Home > Research > Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

What Happened?

Kenna Security deployed its new data-driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind. These risk-based SLAs will draw on Kenna’s data and experience collected in over a decade of cybersecurity. Kenna.VM comes with CrowdStrike’s Falcon Spotlight endpoint detection and Twistlock container security tool. The product offers a strong analytical source from which to manage and understand your business’s security risk tolerance and security level.

Source: SoftwareReviews Kenna Security, Accessed May 7, 2020

Kenna Security’s goal is to help an organization determine what risk level is acceptable for their business. By understanding your appropriate risk tolerance level, Kenna Security can recommend appropriate SLAs that are based on risk and a data-driven approach, not recommendations based on arbitrary timelines. As Jason Rolleston, chief product officer at Kenna Security said, “effective cybersecurity is about managing acceptable risk.” In conjunction with CrowdStrike and Twistlock, Kenna Security offers an accurate picture of a company’s security risk landscape.

The vendor also provides Kenna.VI, which is a research tool to be used in tandem with Kenna.VM. Kenna.VI’s database is based on years of research conducted by Kenna Security and its partners. Companies can use this to search for Common Vulnerabilities and Exposures (CVEs) that are being exploited. This allows for businesses to prepare their security networks for these contingencies and harden their defenses in relation to the vulnerabilities that they are most likely to face. Thus, Kenna.VI saves team resources and cuts down on spending.

Our Take

Any security program offered in a bundle will often provide a comprehensive overview of the security status of a business. This is for two reasons. First, patch data can come from a multitude of sources, not just internal scanners and, by partnering with additional cybersecurity partners, Kenna Security’s analysis of a business’s internal security tolerance and vulnerabilities comes from multiple sources, increasing the fiduciary relationship of each data set.

Second, Kenna.VM is designed to be as simple as possible for IT and security to interact with one another. The Hierarchical Risk Meters (HRMs) show intuitive visualization of the organization’s assets. These HRMs can also dig deeper to analyze CVE score histories – offering even more clarity into the risks the business faces and how security has changed over time. Kenna.VM and VI, together with their partners, offer a great depth of knowledge and resources for businesses to use to understand their security risk and tolerance. Especially important is knowing what unique threats your business faces. When a budget is tight, being able to redirect funding to known threat vectors instead of a generalized program is an excellent cost-savings method while still addressing the security needs of the business.

The principle of having only one vendor as part of your vulnerability management platform was the norm for a long period of time. More and more, we are seeing vendors combining their strengths by working with other vendors as a package deal to augment and enhance any failing between their offerings. On the consumer end, the benefits of multiple vendors working to secure your network gives you more eyes on the scene, alternative perspectives, and insights that would have otherwise been missed.


Want to Know More?

Design and Implement a Vulnerability Management Program

Build and Information Security Strategy for Small Enterprises

Vulnerability Management Policy