TechValidate Research on Cisco Vulnerability Management


Kenna Security Case Study

HealthCare Partners Medical Group

Introduction

This case study of HealthCare Partners Medical Group is based on an October 2019 survey of Kenna Security customers by TechValidate, a 3rd-party research service.

“Kenna Security has enabled our organization to shift from count-based vulnerability management to a true risk-based approach, significantly reducing our vulnerability exposure and overall risk.”

“We like how it aggregates the Nexpose consoles as well as provides an easy way to show metrics.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Kenna Security:

  • Vulnerability management challenges they experienced that led them to implement the Kenna Security Platform:
    • Too many vulnerabilities with no way to effectively prioritize
    • No way to quantify or measure risk from vulnerabilities
    • Giving application owners access to a centralized location. Managing users in each console would have been too much work.

Use Case

  • Approach used to prioritize vulnerabilities prior to Kenna:
    • Use rating system from scanner
  • How they evaluate the success of their Kenna Security platform implementation:
    • Kenna risk score reduction
    • Reduction in reporting time
  • Kenna’s primary advantage(s) over other vulnerability management platforms:
    • Kenna goes beyond basic risk scoring and tells them what they need to fix first
    • Kenna aggregates data and reporting from multiple tools (vuln scanners, CMDB, discovery)

Results

The surveyed company achieved the following results with Kenna Security:

  • Reduction of time spent on the following activities, since using Kenna:
    • Time spent on Vulnerability Investigation: over 10%
    • Time spent on remediation: over 25%
    • Time spent on reporting: over 50%




About This Data

This data was sourced directly from verified users of Cisco Vulnerability Management by TechValidate.

TechValidate verifies the identity and organizational affiliation of all participants that contribute to published research data. When research participants so desire, we also guarantee their anonymity so that they may share information honestly and freely.


More Research on Cisco Vulnerability Management