Welcome
Of the tens of millions of vulnerabilities that almost certainly exist within your IT environment, just 5% are likely to emerge as a threat. While this relatively low percentage may sound promising, it also presents a challenge.
How can you tell which vulnerabilities will be weaponized? And more crucially, which pose the biggest risks to your particular business?
Answering these questions is the role of risk-based vulnerability management (RBVM) solutions. Market-leading RBVM solutions synthesize vulnerability and exploit information from multiple sources, and then use advanced machine learning algorithms to predict which vulnerabilities present the greatest risk to your environment. This ability to prioritize risk helps busy IT security teams focus on the vulnerabilities that matter most – while giving IT operations personnel clear insights like risk scores and action plans they can understand and work with. Read more
Karim Toubba, CEO of Kenna Security
Market Guide for Vulnerability Assessment
- Craig Lawson, Mitchel Schneider, Dale Gardner, Prateek Bhajanka
- 20 November 2019
Security and risk management leaders evaluating VA products and services need to understand the important role they play in risk-based vulnerability management. VA identifies and assesses vulnerabilities proactively to establish the security and risk posture, not just to meet compliance mandates. [...]
Implement a Risk-Based Approach to Vulnerability Management
- Craig Lawson, Prateek Bhajanka
- 19 June 2018
A vulnerability is only as bad as the threat exploiting it and the impact on the organization. Security and risk management leaders should rate vulnerabilities on the basis of risk in order to improve vulnerability management program effectiveness. [...]
Kenna Security Content
Prioritization to Prediction: Measuring What Matters in Remediation
The fourth volume of the Prioritization to Prediction series, produced in conjunction with the Cyentia Institute, explores the factors at play in successful vulnerability management. Based on a combination of survey and observational data, this report details how factors such as SLAs, team composition, and remediation methods impact actual remediation performance. [...]
How To Manage Vulnerabilities Based on Risk, Rather Than Popularity
Given the potential stakes for not fixing the right vulnerability and succumbing to a data breach, it’s easy to get caught up in just fixing the vulnerabilities associated with the latest high-profile attack. Sometimes it is called for, sometimes it is not. Here are the four key factors to consider when identifying and prioritizing vulnerabilities. [...]
