Kenna Security Unveils New, Free Tool for Custom Benchmarking of Vulnerability Management Programs

Kenna Security, the enterprise leader in risk-based vulnerability management, today released the Prioritization to Prediction Benchmark Survey, a free new tool that enables companies to compare their vulnerability management programs to an industry average.

“Organizations are facing an uphill battle when it comes to managing the thousands of vulnerabilities across their network,” said Ed Bellis, co-founder and CTO at Kenna Security. “But until now, they had no way of knowing how they compared to companies that are getting vulnerability management right. We are arming organizations with the crucial information they need to stay ahead of threats, personalized to their specific company.”

Recommended AI News: Frost & Sullivan Presents A Strategic Framework For A Blockchain-Enabled World

The nine-question survey is based on research conducted by Kenna Security and the Cyentia Institute, which identified the organizational characteristics of highly effective vulnerability management programs. Companies were evaluated on the maturity of their practices, their reliance on automated patching, the factors that influence remediation decisions, and several other dimensions. These insights will be provided in a custom report that details how they compare across these characteristics to the broader landscape of enterprises.

The original research demonstrated that companies most effectively managing security vulnerabilities report using a patch tool, relying on risk-based prioritization tools, and having multiple, specialized remediation teams that focus on specific sectors of a technology stack. Having adequate security budgets correlated with an ability to patch security threats quickly, but did not translate into having a higher capacity to remediate vulnerabilities.

Recommended AI News: Research by Huami Shows Smart Wearable Device Big Data Could Assist With Alerting New Trends Related to COVID-19

Some internal factors tended to reduce performance. Companies that used the Common Vulnerability Scoring System (CVSS) to prioritize vulnerabilities for remediation tended to be slower in patching high-risk vulnerabilities. The companies focused on compliance also struggle to patch all high-risk vulnerabilities across their organization.

The release of the Benchmark Survey marks the second free tool by Kenna Security which allows members of the security community to better adopt risk-based vulnerability management. Last year, Kenna released the Exploit Prediction Scoring System (EPSS), an open-source, data-driven framework for assessing security threats. EPSS uses publicly-available information to predict the likelihood that a vulnerability will be exploited within 12 months of disclosure, allowing companies to prioritize the riskiest vulnerabilities on their systems and reduce overall vulnerability risk.

Recommended AI News: NASA Invites Public to Be Its Guests to Celebrate Historic ‘Launch America’