Kenna Security takes a data-driven approach to risk analysis

Risk from security threats is relative to each company. Kenna Security leverages company and public data to pinpoint the real risk for each customer.


Should you be working harder to patch the huge, recent critical chip flaws like Spectre and Meltdown patching your browser or some other add-on like Adobe Flash that is currently causing problems?

I prize risk-based security analytics above all other computer security functions. I define risk-based security as using data from current and most likely future threats to inform defense and operationalizing to protect against those threats first. Not doing so is the biggest deficiency in most security programs. I believe so much in the concept that I wrote a whitepaper and book about it, and I’m dedicating the remaining 15 years of my professional career to helping companies do better risk analytics.

So, imagine my delight when I ran into a company dedicated to the same concept, Kenna Security, at the last Gartner Security and Risk Management Summit held this month near Washington, D.C.. Kenna Security helps customers prioritize and fix the highest risk vulnerabilities in their environment from among the millions they might be worried about.

Why risk analysis is necessary

According to almost every public computer vulnerability counter available, defenders are threatened by at least 7,000 to 15,000 new software vulnerabilities each year. That equates to about 11 per day, day-after-day, and it doesn’t even include the tens of millions of new malware variants that emerge each year.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)