Jun 05, 2020
SAN FRANCISCO, May 26, 2020 — Kenna Security, the enterprise leader in risk-based vulnerability management, today released the Prioritization to Prediction Benchmark Survey, a free new tool that enables companies to compare their vulnerability management programs to an industry average.
“Organizations are facing an uphill battle when it comes to managing the thousands of vulnerabilities across their network,” said Ed Bellis, co-founder and CTO at Kenna Security. “But until now, they had no way of knowing how they compared to companies that are getting vulnerability management right. We are arming organizations with the crucial information they need to stay ahead of threats, personalized to their specific company.”
The nine-question survey is based on research conducted by Kenna Security and the Cyentia Institute, which identified the organizational characteristics of highly effective vulnerability management programs. Companies were evaluated on the maturity of their practices, their reliance on automated patching, the factors that influence remediation decisions, and several other dimensions. These insights will be provided in a custom report that details how they compare across these characteristics to the broader landscape of enterprises.
“Organizations are facing an uphill battle when it comes to managing the thousands of vulnerabilities across their network.”Ed Bellis, Kenna Security Co-founder and CTO
The original research demonstrated that companies most effectively managing security vulnerabilities report using a patch tool, relying on risk-based prioritization tools, and having multiple, specialized remediation teams that focus on specific sectors of a technology stack. Having adequate security budgets correlated with an ability to patch security threats quickly, but did not translate into having a higher capacity to remediate vulnerabilities.
Some internal factors tended to reduce performance. Companies that used the Common Vulnerability Scoring System (CVSS) to prioritize vulnerabilities for remediation tended to be slower in patching high-risk vulnerabilities. The companies focused on compliance also struggle to patch all high-risk vulnerabilities across their organization.
The release of the Benchmark Survey marks the second free tool by Kenna Security which allows members of the security community to better adopt risk-based vulnerability management. Last year, Kenna released the Exploit Prediction Scoring System (EPSS), an open-source, data-driven framework for assessing security threats. EPSS uses publicly-available information to predict the likelihood that a vulnerability will be exploited within 12 months of disclosure, allowing companies to prioritize the riskiest vulnerabilities on their systems and reduce overall vulnerability risk.
To take the Benchmark Survey and receive a free, custom report, click here.
About Kenna Security
Kenna Security is the enterprise leader in risk-based vulnerability management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most. Headquartered in San Francisco, Kenna serves nearly every major vertical and counts CVS, KPMG, HSBC, and many Fortune 100 companies among its customers.