Kenna Security Platform is a scalable, cloud-based solution designed to deliver informed and accurate risk prioritization and perform network/device vulnerability assessments, management and penetration testing. This solution offers hardware, software, virtual, SaaS or cloud-based deployment. It ingests, aggregates and processes tens of billions of pieces of data from multiple sources and automates that data analysis with an algorithm for accurate, quantifiable risk scores for every single vulnerability within seconds. This data includes external threat and exploit data, and internal vulnerability and asset data to give you full visibility into the impact of vulnerabilities for actionable remediation efforts and resource allocation.
All vulnerabilities are listed with comprehensive information, including the CVE or CWE assigned to it, a description, the CVSS scores assigned to that vulnerability and the Kenna risk score. The solution also provides specific remediation guidance for each of these vulnerabilities.
Kenna Security does not have its own scanner, but has a wide capacity to integrate with organizations’ existing vulnerability scanners, asset management systems and other tools. On the application side the solution can also integrate with dynamic application scanners and more.
The company’s scoring system uses aggregate customer asset and vulnerability data to combine with threat and exploit intelligence outside of the organization’s network. It also takes into consideration the context of the asset, whether it is exposed to the internet, what vulnerability is most likely to be exploited and to what extent could that vulnerability be exploited and yields a vulnerability risk score between 0-1000. The score and subsequent vulnerabilities are then bundled into fixes, essentially determining the least amount of work required for the biggest increase in security posture. The process also ties into Kenna’s ticketing system that allow security teams to create groups, each of which will receive a corresponding risk meter.
This modern-looking dashboard breaks vulnerabilities into several categories to help security teams develop a plan of attack and weights machines with their risk scores to prioritize urgency. The solution supports role-based access here, so that dashboards can be limited to specific user or groups with specified privilege rights.
The solution can generate reports for a single asset, groups, or an entire organization, which are detailed and highly customizable, showcasing a trendline to demonstrate how a risk posture has changed over time so an organization can have confidence in its security team’s capabilities and demonstrate measurable result of their efforts.
Since this is a cloud-based option, setup was easy, and a security team could potentially leverage a scanner already in place. That could be problematic, though, because leveraging multiple vendors may mean extra troubleshooting. But as a cloud-based solution, some of the views are less configurable than those of other products.
Starting price is $12 per asset for a one-year subscription. Discounts are offered at intervals for large numbers of assets. Multi-year subscription discounts are available. Support is provided during business hours Monday through Friday by phone and email and via website. Premium support can be purchased for 24/7 support.
Tested by Matthew Hreben