TechValidate Research on Cisco Vulnerability Management

Kenna Security Case Study

Fire And Police Pension Association


This case study of Fire and Police Pension Association is based on an October 2019 survey of Kenna Security customers by TechValidate, a 3rd-party research service.

“Qualys vulnerability reports were 12000 pages long for 50 servers. How is that useful? When that data was parsed by Kenna our risk meter was medium or low on those same servers, and the Kenna data showed us what to fix. "


The business challenges that led the profiled organization to evaluate and ultimately select Kenna Security:

  • Vulnerability management challenges they experienced that led them to implement the Kenna Security Platform:
    • Too many vulnerabilities with no way to effectively prioritize
    • No way to quantify or measure risk from vulnerabilities
    • Inefficiencies in vulnerability remediation

Use Case

The key features and functionalities of Kenna Security that the surveyed organization uses:

  • Approaches used to prioritize vulnerabilities prior to Kenna:
    • CVSS 8+
    • CVSS 9+
    • CVSS 10
    • Use rating system from scanner
  • How they evaluate the success of their Kenna Security platform implementation:
    • Kenna risk score reduction
    • Reduction in vulnerability investigation time
  • Kenna‚Äôs primary advantage(s) over other vulnerability management platforms:
    • Kenna goes beyond basic risk scoring and tells them what they need to fix first
    • Kenna provides meaningful and actionable data for remediation (remediation intelligence)
    • Kenna provides awareness of how much risk is in their environment
    • Kenna includes multiple threat intel feeds (eliminating the need for subscription)


The surveyed organization achieved the following results with Kenna Security:

  • Reduction of time spent on the following activities, since using Kenna:
    • Time spent on Vulnerability Investigation: over 10%
    • Time spent on remediation: over 10%
    • Time spent on reporting: 0%

About This Data

This data was sourced directly from verified users of Cisco Vulnerability Management by TechValidate.

TechValidate verifies the identity and organizational affiliation of all participants that contribute to published research data. When research participants so desire, we also guarantee their anonymity so that they may share information honestly and freely.

More Research on Cisco Vulnerability Management