Kenna Security delivers industry-first peer benchmarking for vulnerability management

San Francisco, California, UNITED STATES

New features and enhancements improve upon Kenna’s data-driven approach to cybersecurity, giving companies an industry-specific view of their risk


Karim Toubba, CEO at Kenna Security
“Kenna pioneered a new approach to cybersecurity, enabling enterprises to measure and prioritize cyber risk, and helping security teams address risk in a succinct and actionable way. Now, we’re giving our customers more contextual cybersecurity analysis with peer benchmarking on the only platform that lets companies look outside their organization to know how their overall cyber risk stacks up against peer companies. CISOs and other decision makers can gain a more complete picture of enterprise risk to quickly remediate vulnerabilities that pose the greatest threat.”

News Summary

Kenna Security, a leader in predictive cyber risk, today announced significant updates to the Kenna Security Platform, delivering the vulnerability management industry’s first and only peer benchmarking capability, improved scoring for application security risks, and a new home view to provide at-a-glance vulnerability risk management performance and trends. Now companies across financial services, retail, healthcare, and other highly targeted industries can compare their cyber risk postures against peers.

This latest release extends the ability of Kenna customers to rapidly assess their organization’s security posture and prioritize remediation of the most critical cyber risks. The improvements include new features and enhancements to the user experience, including:

  • Peer benchmarking capabilities, which are only available from Kenna, give customers greater visibility into how their Kenna Risk Score compares with those of their industry peers. The benchmarks can be displayed as trends over time and as a snapshot of the industry average.
  • Enhanced application security scoring that has been refined to more precisely measure the interdependencies and complexities of a constantly changing application environment. The new scores offer businesses a far more granular view of application risk. Customers will have access to a dedicated application security tab, which focuses attention on the special challenges presented by application vulnerabilities in a manner that aligns with their workflow.
  • All these enhancements are seamlessly integrated into a new home view that provides rapid "at-a-glance" intelligence, which security teams can use to assess their environments more quickly and efficiently. The new home view provides contextualized trend data on ongoing attacks, percentage of assets affected, and links to top fixes.

News in Depth

Enterprise networks contain more vulnerabilities than their security teams can manage. The teams rely on dozens of security tools, which bombard them with data and a cacophony of alerts. But security teams don’t have the context to know which vulnerabilities to address first. The Kenna Security Platform is a scalable, cloud-based solution combining the most informed, contextualized, and accurate risk prioritization available with an intuitive user interface to enable organizations to proactively manage their most important vulnerabilities.

The platform provides metrics which security teams can use to accurately quantify, visualize, and remediate their cyber risk posture over time. The new peer benchmarking feature—the first in the vulnerability management space—will integrate anonymized data from Kenna’s clients to create clear comparisons of risk posture against the industry average and help drive more informed decision making on security programs. Using an industry average to benchmark an enterprise’s risk means that risk reductions by individual organizations will lead to continual improvements across the broader industry.

Kenna has enhanced the logic and algorithms of its vulnerability management platform to more precisely handle the realities of application vulnerability risk. This provides application security teams with a far more granular and accurate view of their risk posture. Application risk scores now feature improved accuracy for CWE-based CVEs and supports additional threat and exploit intelligence sources for fast-moving application layer CVEs using tactics like scanner honeypots.

Proving accurate measurement for cyber risk requires the capability to seamlessly integrate and correlate data from multiple security and technology sources. That’s why Kenna Security has built-in support for more than 55 different data sources, including all major vulnerability assessment scanners.

Further expanding the breadth of data that can be correlated in the platform, Kenna Security is introducing the Kenna Data Importer to enable easy normalization of non-standard data and provides a new way for customers to leverage their custom data sources into the Kenna Security platform. The Kenna Data Importer can be used across the Kenna Security Platform to ingest any type of data and is particularly valuable to application security teams who commonly use custom security and testing tools. This delivers near-universal compatibility with security data sources to provide enhanced context, risk-scoring, and prioritization. 

Supporting Quotes

Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group
“Large organizations are desperately looking for new tools and approaches that address the flood of threats and vulnerabilities. The Kenna Security Platform’s unique peer benchmarking feature can give organizations a quantified, outside-in view of their cyber risk.  This provides security teams with benchmarks for their vulnerability management performance against their industry’s average risk scores, enabling greater context for operational and strategic decision making.”

Ed Bellis, CTO, Kenna Security
“For years, CISOs have had to rely on anecdotal reports from their peers or self-reported data from industry associations to get an idea of how and where they stood in terms of vulnerabilities and addressing the most serious risks that could pose a threat. By introducing the industry’s first and only vulnerability benchmarking, we’re standardizing reporting of risk across organizations to give decision makers more context to understand their risk and how that compares to industry peers.”

Additional Resources

About Kenna Security
Kenna Security is a leader in predictive cyber risk. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. Kenna leverages Cyber Risk Context Technology™ to track and predict real-world exploitations, focusing security teams on what matters most. Headquartered in San Francisco, Kenna counts among its customers many Fortune 100 companies, and serves nearly every major vertical.

Media & Analyst Contact: 
Matt McLoughlin
Gregory FCA for Kenna Security
Phone: 610-228-2123