Kenna Security

Kenna Security, founded in 2010 by Ed Bellis and Jeff Heuer, established itself as a significant player in risk-based vulnerability management before its acquisition by Cisco in mid-2021. The company, now integrated into Cisco as Cisco Vulnerability Management, was born from the founders' extensive experience in the cybersecurity field. Ed Bellis, often called “the father of risk-based vulnerability management,” previously served as CISO at Orbitz and Vice President of Corporate Information Security at Bank of America, bringing a deep understanding of enterprise security challenges. The company's trajectory includes raising over $103 million in funding across nine rounds, with its final independent funding round occurring in November 2020.

The firm's core business revolves around a SaaS platform designed to help organizations prioritize and manage cybersecurity threats. It caters to enterprise clients, with notable customers including companies like CVS and KPMG, as well as many Fortune 100 firms. The business model is subscription-based, providing recurring revenue and aligning with the service-oriented structure of its partners, such as MSPs and MSSPs. By leveraging machine learning, data science, and predictive analytics, Kenna's platform ingests and analyzes vast amounts of data from vulnerability scanners, threat intelligence feeds, and other security tools. This allows it to move beyond static scoring systems like CVSS. Instead, it provides a dynamic risk score for each vulnerability, enabling security and IT teams to focus their resources on the threats that pose the most immediate and significant danger to their specific environment.

The platform's main offering is its risk-based vulnerability management solution, which provides a centralized view of an organization's assets and their associated vulnerabilities. Key features include the aggregation of security data, real-time risk scoring, and prioritized remediation recommendations. It processes information from over 15 threat intelligence feeds and billions of managed vulnerabilities to predict real-world exploit activity with high accuracy. This predictive capability allows organizations to address high-risk vulnerabilities before they can be actively exploited. The platform is vendor-neutral, integrating with a wide range of existing security tools to transform security data into actionable intelligence. Following its acquisition, this technology has been integrated into the Cisco SecureX platform, enhancing its capabilities by helping customers to more effectively identify threats, improve collaboration between security and IT departments, and ultimately reduce their attack surface. Keywords: vulnerability management, risk-based prioritization, cybersecurity, threat intelligence, SaaS, predictive analytics, Cisco, exploit prediction, IT security, asset management