Which vulnerability to fix first? Kenna Security has the answer

Nov 1, 2017

Share with Your Network

Kenna’s vulnerability management platform is designed to prioritize the most dangerous vulnerabilities. Here’s how it works.

It’s an unintentional and inconvenient truth that as networks grow and expand, so does the potential attack surface. With more users, clients and systems, the potential beachhead for attackers to exploit can quickly grow beyond the ability for most companies to manage. In the past, CSO has reviewed defensive tools like traffic monitoring applications that can unmask the presence of an ongoing attack, or deception tools meant to trip up attackers who ferret their way past perimeter security. Vulnerability management platforms, by contrast, help to identify and fix potential attack paths before an attacker can exploit them.

Every organization of any size is going to begin collecting vulnerabilities. Everything from an unpatched server to a misconfigured firewall, and literally everything in between, could and probably does contain vulnerabilities. The trick is discovering them, evaluating which could do the most harm, and fixing them as quickly as possible. While it would be easy to just say that you are going to try and fix everything, the reality is that most organizations likely have thousands upon thousands of vulnerabilities, or potentially even more, with new ones opening and getting discovered every day. Fixing them sequentially, with no consideration as to their severity or potential impact on an organization, could leave a network critically unprotected for months or years, and squander resources working on minor problems in the meantime.

Kenna Security’s vulnerability management platform is designed to prioritize the most dangerous vulnerabilities that could potentially harm a protected network. In a nutshell, it monitors most major threat feeds, and compares that data with assets inside a protected network. That way, certain threats can be eliminated altogether. Perhaps there are no assets inside a network that a popular threat can attack, or perhaps they have all been patched and are no longer vulnerable to it. Threats are also prioritized based on their potential impact. A client system with a vulnerability at a receptionist’s desk may not be as critical as a database or mail server with the same problem, for example.

kenna homepage — The Kenna Security vulnerability management platform collects threat data from many sources and compares it with actual network assets, showing at a glance which vulnerabilities need to be immediately fixed, which can wait, and which may be under imminent threat.

On the flipside, Kenna can also elevate threats based on current events occurring outside of a network which could potentially harm internal clients. For example, systems that are vulnerable to a specific strain of ransomware would be elevated by Kenna if an active campaign featuring that ransomware is launched somewhere in the world.

The Kenna platform is deployed in a software as a service (SaaS) model, where users pay a yearly subscription fee to log into the secure site that collects their specific vulnerability data. The data collected by Kenna is used to improve security across the platform, so the more organizations that purchase it, the more threats it will likely encounter. Currently, Kenna tracks over two billion vulnerabilities worldwide, and the number grows daily.

How the Kenna platform works

The first part of the Kenna platform are ten live threat intelligence feeds, including one created by the company that monitors new vulnerabilities found by Kenna clients. That all happens with no user interaction required. But the second part, which ties those vulnerabilities to real assets within a protected network is what makes the platform so useful.