SAN FRANCISCO, May 15, 2018 (GLOBE NEWSWIRE) --
Karim Toubba, CEO, Kenna Security
“Effective remediation depends on quickly determining which vulnerabilities warrant action and which of those have highest priority, but prioritization remains one of the biggest challenges in vulnerability management. Businesses can no longer afford to react to cyber threats, as the research shows that most common vulnerability remediation strategies are about as effective as rolling dice. But there is hope – a predictive model based on cutting-edge data science is more efficient, requires less effort, and provides better coverage of an enterprises’ attack surface.”
News Summary
Kenna Security, a leader in predictive cyber risk, today unveiled a new research report it conducted in partnership with the Cyentia Institute that provides an industry-first analysis of today’s common vulnerability management strategies. The research report, Prioritization to Prediction: Analyzing Vulnerability Remediation Strategies, includes deep insights into vulnerability lifecycles, the key factors that influence the remediation and prevention of vulnerabilities, and the effectiveness of various vulnerability remediation strategies used to prioritize enterprise cyber security efforts.
Kenna Security and Cyentia Institute analyzed five years of historical vulnerability data compiled from over 15 sources to uncover the key findings in the report:
Supporting Quotes
Jay Jacobs, data scientist, co-founder and partner, Cyentia Institute
“Cyentia is committed to delivering data-driven research to help the practitioners and decision-makers responsible for protecting an enterprise’s assets, which average 18-24 million vulnerabilities across 60,000 assets. Partnering with leading cybersecurity industry vendors like Kenna Security to track published exploits and actively exploited vulnerabilities enables us to measure, compare and explore various prioritization methods and advance the art and science of vulnerability management.”
Jon Oltsik, senior principal analyst, Enterprise Strategy Group (ESG)
“In the past, we used analog tuning to define which systems were considered mission-critical, but this didn’t provide a level of useful granularity. Fast forward to 2018, and risk-based intelligent vulnerability management platforms, including Kenna, can now consume terabytes of configuration data, asset data, vulnerability data, and threat intelligence to create a fine-grained analysis of which systems really need immediate patching against current threats. Now these systems are moving beyond real-time assessments by forecasting weaponization and risk well before an attack is possible. This proactive approach can provide insight and help organizations anticipate attacker behavior.”
Additional Resources
Cyentia Institute
The Cyentia Institute is a Virginia-based research services firm that exists to advance cybersecurity knowledge and practice through use-inspired, data-driven research. Cyentia curates and publishes research for the community, partners with other organizations to create compelling publications and helps enterprises turn complex security data into confident strategic decisions.
Kenna Security
Kenna Security is a leader in predictive cyber risk. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. Kenna leverages Cyber Risk Context Technology™ to track and predict real-world exploitations, focusing security teams on what matters most. Headquartered in San Francisco, Kenna counts among its customers many Fortune 100 companies, and serves nearly every major vertical.
Media/Analyst Contact: |
Dan Mellinger |
Kenna Security |
415-572-0216 |
dan.mellinger@kennasecurity.com |