PeakSpan Capital — Why We Partnered with Kenna Security
Share with Your Network
PeakSpan’s thrilled and humbled to have partnered with the Kenna team! Kenna’s CEO’s wrote a great blog post about the financing here. Below is detail behind our enthusiasm for IT Security as an investment theme and thesis behind Kenna:
KENNA’S “CENTRALIZED” VALUE
Our admiration for Kenna is embedded in their multiple levels of centralization:
Macrowise, the company’s positioning at the convergence of several macro trends that have been making life truly miserable for IT Security teams for years now, is helping reduce friction from these opposing trends.
Techwise, the company’s platform sits at a strategic aggregation point between security software platforms, like Qualys, Rapid7, Tenable, WhiteHat, Veracode, as well as platforms used in remediation, such as ServiceNow and Jira, streamlining overall workflow.
Peoplewise, we’ve spoken (literally) to hundreds of security software companies over the last ten years — many of them extraordinary leaders in their fields — but we’ve never seen a security software platform experience such widespread adoption and consistent usage by non-security professionals (excluding, of course, “background” apps like authentication, anti-spam, etc). We heard uniformly from Kenna’s customers:
“Professionals in business groups outside of Infosec are using Kenna to do their jobs”
Kenna’s centralized positioning at so many strategic points of fragmentation uniquely positions the company to be an important thought partner for their customers.
INFOSEC’S MACRO DILEMMA
Kenna is strategically positioned to combat opposing macro forces, obvious and well-known to CISOs and IT Security teams (if not so obvious, consider this is a shameful plug for our animation above!):
- Attack Surface Complexity
- Security Tool Overload
- Threat Growing in Intensity
- Information Overload
- Security Staff Shortage
THE INFOSEC PROBLEM
Too many attackers exploiting too many holes across the Attack Surface being protected by too many tools generating too much data. Even if we had enough IT Security professionals, the unfortunate reality we’ve heard in discussions with CISOs is that:
While InfoSec may see 100% of the problem, they own just 20% of the infrastructure where changes can be made
The result? ACROSS the enterprise, tenuous relationship between Infosec teams and their remediation brethren in other groups (e.g., Sysadmins, Developers, etc), with Infosec constantly being the bearer of bad news or carrier of the “remediation stick”. UP the enterprise, IT Security has been challenged to translate the technical complexity of Information Security at the C-Suite and Board level into conversational dialogue.
“We’ve been trying to solve the Infosec problem just with Infosec people and just Infosec tools”
THE INFOSEC SOLUTION — RISK-BASED METHODOLOGY
A different approach is clearly needed and over the last several years a movement has been underway to adopt a “Risk-Based” methodology to vulnerability management. IT Security is not the “InfoSec team’s problem”, but rather a “Business problem”. Professionals across the business don’t always understand Information Security, but they do understand Risk.
While Risk-Based information security management theoretically has been understood for several years now, until recently the theory has been well ahead of the technology needed to support it. It isn’t solved by yet another security tool, but instead by the marriage of:
People + Process + Technology
- People: Kenna BRIDGES THE GAP between InfoSec and other groups like IT Ops.
- Process: Risk-based isn’t a “set it and forget it” device or piece of software (or, ahem, shelfware). It is only successful through the marriage of software with people and workflow / methodology to drive awareness, adoption AND success across different constituent groups within an organization.
- Technology: A classic big data problem, only in the last few years have we been able to grasp the 3 Vs of volume, velocity and variety.
KENNA SECURITY — ENABLER OF CHANGE
In discussions with customers, partners and thought leaders in the security ecosystem, we heard buzzwords not commonly heard between IT Security and IT Operations, like “Collaboration”, “Awareness”, “Accountability”, and “Motivation.” It was clear to us that Kenna is enabling REAL change within their customers.
“Kenna unlocks value through coordination of People + Process + Technology”
ACROSS to other Business Groups:
- Kenna results are fed through an absolutely beautiful interface (seriously, crazy UI/UX)
- Dead-simple workflow of i) what the vulnerability is, ii) steps of how to fix, and iii) where to find patches, etc.
- Seamless delivery through ticketing connectors like ServiceNow and Jira
Ok, so Kenna closes the remediation gap, but is risk lower? Users can see the impact of their efforts through highly-refined algorithms, translated into risk scores that measure the impact of the changes to that group’s, device’s, organization’s, etc. overall risk posture.
UP to the C-Suite and Board:
- Risk Meters and reporting democratizes complex Infosec topics to digestable risk discussions
- Common format that everyone can understand, enhancing more timely and informed decision-making around important Infosec-related decisions.
- CUSTOMER SUCCESS, baby! Kenna has focused on Customer Success as a strategic imperative. Kenna LOVEs their customers, and customers are feeling it.
- THOUGHT PARTNER. Customers engage with Kenna on the journey to a Risk-Based methodology. Kenna is “productizing” the customer engagement model so that as we penetrate beyond Early Adopters, the company will be supremely-positioned to assist customers on executing this shift.
- CORRELATES massive volumes of data between i) INTERNAL fragmented security tool feeds and ii) EXTERNAL threat exploit intelligence data
- PRIORITIZES highest risks accounting for i) where infrastructure is weakest AND ii) where hackers are actually focusing efforts
- ENABLES transition from RANDOM to FOCUSED execution through highly synthesized remediation workflows
Security isn’t an InfoSec problem, it’s a Business problem, and as a result must be solved by Business Groups working together as one. Kenna is an enabler of change — and we’re excited to be their partners on this journey.