New degree unlocked. The subsequent step for Kenna.VM customers who’re maturing their risk-based vulnerability administration program is Kenna.VM Premier—and it’s stay.
The Cisco Kenna workforce is happy to launch a brand new tier of the Kenna Security platform designed particularly for purchasers or prospects which have reached some extent of maturity during which they’ll and need to do extra with their vulnerability administration program.
In addition to the prevailing Kenna options and performance and love, the brand new Kenna.VM Premier tier consists of:
- In-depth and actionable remediation scoring (New!)
- Zero-day vulnerability intelligence, powered by Cisco Talos (New!)
- Access to Kenna’s vulnerability intelligence by way of an API or person interface (UI)
We’re notably excited in regards to the new options which might be debuting with this tier. So, let’s take a more in-depth take a look at every thing that’s included.
Remediation scoring
On the Kenna.VM homepage, a brand new metric will seem on the high proper nook (Figure 1). The Remediation Score, as this measurement is understood, quantifies how nicely a company is addressing threat general.
The Remediation Score itself encompasses 4 key measurements (Figure 3), which can sound acquainted to you in the event you’ve been studying any of the Prioritization to Prediction experiences produced by Kenna and the Cyentia Institute:
-
- Coverage: Of all vulnerabilities that ought to be remediated, what proportion was accurately recognized for remediation?
- Efficiency: Of all vulnerabilities recognized for remediation, what proportion ought to have been remediated?
- Capacity: What is the common proportion of open vulnerabilities that have been closed in a given interval?
- Velocity: What is the pace and progress of remediation?
These new remediation insights will permit organizations to shift away from counting on simply the Risk Score itself as a measurement to evaluate the efficiency of remediation groups. While many organizations decide to make use of the Risk Score on this method, there are inherent issues with evaluating efficiency based mostly on the Risk Score—notably for mature packages. A Risk Score can spike at any second as a result of a immediately high-risk vulnerability—a spike that isn’t a mirrored image on the remediation workforce themselves. And as organizations mature, they’re more likely to attain a ‘steady state’ with their Risk Score, which makes it a troublesome metric to make use of to measure progress.
Ultimately, these efficiency metrics will assist prospects higher perceive what areas of their remediation efforts are doing nicely and which could have to be adjusted.
Zero-day vulnerability intel—dropped at you by Cisco Talos
Another new addition to the Kenna.VM platform is zero-day vulnerability intelligence powered by Cisco Talos. Talos commonly identifies high-priority safety vulnerabilities in generally used working methods and software program. The workforce works with distributors to disclose greater than 200 vulnerabilities yearly.
This new integration with Talos offers Kenna.VM customers entry to data on zero-day vulnerabilities documented by the Talos analysis workforce (and more likely to be of their surroundings). With the “Zero Days” filter in Kenna.VM, customers can isolate zero-day vulnerabilities, examine, and take motion leveraging Snort rule IDs offered by Talos, when relevant (Figure 3).
Vulnerability intelligence—your manner
The final (however definitely not least) piece of the Kenna.VM Premier puzzle is the inclusion of Kenna’s lately enhanced vulnerability intelligence User Interface and API. Kenna is understood for its threat scoring, however what folks could not notice is simply how a lot information we eat and switch into completed, actionable intelligence. There are greater than 18+ risk and exploit intelligence feeds that energy our understanding of vulnerabilities, and our vulnerability intel API and UI make of this data accessible to prospects.
The UI offers a dashboard to analysis any CVE—no matter whether or not or not a scanner discovered that vulnerability within the buyer’s surroundings. Meanwhile, the API permits prospects to question Kenna and export as a lot of our vulnerability intelligence on as many vulnerabilities as they need, and use that information to complement any present IT, dev or safety workflows, together with Cisco’s very personal SecureX. The information on this set consists of descriptions, publication dates, CVSS information, accessible exploits and fixes, perception into distant exploitable vulnerabilities, and way more. Also offered is the Kenna Risk Score for every vulnerability and a sign of whether or not it’s predicted to be exploitable—distinctive information factors derived by Kenna’s information science.
This intelligence, mixed with our new remediation scoring and Talos zero-day intelligence, rounds out the Kenna.VM Premier tier as the best bundle for any buyer or prospect who’s seeking to take their vulnerability administration program to the subsequent stage of maturity.
Kenna.VM Premier is out there at present. If you’re concerned about studying extra, contact your gross sales representatives or ship us a demo request to unlock the subsequent degree of your vulnerability administration journey.
We’d love to listen to what you assume. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: