Friday, 26 January 2018

Kenna Security Announces new Exploit Prediction

Kenna Security, a leader in predictive cyber risk, announced today that it has developed new Exploit Prediction capabilities to accurately forecast which vulnerabilities will become weaponised to alert organisations to take remediation before those exploits become a threat.

Kenna’s new Exploit Prediction includes instant visibility into the effect of future exploits on a business’ systems, a type of intelligence that has traditionally been difficult to predict and prioritise. This enables organisations to understand the risk of a vulnerability the day it is announced to the public.

“For our customers, this simple, easy access into powerful forecasts—completely pertinent to their own environments, based on their own assets and vulnerabilities—ensures they have a ‘head start’ in terms of knowing what potential exploits may affect their organisation,” said Ed Bellis, CTO and co-founder of Kenna Security. “For the first time, we can extend cyber risk to a predictive model.”

Leveraging Kenna Cyber Risk Context Technologies™, driven by machine learning in the cloud, Kenna Exploit Prediction has delivered 94 percent predictive accuracy to date. Kenna Exploit Prediction is part of the Kenna Security Platform and will be available in Q1 2018 to all Kenna Security customers.

“Kenna’s Exploit Prediction capability is a significant game changer for vulnerability management. In a time when vulnerabilities and subsequent exploits are disclosed at a volume and velocity that is difficult for even for the most conscientious organisations to stay on top of, Exploit Prediction allows security practitioners the ability to further contextualise, prioritise and remediate vulnerabilities, based on risk,” said Don Morash, Practice Lead, Vulnerability Management Managed Services at GuidePoint Security.

“In the past, we used analog tuning to define which systems were considered mission-critical, but this didn’t provide a level of useful granularity,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group (ESG). “Fast forward to 2018, and risk-based intelligent vulnerability management platforms, including Kenna, can now consume terabytes of configuration data, asset data, vulnerability data, and threat intelligence to create a fine-grained analysis of which systems really need immediate patching against current threats. Now these systems are moving beyond real-time assessments by forecasting weaponisation and risk well before an attack is possible. This proactive approach can provide insight and help organisations anticipate attacker behavior.”

With Kenna Exploit Prediction, firms are able to:
Accurately and automatically analyse vulnerabilities in real-time to reduce costs and improve efficiencies
  • Immediately evaluates new vulnerabilities to predict whether cyber attackers will weaponise them
  • Calculates and assigns a Kenna risk score for prioritisation against all risks in the customer’s environment
  • Prioritises high-risk vulnerabilities, enabling teams to allocate resources with confidence
Extend Proactive Cyber Risk to Predictive Cyber Risk
  • Complements Kenna’s existing proactive vulnerability and risk management capabilities with exploit prediction
  • Predicts future exploits with high accuracy, enabling security teams to stay a step ahead of cyber attackers
  • Empowers security teams to remediate high-risk vulnerabilities long before they become a threat
  • Focuses teams on the riskiest vulnerabilities using established IT workflows
Enable Security Teams to Maintain Control
  • Helps security teams counter the chaos that can accompany “headline” vulnerabilities with data and analysis, saving valuable time and resources
  • Replaces fear, uncertainty, and doubt with reliable forecasts, trusted metrics, and reporting
  • Quickly and accurately reports on findings, increasing team confidence, credibility, and authority


According to Gartner, “Operational Infrastructure Security Spending is focused on protecting the network, hosts and data and ensuring secure access to systems for authorised users. However, most enterprises recognise that they cannot “keep the bad guys out” by automated preventative measures alone. A mature set of information security measures combines effective “detect” and “respond / mitigate” tools with “prevent” services, and also proactive “predict” services to intercept potential cyber-attacks and threat actors before they even occur.”*



*Gartner, “IT Key Metrics Data 2018: Key IT Security Measures: by Industry,” Linda Hall, Eric Stegman, Shreya Futela, Disha Gupta, 11 December 2017.