Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Kenna Security

Below you will find reports with the source of “Kenna Security”

image from Prioritization to Prediction Volume 8: Measuring and Minimizing Exploitability

Prioritization to Prediction Volume 8: Measuring and Minimizing Exploitability

We do two very important and timely things in this report. We first explore ways to measure exploitability for individual vulnerabilities—and far more importantly—entire organizations. Second, we create a simulation that seeks to minimize organizational exploitability under varying scenarios combining vulnerability prioritization strategies and remediation capacity. Bottom line: If you’re looking for proven ways to squeeze the most risk reduction from your vulnerability management (VM) efforts, this report is for you.

(more available)
Added: January 20, 2022
image from Prioritization to Prediction Volume 7: Establishing Defender Advantage

Prioritization to Prediction Volume 7: Establishing Defender Advantage

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. Poring over Kenna Security’s own threat and vulnerability intelligence, anonymized platform data, and Fortinet exploitation data, we analyzed over 6 billion vulnerabilities affecting 13 million active assets across nearly 500 organizations.

(more available)
Added: May 13, 2021
image from Prioritization to Prediction: Volume 6 - The Attacker-Defender Divide

Prioritization to Prediction: Volume 6 - The Attacker-Defender Divide

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. This volume provides a quantitative analysis of the timeline of key dates in the lifecycle of an exploited vulnerability, exploring the effects of releasing exploit code relative to the date of CVE publication and patch availability, discussing the ramifications to attackers and defenders.

(more available)
Added: November 18, 2020
image from Vulnerability Remediation Performance Snapshot for the Manufacturing Sector

Vulnerability Remediation Performance Snapshot for the Manufacturing Sector

An extension of the Prioritization to Prediction series, this report uses a sample of over 40 manufacturing sector firms to better understand the means and metrics of vulnerability management with the sector.

(more available)
Added: September 23, 2020
image from Vulnerability Remediation Performance Snapshot for the Healthcare Sector

Vulnerability Remediation Performance Snapshot for the Healthcare Sector

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 30 healthcare sector firms to better understand the means and metrics of vulnerability management with the sector.

(more available)
Added: September 23, 2020
image from Vulnerability Remediation Performance Snapshot for the Finance Sector

Vulnerability Remediation Performance Snapshot for the Finance Sector

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 100 finance sector firms to better understand the means and metrics of vulnerability management with the sector.

(more available)
Added: September 23, 2020
image from Vulnerability Remediation Performance Snapshot for the Technology Sector

Vulnerability Remediation Performance Snapshot for the Technology Sector

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 70 technology services to better understand the means and metrics of vulnerability management with the sector.

(more available)
Added: September 23, 2020
image from Prioritization to Prediction: Volume 5

Prioritization to Prediction: Volume 5

P2P Volume 5 focuses on the differences between asset types (OS) and how vulnerabilities are treated on different platforms.

Added: April 21, 2020
image from Prioritization To Prediction Volume 4: Measuring What Matters in Remediation

Prioritization To Prediction Volume 4: Measuring What Matters in Remediation

This research was commissioned by Kenna Security. Kenna collected and provided the remediation dataset to the Cyentia Institute for independent analysis and drafting of this report.

(more available)
Added: September 18, 2019
image from Prioritization To Prediction: Volume 3: Winning the Remediation Race

Prioritization To Prediction: Volume 3: Winning the Remediation Race

From the report, “The Prioritization to Prediction series is an ongoing research initiative between Kenna Security and the Cyentia Institute. The first volume proposed a model for predicting which of the numerous hardware and software vulnerabilities published each month were most likely to be exploited, and thus deserving of priority remediation. The second volume sought to apply and test that theoretical model using empirical data collected on billions of observed vulnerabilities. We ended the last report by analyzing vulnerability remediation timeframes across a sample of 12 firms. This third volume picks up where we left off and expands the analysis to roughly 300 organizations of different types and sizes. We leverage a technique called survival analysis to draw out important lessons about remediation velocity and capacity, concepts we explore and define during the course of this report. Overall, our goal is to understand what it means to survive—nay thrive—in the race of vulnerability remediation.” Read on to find out more.

(more available)
Added: March 16, 2019
image from Prioritization to Prediction: Volume 2: Getting Real About Remediation

Prioritization to Prediction: Volume 2: Getting Real About Remediation

From the report, ““Realized coverage & efficiency vary greatly among firms—over 50% between top and bottom performers—indicating different remediation strategies lead to very different outcomes.” Where is your strategy leading?” Read on to find out more.

(more available)
Added: March 16, 2019
image from 2018 Application Security Report

2018 Application Security Report

From the report, “Business applications are critical business resources for companies of all sizes — and they’re increasingly under attack. To gain deeper insights into the state of application security, Cybersecurity Insiders conducted an in-depth study in partnership with the 400,000 member Information Security Community on LinkedIn. This report is the result of a comprehensive survey of 437 cybersecurity professionals designed to reveal the latest application security trends, how organizations are protecting applications, and what tools and best practices IT cybersecurity teams are prioritizing to find, fix and prevent vulnerabilities in next-gen applications.”

(more available)
Added: February 18, 2019
image from Prioritization To Prediction

Prioritization To Prediction

This paper begins with a review of data sources available for building or improving decision models for vulnerability remediation. It then discusses the vulnerability lifecycle and examine timelines and triggers surrounding key milestones. Identifying attributes of vulnerabilities that correlate with exploitation comes next on the docket. The last section measures the outcomes of several remediation strategies and develops a model that optimizes overall effectiveness.

(more available)
Added: October 24, 2018
image from Reporting on Risk to the Board

Reporting on Risk to the Board

This is a good report to read if you are interested in learning how to properly, and succesfully, report risks and vulnerabilities to boardmembers and executives.

(more available)
Added: October 23, 2018
© Cyentia Institute 2025
Library updated: July 9, 2025 00:09 UTC (build b1d7be4)