Why SC Media Named Kenna.VM its ‘Best Buy’ for Vulnerability Management

Jun 9, 2020
Jason Rolleston
Chief Product Officer

Share with Your Network

You know what’s nice? When someone else says something positive about you.

You know what’s even nicer? When the people saying those things are some of the most knowledgeable cybersecurity experts in the industry.

SC Media recently reviewed our core product, Kenna.VM, and gave it a (much appreciated) five out of five stars. Their conclusion?

“Overall, Kenna Security Kenna.VM offers undisputed, evidence-based, real-time threat intelligence and risk scoring focusing on active exploits.”

But what does it mean to provide undisputed, evidence-based, real-time threat intelligence and risk scoring? 

Let’s break it down. 

The word ‘undisputed’ here refers to the conflict between IT and security teams when it comes to patching. Security teams want as much patching as possible to reduce risk. IT teams, on the other hand, have broader portfolios. They want to make sure everything they do counts because on average, enterprises only have the capacity to patch about one in 10 vulnerabilities. There are times when everyone agrees that a vulnerability needs to be patched. Conflicts arise when these two teams disagree on what actually needs to be patched and when. 

What these teams need to solve their disputes is evidence. Kenna.VM leverages more than a decade worth of real-world exploit data to assess the risk of vulnerabilities and to help teams prioritize them. The vulnerabilities are scored according to their risk, and fine-tuned according to your environment

Finally, our database reflects the real-time risk of vulnerabilities that could impact your infrastructure. Our research shows that just 5 percent of published vulnerabilities are ever exploited in the wild. Our data science team tracks the factors that make vulnerabilities exploitable. This enables us to predict the risk associated with vulnerabilities, empowering teams to prioritize and patch the security gaps that pose the most danger. 

Risk-Based Service Level Agreement


And we are continuing to innovate. Just last month, we introduced two new features to advance the practice of modern vulnerability management. Kenna.VM now includes the industry’s first Risk-Based Service Level Agreement (SLA) capability. Evidence-based SLAs allow enterprises to benchmark their vulnerability management programs through data-driven comparisons with peers and risk-based assessments of attacker velocity and vulnerability severity. This is a big deal for organizations that are seeking ways to objectively improve their security posture. 

We have also made our data available in a cloud-native format that enables security analysts and threat researchers to leverage Kenna’s industry-leading analytics and machine learning capabilities to investigate every CVE. With the arrival of Kenna.VI, organizations now have access to contextual data on the volume and velocity of threats from more than 20 threat intelligence feeds, including hacker forums, exploit-kit resources, and real-time exploits. 

The Weaknesses of Kenna.VM


All in all, SC Media’s review was great, but our commentary on their review wouldn’t be complete without a listing of Kenna.VM’s weaknesses. That section contained just four words: “None that we found.”

Interested in seeing what undisputed, evidence-based, real-time threat intelligence and risk scoring look like?  Book a demo today

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.