Cisco Vulnerability Management Deloitte & Touche LLP

TechValidate Customer Research Library / Cisco Vulnerability Management / Case Studies /

Kenna.VM Case Study

Deloitte & Touche LLP

Introduction

This case study of Deloitte & Touche LLP is based on a January 2021 survey of Kenna.VM customers by TechValidate, a 3rd-party research service.

“Kenna risk meters and risk scores have completely changed the way we manage vulnerabilities and attack surface risk. Tracking risk scores over time are the core of leadership metrics. Top fixes and reducing risk scores over time drives our prioritized remediation strategy.”

“Our customer success manger has been excellent coordinating resolution to issues as well as keeping us informed of upcoming roadmap features that may affect us.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Kenna.VM:

The vulnerability management challenges they were experiencing that led them to implement the Kenna.VM:
- Too many vulnerabilities with no way to effectively prioritize
- Not having a way to quantify or measure risk from vulnerabilities
- Inefficiencies in vulnerability remediation

Use Case

The key features and functionalities of Kenna.VM that the surveyed company uses:

The approach they used to prioritize vulnerabilities prior to Kenna:
- CVSS 9+
- CVSS 10+
- A rating system from scanner
They best describe their current engagement model between the Security and IT team as Security investigates and prioritizes vulnerabilities; IT remediates.
The criteria they use to evaluate the success of your Kenna.VM implementation:
- Kenna risk score reduction
- Reduction in IT remediation time
- Reduction in reporting time

Results

The surveyed company achieved the following results with Kenna.VM:

Before Kenna vs. After Kenna: Have you seen a reduction in time spent on the following activities? (Security and IT team time combined)
- time spent on Vulnerability Investigation: 25 – 50%
- time spent on remediation: 50 – 75%
- time spent on reporting: 25 – 50%
Kenna’s primary advantage(s) over other vulnerability management platforms:
- Kenna goes beyond basic risk scoring and tells me what I need to fix first
- Kenna provides meaningful and actionable data for remediation (remediation intelligence)
- Kenna provides awareness of how much risk is in our environment
- Kenna is updated continuously with real-time information
- Kenna aggregates data and reporting from multiple tools (vuln scanners, CMDB, discovery)
Rates the following for Kenna.VM compared to other vulnerability management solutions:
- remediation Intelligence (guidance on “what to fix first”): highly superior
- integrated real-time global exploit intelligence: superior
- data science-based risk scoring methodology: superior
- “Off the shelf” integrations with a wide range of security data sources: superior
- predictive vulnerability modeling: superior

About Cisco Vulnerability Management

Cisco Vulnerability Management (formerly Kenna.VM) offers an effective, efficient way to reduce your risk profile using risk-based prioritization powered by data science. Rely on it to ID the vulnerabilities that put you at the greatest risk, create a self-service environment for remediation teams, set intelligent SLAs based on your risk tolerance, compare your risk posture against industry peers, deliver clear reports with intuitive metrics, and more.

Learn More:

Cisco Vulnerability Management

TechValidate Research on Cisco Vulnerability Management