Kenna Security Enables Enterprises to Proactively Address Application Risk

The Kenna Application Risk Module Measures Risk Across All Application Vulnerabilities and Enables Enterprises to Drive Prioritized Remediation

Sam Osborn - April 10, 2018

SAN FRANCISCO, Calif., April 10, 2018 –

Karim Toubba, chief executive officer, Kenna Security
“Attacks on applications pose some of the most critical threats to enterprises, yet managing application vulnerabilities today involves large, untenable lists of vulnerabilities that frustrate developers and waste precious time and resources. The Kenna Application Risk Module extends the Kenna Security Platform to enable enterprises to proactively measure, track, and reduce business risk across their entire application attack surface. CISOs can now finally understand both their network and application risk postures while security teams, DevOps, and developers can focus their resources on addressing the critical vulnerabilities that pose the greatest risks to their business.”

News Summary

Kenna Security, a leader in predictive cyber risk, today announced availability of the Kenna Application Risk Module, a new service that applies data science at scale to enable security and development teams to continuously, effectively, and proactively manage risk across their entire application portfolio. The Kenna Application Risk Module leverages the underlying Kenna Security Platform to process and normalize all application security data, including static and dynamic scanners, penetration test results, bug bounty data, and open source scanners to give enterprises a true measurement of cyber risk.

The Kenna Application Risk Module enables organizations to:

  • Proactively reduce cyber risk by providing clear metrics, real-world context, and prescriptive remediation guidance for enterprise applications.
  • Align security teams, DevOps, and developers to efficiently fix the most critical application vulnerabilities without slowing the pace of development.
  • Continuously analyze and understand the risk profile of an enterprises’ entire technology infrastructure and application portfolio at scale.

Enterprises Need to Close the Application Cybersecurity Gap

Applications are one of the broadest attack surfaces for many enterprises, serving as a direct, and highly targeted, vector for bad actors to steal valuable data. For this reason, traditional and web applications are the source of nearly 30 percent of successful attacks globally.

Organizations spend vast sums of money and resources using application scanning tools to detect vulnerabilities, penetration testing, and even third-party bug bounties in an effort to understand the weaknesses in their applications. This leads to an extraordinary amount of application vulnerability data that must be analyzed by technology teams, making it difficult for security leaders to understand their overall risk, prioritize remediation efforts, and effectively communicate application risks to executives.

According to Gartner, “Often, application security risks are not well-understood by executives and are poorly communicated by security teams. Clients continue to struggle with integrating technologies into existing workflows, prioritizing vulnerabilities for remediation and creating repeatable processes to facilitate an efficient application security program.”1

Helping Enterprises Team Up to Reduce Application Risk

Leveraging the Kenna Security Platform’s proven strategy of applying machine learning and data science to deliver effective security, the Kenna Application Risk Module enables enterprises to proactively reduce the application attack surface by prioritizing application vulnerabilities that pose the greatest threat. This technology:

  • Continuously distills application security data, including SAST, DAST, open source, and bug bounty solutions, as well as exploit intelligence, and enterprise context to calculate risk metrics for an enterprise’s entire application portfolio in addition to specific risk scores by vulnerability and application.
  • Eliminates wasting costly development resources on low risk threats and false positives, which derails teams from their core responsibility and creates unnecessary workload.
  • Forecasts future risk associated with newly disclosed vulnerabilities and applications using real-time activity across the global threat landscape.

Delivering portfolio-wide application threat analysis at scale, the Kenna Application Risk Module enables enterprises to rally security teams, DevOps, developers, and business leadership around a risk-based strategy for application vulnerability remediation. Leveraging shared risk scores helps the various teams maintain alignment and focus so enterprises can build a consistent, efficient, and effective application security program. The Kenna Security Platform:

  • Automatically directs findings and remediation guidance to cross-functional teams to help them work toward a common set of goals.
  • Easily integrates with continuous application delivery processes, including DevOps.
  • Focuses limited development and IT resources to reduce the most risk with the greatest efficiency.
  • Communicates risk scores to all application stakeholders to keep them aligned, focused, and results-oriented.

Supporting Quotes

Patrick Carey, director of product marketing, Black Duck by Synopsys
“Black Duck by Synopsys helps businesses secure and manage their open source software to eliminate the pain related to security vulnerabilities, open source license compliance, and operational risk. Our integration with the Kenna Security Platform gives businesses full visibility into and control over the open source components in their applications, while enabling them to prioritize their remediation efforts and address the most critical risks across their open source code.”

CA Veracode
“Application security programs are most successful when testing is done as part of the development process and integrated into the software development lifecycle. Veracode’s integration with Kenna’s Application Risk Module will empower DevOps teams, application security staff, and business teams to continuously, effectively, and proactively remediate their highest-risk vulnerabilities and applications.”

Moshe Lerner, senior vice president product strategy & corporate development, Checkmarx
“With organizations shifting left and release cycles increasingly accelerating, developers are increasingly being asked to take on more security responsibilities as part of the entire development life cycle. Checkmarx and Kenna together make it easier for developers to adopt a risk-based approach to application security that delivers accurate, provable results quickly and easily with no developer downtime.”

Jon Oltsik, senior principal analyst, ESG
“The volume and velocity of new threats limits a security analyst’s ability to quickly identify, prioritize, and mitigate vulnerabilities. ESG Lab has verified that utilizing Kenna Security’s Top Fix Groups can automatically identify which actions will provide the greatest risk reduction with the least effort. This can help organizations prioritize threat mitigation activities, maximize return on investment, and enable security teams and now developers and DevOps to make the best use of their limited resources.”

1Gartner, Inc., Hype Cycle for Application Security, 2017, Ayal Tirosh, July 28, 2017.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Additional Resources

About Kenna Security

Kenna Security is a leader in predictive cyber risk. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. Kenna leverages Cyber Risk Context Technology™ to track and predict real-world exploitations, focusing security teams on what matters most. Headquartered in San Francisco, Kenna counts among its customers many Fortune 100 companies, and serves nearly every major vertical.