Cisco SecureX + Kenna Security: Taking Risk-Based Beyond Vulnerability Management
Share with Your Network
Environments and networks are growing in size, complexity, and connectivity. Enterprises need more tools to anticipate and identify threats, and to remediate the vulnerabilities that present the highest risk—all in the interest of protecting the organization’s business-critical data, assets, and users.
Scratch the surface of any network, though, and you’ll find a litany of challenges and problems, which if left unaddressed, can have serious, even catastrophic consequences. Add to this dilemma the persistent challenge of finite resources. Even top performing remediation teams can only address somewhere between 25-30% of the vulnerabilities in their environment. For the majority of security teams, that number is closer to 10%.
Experience shows that teams often don’t know which problem to address first and how they can streamline their operations. But there’s good news on the horizon: Cisco is changing that.
Kenna Security Co-founder and CTO Ed Bellis recently joined Cisco SVP/GM of Security Platform and Response Al Huger to explore in depth Cisco’s acquisition of Kenna Security and what it means not only for customers looking to lower risk more effectively and efficiently, but also what it means for the industry at large.
To patch or not to patch? That really is the question
Before Cisco acquired Kenna Security, its SecureX and Secure Endpoint offerings already provided comprehensive and robust threat management capabilities—all they lacked were data-driven vulnerability prioritization and predictive analytics. With a risk-based vulnerability management (RBVM) solution clearly in their sights, Cisco began an exhaustive effort to find the right technology to add to their security portfolio.
According to Huger, one thing that initially caught Cisco’s eye was the trust Kenna Security customers had in the RBVM pioneer. They relied on Kenna Security to identify the risks that were absolutely critical to their customers, and to use comprehensive intel and analysis to also identify which vulnerabilities weren’t a priority. “What stood out to me most wasn’t the fact that Kenna could identify which vulns need to be patched,” recalls Huger. “It was that customers trust them enough to not patch other things in priority. It’s like a constant trust fall.”
And this trust hinges on the data. “It’s just as much about being able to deprioritize as it is to prioritize, and being able to trust that data more than anything else,” says Bellis.
Detect and response ripe for risk-based
With an abundance of data and security technology housed inside Cisco’s SecureX suite, Cisco and Kenna Security are able to explore applying a risk-based ethos to areas of security beyond vulnerability prioritization and prediction. This is something Bellis says Kenna wasn’t able to do before teaming up with Cisco: “We’re squarely on the predict and prevent side of the house but there’s a whole detect and response side which is ripe for risk-based.”
The two executives say customers will begin to see this concept play out across various aspects of their current security operation, including orchestration, automation, and configuring controls. Applying a risk-based approach to these additional areas of security will help teams save even more time, money, and effort while simultaneously lowering risk.
And Huger points out how a core principle of Cisco’s security technology is to help bolster customer confidence that what they’re doing now is the most important thing. “All our products are in the service of trying to find issues so you don’t end up in a breach. You need to be able to know where to focus your resources.”
Not only will a risk-based approach help simplify and democratize security operations, he adds, but it will empower teams to measure risk more holistically across their IT environment. “Viewing things through risk clears the chaos and the fog of war we deal with everyday,” Huger notes.
Unlocking a new level of simplicity and fidelity
Huger says Cisco recognizes today’s companies need more accessible and streamlined security to outmaneuver and outsmart the surge of threats in the wild. Acquiring Kenna Security, along with its acclaimed data science, predictive analytics, enhanced intelligence, and risk-based prioritization, unlocks a new level of fidelity and risk management for the industry as a whole.
The future of security, says Bellis, is uncharted territory. “It’s one thing to say we’re starting to see exploits in the wild; It’s another thing to say we’re starting to see exploit attempts on your assets and your network. That’s really something we couldn’t do before.”
Ultimately, effective cybersecurity is about staying ahead of the next threat more effectively and efficiently. “Our customers are buying time in between when their infrastructure is perfect and when it’s breached,” explains Huger. “It’s our job to help them make that as hard as possible for the adversaries.”
See the future of security operations management in action
Hear more from Huger and Bellis as they talk through how the Kenna Security acquisition will help security and IT teams lower risk in as few moves as possible. You can also catch a glimpse of what Kenna’s risk-based technology will look like inside Cisco’s SecureX.