Kenna Security is now part of Cisco

|Learn more

Hitting Above the Security Mendoza Line

Aug 14, 2012
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

Risk I/O can now be used to identify publicly available exploits to your existing vulnerabilities. Our development team has made it possible for Risk I/O to match attack vectors from databases of quality assured exploits, such as Metasploit and ExploitDB, to applicable vulnerabilities. This information, paired with vulnerability data from assessment tools, allows you to understand how your organization is vulnerable to attacks.


In an earlier post, I wrote about the importance of focusing on data that allows you to “hit above the Security Mendoza line,” or the threats most likely to occur based on the evidence and ease of exploit. Alex Hutton referred to the Security Mendoza Line when talking about vulnerabilities exploitable with MetaSploit modules. Josh Corman expanded on this quite a bit with HD Moore’s Law. We built this feature to weed this out of your environment and allow you to hit above the Mendoza line .

We often talk about “enough security” and Josh frames it correctly by stating this is InfoSec table stakes. By combining data from these publicly available exploits and network accessibility, you can truly identify some low hanging fruit and protect yourself from the Point, Click & Pwn of the most casual and opportunistic attackers.

For the dataheads in the audience, a quick and early glance suggests about 14% of active and open vulnerabilities have publicly available exploits through one of these tools or databases. I think there is more interesting views to be had, but clearly an indicator that we have a long way to go before we can protect ourselves from even the most casual adversaries.

If you are a current customer, you can access this new feature in the Vulnerabilities tab. Don’t have an account? Signup for our free version!

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.