Kenna Security, a leader in predictive cyber risk, announced availability of the Kenna Application Risk Module, a new service that applies data science at scale to enable security and development teams to continuously, effectively, and proactively manage risk across their entire application portfolio. The Kenna Application Risk Module leverages the underlying Kenna Security Platform to process and normalize all application security data, including static and dynamic scanners, penetration test results, bug bounty data, and open source scanners to give enterprises a true measurement of cyber risk.
The Kenna Application Risk Module enables organizations to:
- Proactively reduce cyber risk by providing clear metrics, real-world context, and prescriptive remediation guidance for enterprise applications.
- Align security teams, DevOps, and developers to efficiently fix the most critical application vulnerabilities without slowing the pace of development.
- Continuously analyze and understand the risk profile of an enterprises' entire technology infrastructure and application portfolio at scale.
Enterprises Need to Close the Application Cybersecurity Gap
Applications are one of the broadest attack surfaces for many enterprises, serving as a direct, and highly targeted, vector for bad actors to steal valuable data. For this reason, traditional and web applications are the source of nearly 30 percent of successful attacks globally.
Today organizations spend vast sums of money and resources using application scanning tools to detect vulnerabilities, penetration testing, and even third-party bug bounties in an effort to understand the weaknesses in their applications. This leads to an extraordinary amount of application vulnerability data that must be analyzed by technology teams, making it difficult for security leaders to understand their overall risk, prioritize remediation efforts, and effectively communicate application risks to executives.
According to Gartner, "Often, application security risks are not well-understood by executives and are poorly communicated by security teams. Clients continue to struggle with integrating technologies into existing workflows, prioritizing vulnerabilities for remediation and creating repeatable processes to facilitate an efficient application security program."
Helping Enterprises Team Up to Reduce Application Risk
Leveraging the Kenna Security Platform's proven strategy of applying machine learning and data science to deliver effective security, the Kenna Application Risk Module enables enterprises to proactively reduce the application attack surface by prioritizing application vulnerabilities that pose the greatest threat. This technology:
- Continuously distills application security data, including SAST, DAST, open source, and bug bounty solutions, as well as exploit intelligence, and enterprise context to calculate risk metrics for an enterprise's entire application portfolio in addition to specific risk scores by vulnerability and application.
- Eliminates wasting costly development resources on low risk threats and false positives, which derails teams from their core responsibility and creates unnecessary workload.
- Forecasts future risk associated with newly disclosed vulnerabilities and applications using real-time activity across the global threat landscape.
Delivering portfolio-wide application threat analysis at scale, the Kenna Application Risk Module enables enterprises to rally security teams, DevOps, developers, and business leadership around a risk-based strategy for application vulnerability remediation. Leveraging shared risk scores helps the various teams maintain alignment and focus so enterprises can build a consistent, efficient, and effective application security program. The Kenna Security Platform:
- Automatically directs findings and remediation guidance to cross-functional teams to help them work toward a common set of goals.
- Easily integrates with continuous application delivery processes, including DevOps.
- Focuses limited development and IT resources to reduce the most risk with the greatest efficiency.
- Communicates risk scores to all application stakeholders to keep them aligned, focused, and results-oriented.