Kenna Security Helps Enterprises Achieve Long-term Security with Risk-Based SLAs

New Kenna.VM features and Kenna.VI help ground IT and security conversations in data, not guesswork

SAN FRANCISCO, April 28, 2020 (GLOBE NEWSWIRE) -- Kenna Security, the enterprise leader in risk-based vulnerability management, is introducing a ground-breaking, risk-oriented approach to setting service level agreements (SLAs) within its flagship Kenna.VM offering and unveiling Kenna.VI — a brand new vulnerability intelligence product. Kenna is also adding two critical new connectors to emerging sources of vulnerability data and extending its ability to efficiently create granular views for IT users. These capabilities build on Kenna Security’s ability to bridge the gap between security and IT, while meaningfully reducing risk.

“Effective cybersecurity is about managing acceptable risk,” said Jason Rolleston, chief product officer at Kenna Security. “Kenna has helped hundreds of organizations quantify and reduce their vulnerability risk, and now we are using our unique visibility into vulnerability remediation and exploitation to give guidance on how fast an organization must respond to newly discovered vulnerabilities to meet the organization’s risk tolerance.”

Risk-Based SLAs will draw on nearly a decade of Kenna Security’s research and data, which includes more than 15 exploit and threat intelligence sources, more than 7 billion managed vulnerabilities, and more than one billion managed security events. With this data, Kenna Security can help organizations determine an acceptable level of risk and then recommend intelligent SLAs that are based on that risk level — an approach that is the first of its kind in the industry. This will enable security and IT to have SLA conversations based on evidence rather than arbitrary timelines.

“Multi-vendor” is a necessity, not a luxury
Patch data is not sourced only from scanners anymore—it can come from a variety of sources. Expanding its list of technology partnerships, Kenna Security now offers connectors that will allow customers to ingest incredibly rich data from CrowdStrike’s Falcon Spotlight endpoint security solution as well as Twistlock, a leading container security tool. The introduction of these connectors stem from Kenna Security’s commitment to helping enterprises leverage the right data in their environment to get the most accurate picture of risk within their walls.

Built with IT in mind
While many security tools are not designed to facilitate IT operations, Kenna Security continues to seek out ways to alleviate the burden on IT and reduce friction between IT and security teams through functional “self-service” capabilities. New Hierarchical Risk Meters (HRMs) will give Kenna Security’s thousands of IT users more intuitive visualization and organization of assets, allowing them to add child risk meters as subsets of its parents. In addition to HRMs, users can now also query the Kenna.VM API for CVE score histories, offering another level of transparency that conveys details about what score changes took place and when.

A universe of intelligence at security’s fingertips
Rounding out Kenna Security’s latest updates is Kenna.VI, a new research tool that gives security researchers access to a centralized vulnerability intelligence database of unmatched scale. Armed with an arsenal of Kenna Security’s research and data, security teams can protect themselves against the newest vulnerabilities, regardless of whether or not those vulnerabilities are inside of the organization. Users can search and browse CVEs, identify fixes, and focus red team efforts on the vulnerabilities that have the highest probability of being weaponized or exploited.

“Kenna.VI will give customers a peak behind the curtains into the rich exploit and threat intelligence that drives Kenna’s risk scoring,” said Rolleston. “VI also makes it easier for companies with restrictive cloud policies or regulations to leverage Kenna’s capabilities to more efficiently reduce risk by transforming to modern vulnerability management.”


  • Risk-Based SLAs are available for existing Kenna.VM customers immediately.
  • The Crowdstrike connector is now available for existing Kenna.VM customers. Customers must have an existing Crowdstrike Falcon Spotlight installation.
  • The Twistlock connector will be available for existing Kenna.VM customers in June.
  • Kenna.VI is available now in two offerings: Kenna.VI and Kenna.VI+. Existing Kenna.VM customers can reach out to their dedicated Kenna representative for details.
  • Hierarchical Risk Meters will be available for existing Kenna.VM customers in June.
  • CVE Score Transparency in the API is available for existing Kenna.VM customers immediately.

Additional Resources

About Kenna Security
Kenna Security is the enterprise leader in risk-based vulnerability management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most. Headquartered in San Francisco, Kenna serves nearly every major vertical and counts CVS, KPMG, HSBC, and many Fortune 100 companies among its customers.

Media & Analyst Contact:
Matt McLoughlin
Gregory FCA for Kenna Security
Phone: 609-385-2058