TechValidate Research on Cisco Vulnerability Management

Kenna.VM Case Study

Global 500 Hospitality Company


This case study of a Global 500 hospitality company is based on a November 2021 survey of Kenna.VM customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.


The business challenges that led the profiled company to evaluate and ultimately select Kenna.VM:

  • The vulnerability management challenges they were experiencing that led them to implement the Kenna.VM:
    • Too many vulnerabilities with no way to effectively prioritize
    • High volume of security data lacking context for decision making
    • Not having a way to quantify or measure risk from vulnerabilities

Use Case

The key features and functionalities of Kenna.VM that the surveyed company uses:

  • The approach they used to prioritize vulnerabilities prior to Kenna:
    • CVSS 7+
    • CVSS 8+
    • CVSS 9+
    • CVSS 10+
    • A rating system from scanner
    • A homegrown prioritization tool
  • They best describe their current engagement model between the Security and IT team as IT investigates, prioritizes and remediates; Security handles reporting.
  • The criteria they use to evaluate the success of your Kenna.VM implementation:
    • Reduction in Mean Time To Remediate (MTTR)
    • Kenna risk score reduction
    • Reduction in vulnerability investigation time
    • Reduction in IT remediation time
    • SLA adherence
    • Reduction in reporting time


The surveyed company achieved the following results with Kenna.VM:

  • Before Kenna vs. After Kenna: Have you seen a reduction in time spent on the following activities? (Security and IT team time combined)
    • time spent on Vulnerability Investigation: over 75%
    • time spent on remediation: over 75%
    • time spent on reporting: over 75%
  • Kenna’s primary advantage(s) over other vulnerability management platforms:
    • Kenna goes beyond basic risk scoring and tells me what I need to fix first
    • Kenna provides meaningful and actionable data for remediation (remediation intelligence)
    • Kenna provides awareness of how much risk is in our environment
    • Kenna is updated continuously with real-time information
    • Kenna aggregates data and reporting from multiple tools (vuln scanners, CMDB, discovery)
    • Kenna includes multiple threat intel feeds (eliminating the need for subscription)
    • Kenna’s cloud platform scales elastically to virtually any organization size
  • Rates the following for Kenna.VM compared to other vulnerability management solutions:
    • remediation Intelligence (guidance on “what to fix first”): highly superior
    • integrated real-time global exploit intelligence: highly superior
    • data science-based risk scoring methodology: highly superior
    • “Off the shelf” integrations with a wide range of security data sources: highly superior
    • predictive vulnerability modeling: highly superior

About This Data

This data was sourced directly from verified users of Cisco Vulnerability Management by TechValidate.

TechValidate verifies the identity and organizational affiliation of all participants that contribute to published research data. When research participants so desire, we also guarantee their anonymity so that they may share information honestly and freely.

More Research on Cisco Vulnerability Management