Cisco Vulnerability Management equips you with the contextual insight and threat intelligence needed to intercept the next exploit and respond with precision.
Prioritization is no longer a dark art—it's data science. Advanced algorithms, combined with rich internal and external intel, offer recommended fixes that will lower risk in as few moves as possible.
Track vulnerability fluctuations and forecast weaponization with up to 94% accuracy, giving you the chance to remediate high-risk vulnerabilities before bad actors can mount an attack.
With more than 19 threat intelligence feeds at your fingertips, you gain a comprehensive view of emerging threats, shifting trends, and your own risk profile.
A single source of data-verified truth aligns security and IT, eliminating friction and freeing up resources. And intuitive, simplified risk scores help you generate reports anyone can understand.
Cisco Vulnerability Management (formerly Kenna.VM) was previously known as Kenna.VM, Kenna Security, Kenna, Kenna Security Platform .
TransUnion
There are so many solutions available in the market today for vulnerability management, but Kenna brings in the contextual prioritization and risk-based remediation of vulnerability. I use this solution for sales in my company.
The solution is cloud-based.
The risk context of any vulnerability is a valuable feature. That is what it is used for and then data from different sources can be fed into it. They have good dashboards, risk meters, and virtualization. They also have a section where there is industry, and you can benchmark your risk with the companies in your industry.
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment?
There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends.
I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
I used this solution for two and a half years.
The solution is very stable.
Technical support knows what they're doing. I would rate them 5 out of 5.
There will be an element of complexity because the tool is dealing with confidential, critical information, be it for the infrastructure, systems, or the application. There are a lot of security considerations that were taken into account when Kenna was onboarded in my environment.
From the implementation point of view, the source of data is very neat in an ideal situation, but that is usually never the case. It could be easy, but it is not very straightforward. It's not like plug-and-play. In theory, it sounds okay but practically, there's a lot more.
We used our technical team for deployment. This was a global rollout. There were 3 to 5 people working on it full time.
I think the pricing is based on the number of endpoints, so it's more subscription-based. If you have 10 computers versus a million computers, obviously the pricing will change.
I would rate this solution 8 out of 10.
