Kenna Security | “The future of vulnerability management”

May 7, 2018

Share with Your Network

One of the most significant challenges facing businesses of all sizes is that their security teams are spread too thinly — they have too much data to process, too many vulnerabilities to address, and they lack a way to prioritize their vulnerability management.

This is where Kenna Security comes in.

Jonathan Cran, Head of Research at Kenna Security, says their platform is the “future of vulnerability management” because of its ability to gather attacker data in telemetry, evaluate the risk of an organization’s vulnerabilities, and predict future exploitation. Cran said this unique platform puts vulnerability management teams “ahead of the game.”

Kenna Security CEO Karim Toubba says the need for cyber risk management platforms is growing as attackers continue to evolve. He says attackers are now often working in advanced and organized groups, sometimes even led by project managers.

“The prototypical group of people that are hacking into companies today look much more like modern software development shops than they do the ‘nefarious hacker’ of 10 to 15 years ago,” Toubba says.

This makes the need for increased visibility across infrastructure even more prevalent.

Kenna is offering that necessary visibility by collecting a colossal amount of data, gathering intelligence from that data, and using it to identify the major vulnerabilities that organizations need to prioritize.

“We apply cloud-based infrastructure with machine learning to take and process all the customer’s vulnerabilities — full stack — from network-host vulnerabilities to application vulnerabilities to pentest data,” Toubba says.

He said they “marry” that information to produce exploit intelligence, which is a window into what attackers are doing and how they are operating in the wild. Kenna Security then measures organizations’ risk and shows what items should be highly prioritized — such as “fixing a vulnerability or patching a system, fixing a result of a pentest or removing a cross-site vulnerability script that is exploitable on an application.”

Toubba, a security veteran of nearly two decades, said one of the crucial problems in cyber security is the velocity of businesses. Since organizations are in such a rush to develop new applications and technology, they largely ignore security concerns of these new developments.

“Security is most often an afterthought — that’s the fundamental problem” Toubba says.

A second paramount issue is that organizations are overwhelmed. Toubba said the average enterprise in the United States has deployed 40 to 50 security vendors. Of course, each of these individual vendors produces data and the volume, complexity, and velocity of that gathered data is all increasing. A human can’t handle all that. A whole team of humans can’t handle all that. But a state-of-the-art platform can. Kenna Security’s machine learning algorithms process all this data and refine it for human security teams to actually be able to utilize that gathered intelligence properly and effectively.

Watch the interview below as Toubba discusses Kenna Security’s unique qualities, their customer base, and plans for future developments with Pentester Academy TV (PATV).

Following Karim’s high-level discussion of Kenna Security, his colleague, Cran, went into more technical detail.

Cran said that most vulnerability management solutions will only analyze the severity data with a given vulnerability. Kenna Security, on the other hand, takes attacker data and vulnerability severity data and merges them to provide “a real picture of risk.” He also said the quantity and quality of that attacker data affects the recommended priority of the vulnerability so that vulnerability management teams can focus on the right items.

Kenna Security not only gathers vulnerability data but also ground truth data, which combined, are used to identify which vulnerabilities are being attacked and develop predictive data. Cran said they gather information from asset data, vulnerability data, attack data in the wild, and threat-feed data to develop a risk score. This risk score is used to evaluate what vulnerabilities need to be addressed most urgently.

One of the most interesting aspects of Kenna Security is their exploit-prediction capability. Cran said they gather all data from exploitation in the wild, analyze attackers’ current techniques, and evaluate the severity of vulnerabilities to pull out factors that are predictive of exploitation. They use a machine learning algorithm and data collected to build a model. That model is deployed in the wild and the information gathered from this model is used as a guide for vulnerability management teams.

See Cran’s interview below as he discusses exploitation prediction, the current threat landscape, and the value of Kenna Security’s platform to security teams of all sizes.

Cran also demonstrated the Kenna Security Platform. In the demo video below, Cran explains the function and importance of each module, such as the risk meter score and how it allows organizations to see a full picture of minor and major vulnerabilities.

We were thrilled to host CEO Karim Toubba and Head of Research Jonathan Cran of Kenna Security to discuss their cyber risk management solutions on Access Point.

Kenna Security’s Jonathan Cran (center left) and Karim Toubba (center right) with PATV’s Marli Oxenholm (left) and Daniel Reedy (right)

For more information on Kenna Security, check out their website:

For inquiries:

To watch Access Point and our other cyber security programs, visit and subscribe to our channel Pentester Academy TV.

Find us on social media:



© 2022 Kenna Security. All Rights Reserved. Privacy Policy.