Kenna Security CEO Karim Toubba discusses SOAPA with ESG Research

Feb 7, 2018
Sam Osborn

Share with Your Network

Our CEO Karim Toubba recently sat down with Jon Oltsik, the senior principal analyst at ESG Global to discuss Security Operations and Analytics Platform Architecture. SOAPA is becoming increasingly popular with enterprise organizations, and Karim and Jon an interesting discussion about its application to vulnerability management. In part one of this two-part interview series, Karim and Jon discussed:

The problem with vulnerability management.

“Vulnerability management has been around for nearly 20 years. But while the practice of scanning for vulnerabilities is mature, what’s immature is how people deal with that data. How they process millions of vulnerabilities, how they look at them through the lens of risk, and how they take action to remediate those risks.” – Karim Toubba, CEO, Kenna Security

How organizations have dealt with this situation in the past.

“Vulnerability management has always been centered around individual tools for vulnerability scanning, penetration testing, static/dynamic application testing, etc. Sophisticated security shops built infrastructure, wrote software, and placed all this data in a database while resource-constrained firms tried to manage this process using spreadsheets. Regardless of the method, however, growing data volumes are simply overwhelming organizations, resulting in a situation where it is extremely difficult to understand vulnerabilities, prioritize remediation actions, and mitigate risk. SOAPA (and Kenna Security) can help here.”  – Jon Oltsik, Senior Principal Analyst, ESG

How Kenna Security aligns with the SOAPA model.

“The whole point of SOAPA is to collect, process, analyze, and act upon security data in a more efficient and effective manner, that bolsters productivity and improves security. Kenna facilitates this by giving the entire organization a more focused perspective so decision makers can prioritize those vulnerabilities that need immediate attention. This allows security and IT operations to align to mitigate, manage, and track risk at a more granular level than they can today.”  – Karim Toubba, CEO, Kenna Security

Bridging the gap between security and IT operations.

“Karim reminds us that security operations is a team effort between security and IT operations – security professionals find problems while IT operations staffers remediate the problems. Unfortunately, collaboration is often strained because each group has different priorities, tools, and objectives. By prioritizing vulnerabilities and calculating risk, Kenna applies a SOAPA model to help streamline vulnerability management/remediation processes, improve teamwork, and most importantly, mitigate cyber-risks.”  – Jon Oltsik, ESG Senior Principal Analyst

Kenna Security operates on on the premise that cyber risk must be managed as an enterprise-wide effort transcending divisions, roles, and tools. Our platform aligns with the SOAPA model by helping security organizations that are already spread too thin move beyond inefficient spreadsheets by automating the analysis, correlation, and prioritization of vulnerabilities. By doing so, our platform serves as a foundation for a centralized risk management environment to help you focus on the right vulnerabilities at the right time, while providing actionable data to help guide remediation efforts.

To learn more about how you can transform your security practice and align your organization around risk, download our whitepaper How to Implement a Risk-Based Approach to Vulnerability Management.

This interview series originally appeared on the ESG Research blog.  


Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.