Cisco SecureX + Kenna Security: Taking Risk-Based Beyond Vulnerability Management

Nov 11, 2021
Monica White
VP of Product Marketing

Share with Your Network

Environments and networks are growing in size, complexity, and connectivity. Enterprises need more tools to anticipate and identify threats, and to remediate the vulnerabilities that present the highest risk—all in the interest of protecting the organization’s business-critical data, assets, and users. 

Scratch the surface of any network, though, and you’ll find a litany of challenges and problems, which if left unaddressed, can have serious, even catastrophic consequences. Add to this dilemma the persistent challenge of finite resources. Even top performing remediation teams can only address somewhere between 25-30% of the vulnerabilities in their environment. For the majority of security teams, that number is closer to 10%. 

Experience shows that teams often don’t know which problem to address first and how they can streamline their operations. But there’s good news on the horizon: Cisco is changing that. 

Kenna Security Co-founder and CTO Ed Bellis recently joined Cisco SVP/GM of Security Platform and Response Al Huger to explore in depth Cisco’s acquisition of Kenna Security and what it means not only for customers looking to lower risk more effectively and efficiently, but also what it means for the industry at large. 

To patch or not to patch? That really is the question

Before Cisco acquired Kenna Security, its SecureX and Secure Endpoint offerings already provided comprehensive and robust threat management capabilities—all they lacked were data-driven vulnerability prioritization and predictive analytics. With a risk-based vulnerability management (RBVM) solution clearly in their sights, Cisco began an exhaustive effort to find the right technology to add to their security portfolio. 

According to Huger, one thing that initially caught Cisco’s eye was the trust Kenna Security customers had in the RBVM pioneer. They relied on Kenna Security to identify the risks that were absolutely critical to their customers, and to use comprehensive intel and analysis to also identify which vulnerabilities weren’t a priority. “What stood out to me most wasn’t the fact that Kenna could identify which vulns need to be patched,” recalls Huger. “It was that customers trust them enough to not patch other things in priority. It’s like a constant trust fall.”

And this trust hinges on the data. “It’s just as much about being able to deprioritize as it is to prioritize, and being able to trust that data more than anything else,” says Bellis. 

Detect and response ripe for risk-based

With an abundance of data and security technology housed inside Cisco’s SecureX suite, Cisco and Kenna Security are able to explore applying a risk-based ethos to areas of security beyond vulnerability prioritization and prediction. This is something Bellis says Kenna wasn’t able to do before teaming up with Cisco: “We’re squarely on the predict and prevent side of the house but there’s a whole detect and response side which is ripe for risk-based.” 

The two executives say customers will begin to see this concept play out across various aspects of their current security operation, including orchestration, automation, and configuring controls. Applying a risk-based approach to these additional areas of security will help teams save even more time, money, and effort while simultaneously lowering risk. 

And Huger points out how a core principle of Cisco’s security technology is to help bolster customer confidence that what they’re doing now is the most important thing. “All our products are in the service of trying to find issues so you don’t end up in a breach. You need to be able to know where to focus your resources.”

Not only will a risk-based approach help simplify and democratize security operations, he adds, but it will empower teams to measure risk more holistically across their IT environment. “Viewing things through risk clears the chaos and the fog of war we deal with everyday,” Huger notes.

Unlocking a new level of simplicity and fidelity

Huger says Cisco recognizes today’s companies need more accessible and streamlined security to outmaneuver and outsmart the surge of threats in the wild. Acquiring Kenna Security, along with its acclaimed data science, predictive analytics, enhanced intelligence, and risk-based prioritization, unlocks a new level of fidelity and risk management for the industry as a whole. 

The future of security, says Bellis, is uncharted territory. “It’s one thing to say we’re starting to see exploits in the wild; It’s another thing to say we’re starting to see exploit attempts on your assets and your network. That’s really something we couldn’t do before.” 

Ultimately, effective cybersecurity is about staying ahead of the next threat more effectively and efficiently. “Our customers are buying time in between when their infrastructure is perfect and when it’s breached,” explains Huger. “It’s our job to help them make that as hard as possible for the adversaries.”

See the future of security operations management in action

Hear more from Huger and Bellis as they talk through how the Kenna Security acquisition will help security and IT teams lower risk in as few moves as possible. You can also catch a glimpse of what Kenna’s risk-based technology will look like inside Cisco’s SecureX. 

Watch Cisco SecureX + Kenna Security: Bringing Simplicity to You now.  

Read the Latest Content

Threat Intelligence

18+ Threat Intel Feeds Power Modern Vulnerability Management

You need lots of threat intelligence feeds to cover all of the threat and vulnerability data categories in the world. Learn about the threat intel feeds...
Data Science

Ask Us About Our Data Science

In vulnerability management, data deluge is a recurring problem. Learn what data science is and how it can help your company.
Risk-Based Vulnerability Management

What is Modern Vulnerability Management?

Modern vulnerability management is an orderly, systematic, and data-driven approach to enterprise vulnerability management.

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.