UPDATED 17:00 EDT / FEBRUARY 19 2020

SECURITY

Kenna Security uses machine learning and collaboration to target enterprise threats

While much of the cybersecurity world has focused on defending against threats and responding rapidly when intrusions occur, the rise of artificial intelligence and machine learning has opened a window into a new approach. What if cyber risk could be predicted and vulnerabilities prioritized and addressed across an organization before threats become real problems?

This is the approach taken by Kenna Security Inc., a predictive cyber risk company that specializes in using machine learning to prioritize data sources throughout the enterprise. Kenna Security’s solution is gaining traction among large businesses because of a trend identified in “Prioritization to Prediction,” the firm’s latest report, which used survey data and standardized metrics to analyze how hundreds of companies have addressed 300 billion vulnerabilities.

“The average large-scale enterprise has no more than 10% remediation capacity,” said Karim Toubba (pictured, left), chief executive officer of Kenna Security. “That tells you that 90% of the problems are going to go unsolved.”

Toubba spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, in Palo Alto, California. He was joined by Caroline Japic (pictured, right), chief marketing officer of Kenna Security, and they discussed the need for collaboration between security and information technology teams, working from a single source of truth, and interest in the company’s solution among firms in the financial community.

Reducing the tension

Using risk-based vulnerability management, Kenna’s technology is designed to address tension between information-technology DevOps organizations and security groups.

“We’ve gotten to the point where IT DevOps can’t possibly fix everything that security is asking them to fix, and that’s created a lot of tension,” Toubba said. “People have started to realize that the tension has to give way to collaboration. Security finds all of the problems, but if you peel back the layers, you quickly realize they own very little of the remediation.”

Kenna’s solution is to gather organizational data and compile an understanding of the total attack surface. Intelligence on what attackers are doing in the wild is added, using machine learning to prioritize a risk score for each of the vulnerability findings.

“It’s a single version of the truth that they all can work from,” Japic explained. “It’s the data that’s telling them what their priorities are by role.”

Interest among financial firms

Kenna has found an interested audience for its solution among financial firms. TransUnion LLC, Fannie Mae and Dow Jones Inc. are customers, and banking giant HSBC Holdings PLC recently became an investor after deploying Kenna’s services throughout its organization.

One unnamed large banking customer has come to appreciate Kenna’s risk-based approach, according to Toubba.

“They wanted to understand what the risk was for each of the lines of business they had within the organization so they can hold the business users accountable to paying a small tax for security,” Toubba said. “When you start with security and then branch out in other organizations, especially in large multinational organizations, that’s where the real value comes into the platform.”

Kenna recently completed a $48 million Series D funding round, which included Sorenson Capital and Citi Ventures as new investors. In August, the company announced a collaboration to integrate its vulnerability risk intelligence with VMware Inc.’s AppDefense data center security product.

Measuring cyber risk and fostering collaboration between security and IT DevOps teams within organizations are the challenges that Kenna is seeking to address while rising above the growing number of companies touting advanced security solutions.

“There’s so many companies that have this problem that don’t know there’s a better way to solve it,” Japic said. “There’s so much noise out there, but we are very clear and precise on the value we bring to our customers.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations.

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU