Avatar

It is commonly said that there are only two types of companies – those that know they’ve been compromised and those that don’t. Cyber risk is no longer confined to the four walls of an organization. This is making protection much harder. Employees are working remotely from company-issued and personally owned devices. They are using applications that reside in the cloud as well as in the corporate data center. These technological advances have made businesses more productive, more efficient, and more cost-effective, but they have also made them more vulnerable.

For years, the approach to cybersecurity has been to add a new point product to address each type of new threat that arises. And as the attack surface has expanded so has the number of solutions on the market. The result has been a patchwork quilt of products that do not work together, and some companies have as many as 50 or more vendors in their environment. Yet, even as companies add more security tools, the breaches continue. This model is unsustainable.

We have been on a journey to radically simplify security with Cisco SecureX, a cloud-native platform that connects our integrated security portfolio and customers’ security infrastructure to provide simplicity, visibility and efficiency. The platform delivers a unified view of customers’ environments, so they no longer must jump between multiple dashboards, manage conflicting alerts or policies. It also gives customers the ability to automate workflows across security products from Cisco and third parties to handle phishing, threat and supply chain attack investigations like SolarWinds. Today, 7000 customers are reaping the benefits of our platform since it became generally available at the end of June 2020.

But we know there is still more work to be done to fully realize our strategy of delivering radically simple security. When it comes to reducing vulnerabilities in an organization’s environment, it is still a daunting task. There are too many alerts, and the lack of resources and prioritization makes it unmanageable for security and IT teams. We believe a new approach that prioritizes vulnerabilities based on threat intelligence and business impact in real time is needed.

That is why we are pleased to announce our intent to acquire Kenna Security, Inc., a recognized leader in risk-based vulnerability prioritization with over 14 million assets protected and over 12.7 billion managed vulnerabilities. Using data science and real-world threat intelligence, it has a proven ability to bring data in from a multi-vendor environment and provide a comprehensive view of IT vulnerability risk.

With Kenna Security as part of SecureX, we will bridge our leading threat management capabilities with its risk-based vulnerability management to dramatically enhance our platform approach for customers. Additionally, the combination of Kenna Security and SecureX will allow customers to address critical challenges by generating prioritized lists of vulnerabilities; streamlining collaboration between security and IT teams; and automating remediation to improve their overall security posture.

We believe that the addition of Kenna Security’s technology will be a huge leap forward for customers, and we look forward to having the talented Kenna Security team join Cisco. The acquisition is expected to close in Cisco’s fourth quarter of fiscal year 2021.