Kenna Security Announces Industry’s First Vulnerability Exploit Prediction Capability

Kenna Exploit Prediction gives security and IT teams the foresight to close high-risk vulnerabilities before cyber attackers can exploit them

yotam - January 31, 2018

Kenna Security, a leader in predictive cyber risk, announced today that it has developed new Exploit Prediction capabilities to accurately forecast which vulnerabilities will become weaponized to alert organizations to take remediation before those exploits become a threat.

Kenna’s new Exploit Prediction includes instant visibility into the effect of future exploits on a business’ systems, a type of intelligence that has traditionally been difficult to predict and prioritize. This enables organizations to understand the risk of a vulnerability the day it is announced to the public.

“For our customers, this simple, easy access into powerful forecasts—completely pertinent to their own environments, based on their own assets and vulnerabilities—ensures they have a ‘head start’ in terms of knowing what potential exploits may affect their organization,” said Ed Bellis, CTO and co-founder of Kenna Security. “For the first time, we can extend cyber risk to a predictive model.”

Leveraging Kenna Cyber Risk Context Technologies™, driven by machine learning in the cloud, Kenna Exploit Prediction has delivered 94 percent predictive accuracy to date. Kenna Exploit Prediction is part of the Kenna Security Platform and will be available in Q1 2018 to all Kenna Security customers.

“Kenna’s Exploit Prediction capability is a significant game changer for vulnerability management. In a time when vulnerabilities and subsequent exploits are disclosed at a volume and velocity that is difficult for even for the most conscientious organizations to stay on top of, Exploit Prediction allows security practitioners the ability to further contextualize, prioritize and remediate vulnerabilities, based on risk,” said Don Morash, Practice Lead, Vulnerability Management Managed Services at GuidePoint Security.

“In the past, we used analog tuning to define which systems were considered mission-critical, but this didn’t provide a level of useful granularity,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group (ESG). “Fast forward to 2018, and risk-based intelligent vulnerability management platforms, including Kenna, can now consume terabytes of configuration data, asset data, vulnerability data, and threat intelligence to create  a fine-grained analysis of which systems really need immediate patching against current threats.  Now these systems are moving beyond real-time assessments by forecasting weaponization and risk well before an attack is possible.  This proactive approach can provide insight and help organizations anticipate attacker behavior.”

With Kenna Exploit Prediction, firms are able to:

Accurately and automatically analyze vulnerabilities in real-time to reduce costs and improve efficiencies

  • Immediately evaluates new vulnerabilities to predict whether cyber attackers will weaponize them
  • Calculates and assigns a Kenna risk score for prioritization against all risks in the customer’s environment
  • Prioritizes high-risk vulnerabilities, enabling teams to allocate resources with confidence

Extend Proactive Cyber Risk to Predictive Cyber Risk

  • Complements Kenna’s existing proactive vulnerability and risk management capabilities with exploit prediction
  • Predicts future exploits with high accuracy, enabling security teams to stay a step ahead of cyber attackers
  • Empowers security teams to remediate high-risk vulnerabilities long before they become a threat
  • Focuses teams on the riskiest vulnerabilities using established IT workflows

Enable Security Teams to Maintain Control

  • Helps security teams counter the chaos that can accompany “headline” vulnerabilities with data and analysis, saving valuable time and resources
  • Replaces fear, uncertainty, and doubt with reliable forecasts, trusted metrics, and reporting
  • Quickly and accurately reports on findings, increasing team confidence, credibility, and authority

According to Gartner, “Operational Infrastructure Security Spending is focused on protecting the network, hosts and data and ensuring secure access to systems for authorized users. However, most enterprises recognize that they cannot “keep the bad guys out” by automated preventative measures alone. A mature set of information security measures combines effective “detect” and “respond / mitigate” tools with “prevent” services, and also proactive “predict” services to intercept potential cyber-attacks and threat actors before they even occur.”*

*Gartner, “IT Key Metrics Data 2018: Key IT Security Measures: by Industry,” Linda HallEric Stegman, Shreya Futela, Disha Gupta, 11 December 2017.

About Kenna’s Cyber Risk Context Technology
Kenna Security’s Cyber Risk Context Technology™ is the only technology that looks beyond the organizational level to identify which of the multitude of vulnerabilities are most likely to pose a threat. Kenna obtains its findings by collecting data in the wild, investigating hacker forums, exploit-kit directories, and real-time exploitations. Through advanced data science and predictive modeling, Kenna prioritizes the vulnerabilities that pose the greatest risk now — as well as in the near future.

About Kenna Security
Kenna Security is a leader in predictive cyber risk. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. Kenna leverages Cyber Risk Context Technology™ to track and predict real-world exploitations, focusing security teams on what matters most. Headquartered in San Francisco, Kenna counts among its customers many Fortune 100 companies, and serves nearly every major vertical.  For more information, visit kennasecurity.com. Follow us on FacebookTwitter, and LinkedIn.