Build your risk-based vulnerability program
Contact Us
Talk to an Expert
Request a demo

Industry Benchmarks: You Can Get With This, Or You Can Get With That

Jan 3, 2019
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

In my previous role as a CISO, I probably received two questions far more than any others. The first, “Are we secure?” was a terrible and loaded question that required you to know your audience well before answering. As security professionals, we know “secure” isn’t binary and as such isn’t a yes or no question. We at Kenna have worked very hard to change that conversation from a simple binary “yes” or “no” to a discussion of risk.

The second question I would always get was “how do we compare to our peers?”. In this case, our peers were other online travel agencies. To be honest, this question at the time was tougher to answer. While my teammates in the Fraud group readily shared information with peers and competitors to prevent fraud across the industry, security was still a secretive industry where information sharing was considered a weakness. Fortunately we have started to come to our senses and we are starting to see more information sharing, both formal and informal, within security and we at Kenna Security have been working on helping you answer this very question.

With our recent launch of Peer Benchmarking, Kenna Security allows you to compare your security risk over time against similar organizations within your industry. This allows organizations to understand where their overall risk stands at any given point in time versus their peers…

…and because many companies actually compete in multiple verticals, you can even compare and contrast yourself against additional industries quickly and easily.

But this is only the beginning. As Kenna Security customers know, we measure a number of metrics around vulnerability and application risk, as well as remediation rates and statistics. Many of these are ripe for benchmarking and we will continue to roll out new benchmarking breakdowns. Our plan is to not only continue to give you more visibility but, like my friends in anti-fraud did years ago, also uplevel security risk management across our customers by having them continue to raise the bar.

With this new capability, Kenna is happy to have addressed these two nagging questions. The first by moving the discussion from the binary “Are we secure?” to one of risk, and the other by delivering real-time capabilities for our customers to compare and contrast against their peers. If you’re a customer, we’d love to hear your feedback, and if you’re not… why not sign up and give it a spin?

Share with Your Network

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities: through the lens of common asset platforms. Download the research report to learn more about the key findings: Common asset platforms and their typical risk profiles…


5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is just as critical to IT as it is to Security and DevOps.  And it’s worth getting right: Vulnerabilities can leave your most strategic assets—and your business itself—exposed to cyber threats…




Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You can learn more about the Exploit Prediction Scoring System and use the interactive calculator here: https://www.kennaresearch.com/tools/e…


© 2021 Kenna Security. All Rights Reserved. Privacy Policy.