Blog

A Wave of Change for Vulnerability Risk Management

If you’re looking for evidence that the future of vulnerability management will be risk-based, look no further than The Forrester Wave™: Vulnerability Risk Management, Q4 2019.

Forrester’s new report, which the analyst firm released today, names Kenna Security as a Strong Performer.  

In the report, we earned the evaluation’s top possible scores in Risk-Based Prioritization, Metrics and Reporting, Commercial Model and Partner Ecosystem. In other words, we received the highest scores possible in all the areas that we focus on as a provider of risk-based vulnerability management (RBVM) solutions. And that’s exciting.

In RBVM, “good enough” is never good enough

You know what else is exciting? The fact that we’re in Forrester’s Strong Performers category even though we don’t even offer some capabilities that are included in Forrester’s greater VRM assessment (such as features tied to scanning, digital footprinting, and a few others).

Here’s why we don’t focus on these things. Scanners and other commodity solutions are already mature and widely available–and thanks to our extensive partner ecosystem, they integrate easily with our platform. So rather than try to cram into our platform “good enough” capabilities that others specialize in, we focus on the much more challenging aspects of RBVM, such as prediction and prioritization. 

For this reason, we expect that in the next year or two, we’ll be reaching Forrester’s Leaders category. We say that because in this latest report, Forrester recognizes that “meaningful prioritization and metrics” are key differentiators in this space. We couldn’t agree more. The average enterprise has 40 million vulnerabilities and can only address 10% of them. So predicting which vulnerabilities are most likely to be exploited—and which pose the biggest risk to your particular enterprise—is the best way to defend your assets, your data, and your brand.

Imitation is a form of flattery

 The findings in this report tell us that the future of vulnerability management will be risk-based, and more analysts recognize that this is the case. Meanwhile, by pioneering risk-based vulnerability management, we have helped to move forward other companies that seek to follow our lead. We’re good with that, because it frankly validates the first point. 

As the market evolves and our platform evolves, we’ll become increasingly certain that RBVM is where the Leaders are headed. And we’ll be just as convinced that RBVM is no place for “good enough.”