Share with Your Network
Our CEO Karim Toubba recently sat down with Jon Oltsik, the senior principal analyst at ESG Global to discuss Security Operations and Analytics Platform Architecture. SOAPA is becoming increasingly popular with enterprise organizations, and Karim and Jon an interesting discussion about its application to vulnerability management. In part one of this two-part interview series, Karim and Jon discussed:
The problem with vulnerability management.
“Vulnerability management has been around for nearly 20 years. But while the practice of scanning for vulnerabilities is mature, what’s immature is how people deal with that data. How they process millions of vulnerabilities, how they look at them through the lens of risk, and how they take action to remediate those risks.” – Karim Toubba, CEO, Kenna Security
How organizations have dealt with this situation in the past.
“Vulnerability management has always been centered around individual tools for vulnerability scanning, penetration testing, static/dynamic application testing, etc. Sophisticated security shops built infrastructure, wrote software, and placed all this data in a database while resource-constrained firms tried to manage this process using spreadsheets. Regardless of the method, however, growing data volumes are simply overwhelming organizations, resulting in a situation where it is extremely difficult to understand vulnerabilities, prioritize remediation actions, and mitigate risk. SOAPA (and Kenna Security) can help here.” – Jon Oltsik, Senior Principal Analyst, ESG
How Kenna Security aligns with the SOAPA model.
“The whole point of SOAPA is to collect, process, analyze, and act upon security data in a more efficient and effective manner, that bolsters productivity and improves security. Kenna facilitates this by giving the entire organization a more focused perspective so decision makers can prioritize those vulnerabilities that need immediate attention. This allows security and IT operations to align to mitigate, manage, and track risk at a more granular level than they can today.” – Karim Toubba, CEO, Kenna Security
Bridging the gap between security and IT operations.
“Karim reminds us that security operations is a team effort between security and IT operations – security professionals find problems while IT operations staffers remediate the problems. Unfortunately, collaboration is often strained because each group has different priorities, tools, and objectives. By prioritizing vulnerabilities and calculating risk, Kenna applies a SOAPA model to help streamline vulnerability management/remediation processes, improve teamwork, and most importantly, mitigate cyber-risks.” – Jon Oltsik, ESG Senior Principal Analyst
Kenna Security operates on on the premise that cyber risk must be managed as an enterprise-wide effort transcending divisions, roles, and tools. Our platform aligns with the SOAPA model by helping security organizations that are already spread too thin move beyond inefficient spreadsheets by automating the analysis, correlation, and prioritization of vulnerabilities. By doing so, our platform serves as a foundation for a centralized risk management environment to help you focus on the right vulnerabilities at the right time, while providing actionable data to help guide remediation efforts.
To learn more about how you can transform your security practice and align your organization around risk, download our whitepaper How to Implement a Risk-Based Approach to Vulnerability Management.
This interview series originally appeared on the ESG Research blog.
