Power Couple: Kenna’s Vulnerability Intel + ServiceNow Vulnerability Response
Share with Your Network
Every once in a while, two things come together and create something new. Abbott and Costello. Johnny and June. Fred and Ginger. The whole becomes greater than the sum of its parts.
Okay, okay—the world of vulnerability management (VM) may not be quite as glamorous as Hollywood. But that doesn’t mean we don’t know how to make some magic.
When we released Kenna.VI+ in 2020, we expected it would open the door for folks to leverage Kenna’s risk scoring and vulnerability intelligence like never before. And today, we can share an incredible validation of that expectation with a new integration between Kenna.VI+ and ServiceNow Vulnerability Response.
What we’ve got here is a power duo: Kenna’s prioritization and CVE enrichment available within a response platform from the workflow experts themselves—ServiceNow. Together, these tools enable organizations to maximize their resources, keep up with moving threat targets, and bridge the gap between Security and IT teams.
Drive prioritization with Kenna’s risk scoring
The Kenna.VI+ application for ServiceNow enables Vulnerability Response users to leverage the Kenna Risk Score as their primary prioritization strategy. Users can turn on the optional Kenna.VI+ Risk Calculator, which will enable vulnerable items (a vulnerable item constitutes an asset and a vulnerability) to be assigned Kenna Risk Scores—data points driven by Kenna’s data science (machine learning and predictive modeling) and robust threat intel. This means that Vulnerability Response users can manage vulnerabilities and drive remediation from within ServiceNow while also reaping the coverage and efficiency benefits of the Kenna model.
Enrich your CVE context
The Kenna.VI+ App also puts an unprecedented wealth of CVE context in the hands of Vulnerability Response users. The Kenna.VI+ application incorporates more than 18 threat and exploit intel feeds, including custom-curated sources that aren’t leveraged by other vendors. New configurable tables in ServiceNow will give users a range of CVE enrichment, including:
- Risk Information: Data on the specific vulnerability, such as the Kenna Risk Score, date created, trending information, and more (users can personalize the data points they want to see, pulling from a list of dozens of available options)
- Exploits: Known exploits of the vulnerability
- Fixes: Known fixes to resolve the vulnerability
- Vulnerable Products: CPE identifiers for products known to be vulnerable
The addition of this rick CVE context, along with Kenna’s risk scoring, will allow Security and IT teams alike to focus their limited resources on the vulnerabilities that matter the most. Ultimately, this integration itself opens the door for ServiceNow Vulnerability Response customers to maximize the ROI of their existing investment. There is no need to rip, replace, and change remediation workflows in order to get more insight into CVEs or adopt a more effective prioritization strategy.
You can see the application in action in the short demo video below
The Kenna.VI+ App for ServiceNow is available to Kenna.VI+ and Vulnerability Response customers via the ServiceNow store: https://store.servicenow.com.