Blog

Why SC Media Named Kenna.VM its ‘Best Buy’ for Vulnerability Management

You know what’s nice? When someone else says something positive about you.

You know what’s even nicer? When the people saying those things are some of the most knowledgeable cybersecurity experts in the industry.  

SC Media recently reviewed our core product, Kenna.VM, and gave it a (much appreciated) five out of five stars. Their conclusion?

“Overall, Kenna Security Kenna.VM offers undisputed, evidence-based, real-time threat intelligence and risk scoring focusing on active exploits.”

But what does it mean to provide undisputed, evidence-based, real-time threat intelligence and risk scoring? 

Let’s break it down. 

The word ‘undisputed’ here refers to the conflict between IT and security teams when it comes to patching. Security teams want as much patching as possible to reduce risk. IT teams, on the other hand, have broader portfolios. They want to make sure everything they do counts, because on average, enterprises only have capacity to patch about one in 10 vulnerabilities. There are times when everyone agrees that a vulnerability needs to be patched. Conflicts arise when these two teams disagree on what actually needs to be patched and when. 

What these teams need to solve their disputes is evidence. Kenna.VM leverages more than a decade worth of real-world exploit data to assess the risk of vulnerabilities and to help teams prioritize them. The vulnerabilities are scored according to their risk, and fine-tuned according to your environment

Finally, our database reflects the real-time risk of vulnerabilities that could impact your infrastructure. Our research shows that just 5 percent of published vulnerabilities are ever exploited in the wild. Our data science team tracks the factors that make vulnerabilities exploitable. This enables us to predict the risk associated with vulnerabilities, empowering teams to prioritize and patch the security gaps that pose the most danger. 

Risk-Based Service Level Agreement

And we are continuing to innovate. Just last month, we introduced two new features to advance the practice of modern vulnerability management. Kenna.VM now includes the industry’s first Risk-Based Service Level Agreement (SLA) capability. Evidence-based SLAs allow enterprises to benchmark their vulnerability management programs through data-driven comparisons with peers and risk-based assessments of attacker velocity and vulnerability severity. This is a big deal for organizations that are seeking ways to objectively improve their security posture. 

We have also made our data available in a cloud-native format that enables security analysts and threat researchers to leverage Kenna’s industry-leading analytics and machine learning capabilities to investigate every CVE. With the arrival of Kenna.VI, organizations now have access to contextual data on the volume and velocity of threats from more than 20 threat intelligence feeds, including hacker forums, exploit-kit resources, and real-time exploits. 

The Weaknesses of Kenna.VM

All in all, SC Media’s review was great, but our commentary on their review wouldn’t be complete without a listing of Kenna.VM’s weaknesses. That section contained just four words: “None that we found.”

Interested in seeing what undisputed, evidence-based, real-time threat intelligence and risk scoring look like?  Book a demo today