Comprehensive software reviews to make better IT decisions
Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI
Kenna Security deployed its new data-driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind. These risk-based SLAs will draw on Kenna’s data and experience collected in over a decade of cybersecurity. Kenna.VM comes with CrowdStrike’s Falcon Spotlight endpoint detection and Twistlock container security tool. The product offers a strong analytical source from which to manage and understand your business’s security risk tolerance and security level.
Source: SoftwareReviews Kenna Security, Accessed May 7, 2020
Kenna Security’s goal is to help an organization determine what risk level is acceptable for their business. By understanding your appropriate risk tolerance level, Kenna Security can recommend appropriate SLAs that are based on risk and a data-driven approach, not recommendations based on arbitrary timelines. As Jason Rolleston, chief product officer at Kenna Security said, “effective cybersecurity is about managing acceptable risk.” In conjunction with CrowdStrike and Twistlock, Kenna Security offers an accurate picture of a company’s security risk landscape.
The vendor also provides Kenna.VI, which is a research tool to be used in tandem with Kenna.VM. Kenna.VI’s database is based on years of research conducted by Kenna Security and its partners. Companies can use this to search for Common Vulnerabilities and Exposures (CVEs) that are being exploited. This allows for businesses to prepare their security networks for these contingencies and harden their defenses in relation to the vulnerabilities that they are most likely to face. Thus, Kenna.VI saves team resources and cuts down on spending.
Any security program offered in a bundle will often provide a comprehensive overview of the security status of a business. This is for two reasons. First, patch data can come from a multitude of sources, not just internal scanners and, by partnering with additional cybersecurity partners, Kenna Security’s analysis of a business’s internal security tolerance and vulnerabilities comes from multiple sources, increasing the fiduciary relationship of each data set.
Second, Kenna.VM is designed to be as simple as possible for IT and security to interact with one another. The Hierarchical Risk Meters (HRMs) show intuitive visualization of the organization’s assets. These HRMs can also dig deeper to analyze CVE score histories – offering even more clarity into the risks the business faces and how security has changed over time. Kenna.VM and VI, together with their partners, offer a great depth of knowledge and resources for businesses to use to understand their security risk and tolerance. Especially important is knowing what unique threats your business faces. When a budget is tight, being able to redirect funding to known threat vectors instead of a generalized program is an excellent cost-savings method while still addressing the security needs of the business.
The principle of having only one vendor as part of your vulnerability management platform was the norm for a long period of time. More and more, we are seeing vendors combining their strengths by working with other vendors as a package deal to augment and enhance any failing between their offerings. On the consumer end, the benefits of multiple vendors working to secure your network gives you more eyes on the scene, alternative perspectives, and insights that would have otherwise been missed.
Want to Know More?
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.
By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
Remote Work Landscape Pushes Microsoft to Releases Endpoint DLP and Double Key Encryption Features for Added Data Security
Microsoft recently previewed the specific features to tackle data security and risk management for end users with Microsoft Endpoint Data Loss Prevention (DLP) and Double Key Encryption. The reason for the launch? The increasing shift towards a remote work environment and a need to mitigate the accompanying risks.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
To bolster and broaden its data privacy capabilities for end users, cyber and data protection vendor Acronis has acquired DLP player DeviceLock. The acquisition aligns with the increasingly prevalent role that data privacy plays in cybersecurity.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.