On the Radar: Kenna Security protects enterprises against data breaches

Transcription

1 On the Radar: Kenna Security protects enterprises against data breaches Kenna offers continuous analysis of vulnerabilities and prioritizes remediation activities Publication Date: 27 Mar 2018 Product code: INT Andrew Kellett

2 Summary Catalyst The Kenna Security Platform is software-as-a-service- (SaaS-) based security intelligence technology that helps organizations deal with the constantly changing threat landscape and address cyberthreats as they occur. It provides continuous vulnerability analysis facilities for IT, DevOps, and SecOps support teams, and prioritizes remediation requirements by risk and severity. Key messages The Kenna Security Platform is an enterprise-wide security solution that provides security teams with a combination of centralized management, threat analysis, and remediation workflows. Kenna uses predictive modeling, machine learning (ML), and expert analysis of real-time threat and exploit data to assess risks and vulnerabilities. Data- and knowledge-based threat prioritization facilities are used to analyze and leverage security intelligence garnered from a wide range of threat feeds and data sources. The Kenna Security Platform is used by IT, DevOps, and SecOps teams to address threat identification, reporting, and remediation requirements. Ovum view All sizes and types of organization are at risk from cyber-attacks. Traditional stop-and-block security approaches still have a role to play, but increasingly, to maintain effective defenses, there is a need to deploy proactive analytical tools that can analyze, identify, and react to vulnerabilities in real time. This is the role that Kenna plays with the Kenna Security Platform. Recommendations for enterprises Why put the Kenna Security Platform on your radar? Kenna provides enterprise organizations with predictive modeling, ML, and expert analysis of realtime threat data to score and assess their security and risk profile. It offers the SaaS-based tools, services, and information sources they need to protect business systems against cybersecurity threats and data breaches. The Kenna Security Platform provides the continuous vulnerability analysis that security teams need to deal with the threats they face and prioritize response and remediation activities. Highlights The Kenna Security Platform is a SaaS-based product set that helps organizations deal with cybersecurity threats as they occur. It is used by client organizations to analyze their risk profile and help them understand how safely individual parts of their systems and networks are performing. When Ovum. All rights reserved. Unauthorized reproduction prohibited. Page 2

3 potential threats and breaches are found, the platform automatically highlights remediation requirements and generates workflow information that explains the actions needed. The core components of the platform collectively make use of Kenna's Cyber Risk Context Technology (CRCT) to assess risks and highlight vulnerabilities. The CRTC service consists of a collection of real-time critical data warehousing, expert analysis, ML, and predictive modeling facilities. These have been designed to operate at scale and with the capacity to process and analyze high volumes of threat and exploit data whenever the requirement occurs. The Kenna Security Platform continuously collects and analyses threat data found "in the wild" from noncommercial threat and exploit intelligence sources. Examples of these include ReversingLabs, Exodus, Proofpoint, and similar sources, as well as hacker forums, exploit-kit directories, and realtime exploitations as they occur across the global attack surface. ML techniques are applied to these readily available threat resources so that Kenna and its clients can gain a more complete understanding of when and where attacks are likely to take place. The key threat protection areas covered by the Kenna Security Platform include the ability to understand the risk profile of client organizations and align their operations to deal with the threats they face. To achieve these objectives, the platform has been designed for use by IT, DevOps, and SecOps teams from across the business. It enables security teams to work with and leverage a broad variety of sources of threat and exploit information and collaborate on reducing enterprise risk. Its threat and exploit reporting services provide risk-centric information sources that meet the day-to-day needs of enterprise security teams and C-level managers with responsibility for cybersecurity. Kenna focuses on real and constantly evolving risks, its threat and exploit analysis facilities extending beyond the boundaries of each client organization's internal threat-gathering capabilities. The company gathers real-time threat and exploit intelligence and global attack data, and uses data science and predictive modeling to simulate real threat environments. It makes use of 15 core risk intelligence feeds and a knowledge base of more than 2 billion vulnerabilities to create and maintain its cyber-risk coverage. This approach is used to identify and prioritize vulnerabilities and predict the emergence of future threats. Kenna measures and understands risk. Organizations struggle to respond to risks they cannot immediately identify, and Kenna addresses this issue by supplying security teams with more clarity and detailed information on the threats they face. The company provides clear risk metrics that can be used to identify risks, guide remediation activities, measure progress, and quantify an organization's ongoing risk posture and planning requirements. Kenna also provides proactive and scalable cyberthreat protection. It offers security managers a mechanism to actively manage and mitigate risk, its approach focusing on the complete threat picture to provide a vulnerability framework that ranks threats, prioritizes responses, and reduces cyber-risk levels. Its cloud platform and SaaS architecture scales to support large enterprise operations and can be deployed across hybrid multitenanted environments. It also comes with built-in support for a wide range of third-party security products and vendor solutions. Background Kenna Security was founded in 2010 by Ed Bellis and Jeff Heuer. The company is headquartered in San Francisco, California, and it has raised a total of $50m in funding, with its latest Series C round Ovum. All rights reserved. Unauthorized reproduction prohibited. Page 3

