Kenna Intel + Servicenow Vulnerability Response

Nov 9, 2021
Monica White
VP of Product Marketing

Share with Your Network

Every once in a while, two things come together and create something new. Abbott and Costello. Johnny and June. Fred and Ginger. The whole becomes greater than the sum of its parts.

Okay, okay—the world of vulnerability management (VM) may not be quite as glamorous as Hollywood. But that doesn’t mean we don’t know how to make some magic.

When we released Kenna.VI+ in 2020, we expected it would open the door for folks to leverage Kenna’s risk scoring and vulnerability intelligence like never before. And today, we can share an incredible validation of that expectation with a new integration between Kenna.VI+ and ServiceNow Vulnerability Response.

What we’ve got here is a power duo: Kenna’s prioritization and CVE enrichment available within a response platform from the workflow experts themselves—ServiceNow. Together, these tools enable organizations to maximize their resources, keep up with moving threat targets, and bridge the gap between Security and IT teams.

Drive prioritization with Kenna’s risk scoring

The Kenna.VI+ application for ServiceNow enables Vulnerability Response users to leverage the Kenna Risk Score as their primary prioritization strategy. Users can turn on the optional Kenna.VI+ Risk Calculator, which will enable vulnerable items (a vulnerable item constitutes an asset and a vulnerability) to be assigned Kenna Risk Scores—data points driven by Kenna’s data science (machine learning and predictive modeling) and robust threat intel. This means that Vulnerability Response users can manage vulnerabilities and drive remediation from within ServiceNow while also reaping the coverage and efficiency benefits of the Kenna model.

Figure 1. A Vulnerable Item in ServiceNow Vulnerability Response shows a Kenna Risk Score of 83.

Enrich your CVE context

The Kenna.VI+ App also puts an unprecedented wealth of CVE context in the hands of Vulnerability Response users. The Kenna.VI+ application incorporates more than 18 threat and exploit intel feeds, including custom-curated sources that aren’t leveraged by other vendors. New configurable tables in ServiceNow will give users a range of CVE enrichment, including:

  • Risk Information: Data on the specific vulnerability, such as the Kenna Risk Score, date created, trending information, and more (users can personalize the data points they want to see, pulling from a list of dozens of available options)
  • Exploits: Known exploits of the vulnerability
  • Fixes: Known fixes to resolve the vulnerability
  • Vulnerable Products: CPE identifiers for products known to be vulnerable
Figure 2. Information on a CVE as presented in the Kenna.VI+ Risk Information data table within ServiceNow Vulnerability Response.

The addition of this rick CVE context, along with Kenna’s risk scoring, will allow Security and IT teams alike to focus their limited resources on the vulnerabilities that matter the most. Ultimately, this integration itself opens the door for ServiceNow Vulnerability Response customers to maximize the ROI of their existing investment. There is no need to rip, replace, and change remediation workflows in order to get more insight into CVEs or adopt a more effective prioritization strategy.

You can see the application in action in the short demo video below

The Kenna.VI+ App for ServiceNow is available to Kenna.VI+ and Vulnerability Response customers via the ServiceNow store:


Read the Latest Content

Threat Intelligence

18+ Threat Intel Feeds Power Modern Vulnerability Management

You need lots of threat intelligence feeds to cover all of the threat and vulnerability data categories in the world. Learn about the threat intel feeds...
Data Science

Ask Us About Our Data Science

In vulnerability management, data deluge is a recurring problem. Learn what data science is and how it can help your company.
Risk-Based Vulnerability Management

What is Modern Vulnerability Management?

Modern vulnerability management is an orderly, systematic, and data-driven approach to enterprise vulnerability management.

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.