate people are faced with an insurmountable task?

Friction, conflict, and frustration

When it comes to vulnerability management, there are two teams trying to tackle what seems like an insurmountable problem without the tools to do it right. On one side are the Security teams, operating under a legacy approach with no real way to identify the risks that matter most. On the other, there are IT teams whose job is to install patches for an overwhelming number of vulnerabilities, and who remain skeptical about the necessity of the number of patches required.

Making things worse, these teams’ goals are typically diametrically opposed–security nirvana is a 100 percent patch rate of vulnerabilities in their infrastructures; while IT Valhalla is 100 percent uptime, impossible to achieve while patching vulnerabilities. 

There’s constant friction and in-fighting because each side is passionate about what they do.

If nothing changes, the situation will only get worse. Companies are expanding their IT infrastructure, developing more applications at a faster pace, and putting them on more devices, vastly expanding the attack surface.

Advanced intelligence, data science, and automation drives teamwork

Without data science and automation, IT can get sucked into an endless morass of patching that limits their ability to focus on high-value projects that enhance the business. And without data, Security teams struggle to explain how their recommendations translate into a measurable risk reduction.

Real change starts with a simple fact. Just 4 percent of vulnerabilities pose a real risk to an organization. Kenna Security leverages a decade worth of real-world vulnerability management and exploit data to identify them.

Enabling seamless coordination between the Security teams and IT professionals allows both groups to focus their efforts on the riskiest vulnerabilities and avoid opinion-driven arguments by relying on undisputed evidence. Used this way, the Kenna Security Platform reduces the number of patches by up to 90 percent and eliminates all of the wasted time companies spend arguing about what to do. No more weekly patch debate. No more us vs. them with the existence of efficient risk-based vulnerability management.

For IT professionals tasked with installing patches, the ability to prioritize vulnerabilities enables a higher level of planning. IT leaders will have a greater understanding of how much time they’ll allot to vulnerability management. And the executive team overseeing these functions can get trusted reports grounded in actionable data.

Taking a data-driven approach to risk

Here’s a recent example. One of our clients, a major airline, had an IT team that was passionate about using technology to enhance the customer experience. But they frequently ran into roadblocks from their Security team, which had a strict focus on compliance.

The company developed a plan to align its cybersecurity approach to company goals. They turned to Kenna to help their internal security team take a data-driven approach to risk. In using the platform, the Security team engaged with developers and IT teams as projects were ongoing, advising them on the use of the best and most secure technologies. This forged a valuable partnership, leading to an overall halving of the company’s vulnerability risk while still meeting compliance goals AND enabling company strategy.

When the friction between IT and Security is reduced or eliminated, it turns passionate people into partners, allowing them to work toward common goals, not against each other.


Download this infographic to bring seamless coordination between your Security and IT teams today. 


Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.