Build your risk-based vulnerability program
Contact Us
Talk to an Expert
Request a demo

Research Reports

Cutting-edge research on vulnerability management.

P2P Volume 5: In Search of Assets at Risk

The fifth volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities: through the lens of common asset platforms.
Download Now
Company News

Harnessing the 3 P’s of Customer Experience

SaaS is here to stay. Its success, helped along with the cost, deployment, and scalability advantages inherent in subscription models, and cemented further by soaring cloud solutions adoption throughout the global COVID-19 pandemic. In this reality, software sales are no longer one-and-done transactions, and solid vendor-client relationships are paramount to both the vendor and customer’s…

Trending Vulns

Q1 2021 CVE Review

Since this week marks the start of the 2nd quarter, I figured it would be interesting to see where we are with the number of CVEs published this year. Since January 1st, 2021, the NVD has published: 2792 CVEs  31 Per Day The five busiest publishing dates were:  2021-01-20    201 2021-01-12    127 2021-01-13 …

Kenna API

Inactivate an Asset

When managing systems, there are situations where you want to remove an asset, which could be a server, router, or laptop. One reason to manually remove an asset can be to show risk score changes without waiting for the configurable Asset Inactivity Limit to take effect.   All assets remain marked as active unless configured otherwise. …

Vulnerability Management

What is Vulnerability Management Prioritization?

Vulnerability management prioritization is arguably the most important aspect of a modern vulnerability management program. Prioritization is vital because the average enterprise harbors millions of cyber vulnerabilities, but even the most well-resourced teams can only remediate about 10% of them.  This blog explains how vulnerability management prioritization determines the efficiency and effectiveness of Security and…


Vulnerability Disclosure and Responsible Exposure

We discuss and add some quantifiable data to a hot-button issue in the cybersecurity industry: responsible disclosure of vulnerabilities and exploits.

Risk-Based Vulnerability Management

The State of Risk-Based Vulnerability Management in 2021

Being the first at something means that you have something to prove. The proof keeps coming. At Kenna Security, we pioneered the strategy of risk-based vulnerability management (RBVM) in an effort to modernize one of cybersecurity’s foundational disciplines. And today, we’re releasing some year-to-year comparisons of our customers’ results. Good news. The data shows that…


How to Implement Risk-Based Vulnerability Management Now: A Practical Guide

Download the guide and discover why traditional ways of vulnerability management no longer work and how focusing on risk is the key to remediating the vulnerabilities that matter most.


7 Questions Every CISO Should Ask Vulnerability Management Vendors

Sifting out marketing claims from actual facts is often the most difficult part of evaluating vulnerability management (VM) solutions—particularly when it comes to assessing vuln prioritization. When every vendor promises their vuln prioritization is “industry leading” or “most advanced,” how can you possibly stack up Brand X against Brand Y? In this powerful introduction to…

Data Science

Ask Us About Our Data Science

What’s in a buzzword, like data science? A lot of resentment, for sure, but also a chance to explain.  A buzzword is a word or phrase, new or already existing, that becomes very popular for a period of time. Buzzwords often derive from technical terms. Yet through fashionable use, the original technical meaning disappears, and…

Kenna API

Introducing Rick Ehrhart, Our New API Evangelist

Hello world! I would like to introduce myself: I’m Rick, Kenna Security’s new API Evangelist. Prior to Kenna, I held positions at Ionic Security, Tintri, and NetApp in similar roles as Developer Advocate, and Developer Evangelist. Before that, I started my career as a software developer, elbow-deep in code. If you’re really curious, check out…

Data Science

What Are the Odds? A Powerful Open Source Tool Helps Predict Exploits

In a perfect world, you’d have the time and resources to apply every single patch to every identified vulnerability before it’s exploited. But the reality is that no organization is able to achieve 100% coverage for very long, if ever.  But that’s not even the real problem. The real problem is that Security teams need…


The 4 Stages of Modern Vulnerability Management

Here’s the hard truth: Bad actors are getting very good at anticipating the limits of your ability to see—and prepare for—what’s coming. In fact, the only true defense against increasingly weaponized vulnerabilities is to develop a modern vulnerability management program powered by extensive threat and vulnerability intelligence, data science, and frictionless teamwork. Read this eBook…


Risk, Measured: 7 Characteristics of Good Metrics

Continuing our miniseries into Risk, Measured: we go back to statistics class and discuss some of the characteristics of good metrics to help people understand what you should be looking for when you want to meaningfully quantify cybersecurity phenomena, program performance, or anything really.  


© 2021 Kenna Security. All Rights Reserved. Privacy Policy.