4 delivering $25m in March Lead investors in the company include Bessemer Venture Partners, PeakSpan Capital, US Venture Partners, and Costanoa Ventures. The senior management team comprises CTO and co-founder Ed Bellis, who was VP and chief information security officer (CISO) at Orbitz prior to founding Kenna. Co-founder Jeff Heuer is chief of design and an entrepreneurial technologist with over 10 years' experience helping businesses create value from using the internet and related technologies. Karim Toubba is the company s CEO. Prior to joining Kenna in 2014, Toubba was VP of security product management and VP of security marketing at Juniper, and VP of marketing and business development at RedSeal. Current position Kenna looks to promote a business protection world where enterprises work together to effectively manage current and future cybersecurity risks across the global attack surface. It targets the most critical threats that organizations face and provides the threat data that they need to prioritize and remediate those threats. Recognizing that successful prioritization and remediation relies on organizational alignment and execution, Kenna has designed the Kenna Security Platform to help security teams work together toward the same protection goals in a managed and integrated environment. Kenna sells its SaaS-based security services direct to market and via the channel through a growing list of resellers and managed security service providers (MSSPs). Its cloud-based service is offered using an annual subscription model. Among the 300+ organizations that have already deployed the Kenna Security Platform are fortune 500 banks, technology vendors, and government agencies. Most (95%) of its customers are in North America, and the remainder are in Europe, the Middle East and Africa (EMEA). EMEA is now seen as a key growth market for 2018, and Kenna has an EMEA marketing team in place to pursue new sales opportunities in the region. Ovum. All rights reserved. Unauthorized reproduction prohibited. Page 4

5 Data sheet Key facts Table 1: Data sheet: Kenna Security Product name Kenna Security Platform Product classification Predictive cyber-risk Version number n/a Release date Continuous updates Industries covered Kenna's customers are in consumer products, financial services, healthcare, insurance, government, retail, and telecoms Geographies covered North America and EMEA Relevant company sizes Midsize to large enterprises Licensing options Perpetual term, priced by asset managed URL y.com Routes to market Direct sales and via channel partners Company headquarters San Francisco, CA, US Number of employees 90 Source: Ovum Appendix On the Radar On the Radar is a series of research notes about vendors bringing innovative ideas, products, or business models to their markets. Although On the Radar vendors may not be ready for prime time, they bear watching for their potential impact on markets and could be suitable for certain enterprise and public sector IT organizations. Further reading On the Radar: RiskIQ provides external digital threat defense, INT (November 2017) On the Radar: XM Cyber simulates breaches and attacks, with prioritized remediation, INT (February 2018) Author Andrew Kellett, Principal Analyst, Infrastructure Solutions andrew.kellett@ovum.com Ovum. All rights reserved. Unauthorized reproduction prohibited. Page 5

6 Ovum Consulting We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovum s consulting team may be able to help you. For more information about Ovum s consulting capabilities, please contact us directly at consulting@ovum.com. Copyright notice and disclaimer The contents of this product are protected by international copyright laws, database rights and other intellectual property rights. The owner of these rights is Informa Telecoms and Media Limited, our affiliates or other third party licensors. All product and company names and logos contained within or appearing on this product are the trademarks, service marks or trading names of their respective owners, including Informa Telecoms and Media Limited. This product may not be copied, reproduced, distributed or transmitted in any form or by any means without the prior permission of Informa Telecoms and Media Limited. Whilst reasonable efforts have been made to ensure that the information and content of this product was correct as at the date of first publication, neither Informa Telecoms and Media Limited nor any person engaged or employed by Informa Telecoms and Media Limited accepts any liability for any errors, omissions or other inaccuracies. Readers should independently verify any facts and figures as no liability can be accepted in this regard readers assume full responsibility and risk accordingly for their use of such information and content. Any views and/or opinions expressed in this product by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Informa Telecoms and Media Limited. Ovum. All rights reserved. Unauthorized reproduction prohibited. Page 6

7 CONTACT US ovum.informa.com INTERNATIONAL OFFICES Beijing Dubai Hong Kong Hyderabad Johannesburg London Melbourne New York San Francisco Sao Paulo Tokyo