Original Research on Cisco Vulnerability Management

Kenna Security Case Study

Global 500 Insurance Company

Introduction

This case study of a Global 500 insurance company is based on an October 2019 survey of Kenna Security customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“Kenna has helped us to enrich our vulnerability data, allowing us to make more impactful decisions when prioritizing.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Kenna Security:

Vulnerability management challenges they experienced that led them to implement the Kenna Security Platform:
- Too many vulnerabilities with no way to effectively prioritize
- High volume of security data lacking context for decision making
- Inefficiencies in vulnerability remediation

Use Case

The key features and functionalities of Kenna Security that the surveyed company uses:

Approach used to prioritize vulnerabilities prior to Kenna:
- Use rating system from a scanner
How they evaluate the success of their Kenna Security platform implementation:
- Kenna risk score reduction
Kenna’s primary advantage(s) over other vulnerability management platforms:
- Kenna goes beyond basic risk scoring and tells them what they need to fix first
- Kenna provides meaningful and actionable data for remediation (remediation intelligence)
- Kenna is updated continuously with real-time information
- Kenna includes multiple threat intel feeds (eliminating the need for subscription)

Results

The surveyed company achieved the following results with Kenna Security:

Reduction of time spent on the following activities, since using Kenna:
- Time spent on Vulnerability Investigation: over 10%
- Time spent on remediation: over 10%
- Time spent on reporting: over 25%

About Kenna.VM

Cisco Vulnerability Management (formerly Kenna.VM) offers an effective, efficient way to reduce your risk profile using risk-based prioritization powered by data science. Rely on it to ID the vulnerabilities that put you at the greatest risk, create a self-service environment for remediation teams, set intelligent SLAs based on your risk tolerance, compare your risk posture against industry peers, deliver clear reports with intuitive metrics, and more.

Learn More:

Cisco Vulnerability Management

Kenna Security Customer Testimonial

Kenna allowed us to break down our Vulnerability management practices to include basic Infrastructure and Application mitigation practices, decreasing our MTTR overall, as well as identify risks using a more intelligent decision making process.

— Cybersecurity Senior Associate, Medium Enterprise Wholesale Distribution Company

Kenna.VM Customer Research

What vulnerability management challenges were you experiencing that led you to implement the Kenna.VM (formerly Security Platform)?

Too many vulnerabilities with no way to effectively prioritize	71%
High volume of security data lacking context for decision making	43%
No way to quantify or measure risk from vulnerabilities	57%
Inefficiencies in vulnerability remediation	39%
Other	7%

Kenna.VM Case Study

Medium Enterprise Healthcare Company

Introduction

This case study of a medium enterprise healthcare company is based on a November 2020 survey of Kenna.VM customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“Moved us away from reactive CVSS scoring to real risk based remediation. "

“Experience has been solid even post ink drying on the check. I get what I need in a reasonable amount of time and submitting cases via the portal is quick, intuitive, and simple = job well done there! "

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Kenna.VM:

The vulnerability management challenges they were experiencing that led them to implement the Kenna.VM:
- Too many vulnerabilities with no way to effectively prioritize
- High volume of security data lacking context for decision making
- Not having a way to quantify or measure risk from vulnerabilities

Use Case

The key features and functionalities of Kenna.VM that the surveyed company uses:

The approach they used to prioritize vulnerabilities prior to Kenna:
- CVSS 8+
- CVSS 9+
- CVSS 10+
They best describe their current engagement model between the Security and IT team as Security and IT work together to investigate and prioritize.
The criteria they use to evaluate the success of your Kenna.VM implementation:
- Reduction in Mean Time To Remediate (MTTR)
- Kenna risk score reduction
- SLA adherence

Results

The surveyed company achieved the following results with Kenna.VM:

Before Kenna vs. After Kenna: Have you seen a reduction in time spent on the following activities? (Security and IT team time combined)
- time spent on Vulnerability Investigation: 25 – 50%
- time spent on remediation: 25 – 50%
- time spent on reporting: 10 – 25%
Kenna’s primary advantage(s) over other vulnerability management platforms:
- Kenna goes beyond basic risk scoring and tells me what I need to fix first
- Kenna provides meaningful and actionable data for remediation (remediation intelligence)
- Kenna provides awareness of how much risk is in our environment
- Kenna is updated continuously with real-time information
Rates the following for Kenna.VM compared to other vulnerability management solutions:
- remediation Intelligence (guidance on “what to fix first”): superior
- integrated real-time global exploit intelligence: superior
- data science-based risk scoring methodology: on par
- “Off the shelf” integrations with a wide range of security data sources: on par
- predictive vulnerability modeling: superior

About Cisco Vulnerability Management

Cisco Vulnerability Management (formerly Kenna.VM) offers an effective, efficient way to reduce your risk profile using risk-based prioritization powered by data science. Rely on it to ID the vulnerabilities that put you at the greatest risk, create a self-service environment for remediation teams, set intelligent SLAs based on your risk tolerance, compare your risk posture against industry peers, deliver clear reports with intuitive metrics, and more.

Learn More:

Cisco Vulnerability Management

Kenna Security Customer Research

Please select the answer below that best describes your current engagement model between the Security and IT team:

Security investigates and prioritizes vulnerabilities; IT remediates	40%
Security investigates; Security and IT work together to prioritize; IT remediates	20%
Security and IT work together to investigate and prioritize	18%
Security investigates; IT prioritizes and remediates	10%
IT investigates, prioritizes and remediates; Security handles reporting	9%

Kenna Security Customer Statistic

44% of surveyed organizations reduced the time spent on remediation by over 50% since using Kenna.

44%

TechValidate Research on Cisco Vulnerability Management

These pages present data that TechValidate has sourced via direct research with verified customers and users of Cisco Vulnerability Management. TechValidate stands behind the authenticity of all published data. Learn more »

About TechValidate Research

Selected Research Highlights

Global 500 Insurance Company

Introduction

Challenges

Use Case

Results

Company Profile

About Kenna.VM

Medium Enterprise Healthcare Company

Introduction

Challenges

Use Case

Results

Company Profile

About Cisco Vulnerability Management

More to Explore

About Cisco Vulnerability Management