With a tidal wave of vulnerabilities on the market and brand-new vulnerabilities popping out day by day, safety groups have lots to deal with. Addressing each single vulnerability is almost not possible and prioritizing them isn’t any simple process both because it’s troublesome to successfully give attention to the small variety of vulnerabilities that matter most to your group. Furthermore, the shift to hybrid work makes it tougher to evaluate and prioritize your vulnerabilities throughout your endpoints with conventional vulnerability scanners.
Kenna Safety maps out the vulnerabilities in your surroundings and prioritizes the order during which you must handle them primarily based on a threat rating. We’re excited to announce that after Cisco acquired Kenna Safety final 12 months, now we have lately launched an integration between Kenna and Cisco Safe Endpoint so as to add useful vulnerability context into the endpoint.
With this preliminary integration, Safe Endpoint prospects can now carry out risk-based endpoint safety. It permits prospects to prioritize endpoint safety and enhances risk investigation to speed up incident response with three primary use circumstances:
- Scannerless vulnerability visibility: In a hybrid work surroundings, it’s more and more troublesome for conventional vulnerability scanners to account for all gadgets getting used. As an alternative of counting on IP handle scanning to establish vulnerabilities in an surroundings, now you can use the present Safe Endpoint agent to get an entire image of the vulnerabilities you want to triage.
- Threat-based vulnerability context: Throughout incident response, prospects now have an extra information level within the type of a Kenna threat rating. For instance, if a compromised endpoint has a threat rating of 95+, there’s a excessive probability that the assault vector pertains to a vulnerability that Kenna has recognized. This may dramatically pace up incident response by serving to the responder give attention to the precise information.
- Correct, actionable threat scores: Organizations usually battle to prioritize the precise vulnerabilities since most threat scores similar to Widespread Vulnerability Scoring System (CVSS) are static and lack vital context. In distinction, the Kenna Threat Rating is dynamic with wealthy context because it makes use of superior information science strategies similar to predictive modeling and machine studying to contemplate real-world threats. This allows you to perceive the precise degree of threat in your surroundings and permits you successfully prioritize and remediate an important vulnerabilities first.
How does the Kenna integration work?
The Kenna integration brings Kenna Threat Scores immediately into your Safe Endpoint console. For instance of this integration, the pc within the screenshot under (Determine 1) has been assigned a Kenna Threat Rating of 100.
Threat scores could be anyplace from 0 (lowest threat) to 100 (highest threat). The rating is inferred primarily based on the reported OS model, construct, and revision replace data, mixed with risk intelligence on vulnerabilities from Kenna.
Clicking on the precise numeric rating itself brings you to a web page with an in depth itemizing of all vulnerabilities current on the endpoint (see Determine 2 under).
Every vulnerability has a threat rating, an identifier, and an outline that features icons with further particulars primarily based on vulnerability intelligence from Kenna:
Lively Web Breach: This vulnerability is being exploited throughout lively breaches on the Web
Simply Exploitable: This vulnerability is straightforward to use with proof-of-concept code being probably accessible
Malware Exploitable: There’s identified malware exploiting this vulnerability
All of this data is extraordinarily useful context throughout an incident investigation. Exploiting vulnerabilities is likely one of the most typical methods malicious actors perform assaults, so by shortly understanding which vulnerabilities are current within the surroundings, incident responders have a a lot simpler time honing in on how an attacker bought into their group.
Moreover, for vulnerabilities that presently have fixes accessible, clicking on the inexperienced “Repair Out there” button on every vulnerability shows a field with hyperlinks to the relevant patches, data base articles, and different related data (see Determine 3 under). This provides analysts the knowledge they should effectively act on an endpoint.
Who can entry the Kenna integration?
Vulnerability data and Threat Scores from Kenna Safety are actually accessible within the Cisco Safe Endpoint console for:
- Home windows 10 computer systems operating Safe Endpoint Home windows Connector model 7.5.3 and newer
- Clients with a Safe Endpoint Benefit or Premier tier license, together with Safe Endpoint Professional
Most vulnerabilities in our buyer base happen on Home windows 10 workstations, so we determined to launch first with Home windows 10 to ship this integration quicker. We plan on including assist for different Home windows variations and working methods similar to Home windows 11, Home windows Server 2016, 2019, and 2022 within the close to future.
We hope that you simply discover this integration helpful! That is the primary of many steps that we’re taking to include vulnerability data from Kenna Safety into Safe Endpoint, and we’re excited to see what different use circumstances we are able to allow for our prospects.
The Cisco Safe Alternative Enterprise Settlement is a good way to undertake and expertise the whole Safe Endpoint and Kenna know-how stack. It supplies immediate price financial savings, the liberty to develop, and also you solely pay for what you want.
We’d love to listen to what you assume. Ask a Query, Remark Beneath, and Keep Linked with Cisco Safe on social!
Cisco Safe Social Channels