Announcing its third startup acquisition in a week, Cisco Systems Inc. today revealed plans to buy Kenna Security Inc., whose software helps enterprises fix security vulnerabilities in their systems.
Kenna previously raised $98.3 million from investors including Citi Ventures. The startup counts the Bank of Hawaii Corp. and Deloitte Ltd among its customers.
By buying Kenna, Cisco will obtain the startup’s Kenna.VM software, which reduces companies’ attack surface by helping their cybersecurity teams prioritize their work more efficiently. In an enterprise with thousands of systems, there can be dozens of security issues at any given time, from minor configuration problems with a low risk of facilitating a breach to urgent exploits. Kenna’s software points out the most severe vulnerabilities so administrators can prioritize accordingly and fix them first.
The reason software is needed for the task is that prioritizing security weak points manually can often be impractical. In a big company, the sheer number of issues active at any time means that there’s a risk some severe exploits could go unnoticed.
There’s also the matter of what factors to consider when prioritizing threats. A minor issue affecting many systems isn’t necessarily as urgent as a more serious vulnerability affecting a single mission-critical application, which only adds to the complexity of prioritizing vulnerabilities manually.
Kenna’s software uses machine learning to rank security issues. Its algorithms draw on a database of more than 12 billion vulnerabilities, as well as information that the startup aggregates on hacker activity from threat intelligence feeds. After weighing different factors, Kenna’s algorithms assign a severity score to each issue ranging from 0 to 1,000 so administrators can easily identify the vulnerabilities that should be tackled first.
Cisco plans to pair the software with its SecureX product. SecureX provides a web dashboard that allows administrators to find potential breaches in their companies’ infrastructure. Using Kenna’s technology, SecureX will also be capable of surfacing vulnerabilities that haven’t yet been used by hackers but could lead to a breach in the future.
Cisco’s approach with SecureX of combining multiple security features in one product is a strategy that other market players are taking as well. CrowdStrike Holdings Inc.’s Falcon platform combines features for malware detection, breach investigation and tracking hacking campaigns. Other providers have taken the concept in other directions. Ayla Networks Inc., a recently funded startup, blends connected device security features with tools for handling day-to-day maintenance tasks such as updating device software.
Enabling administrators to perform multiple security tasks in one place reduces the need to switch between multiple interfaces, which boosts productivity.
Cisco’s product strategy with SecureX seems to be paying off. On occasion of today’s acquisition news, the company disclosed that SecureX has been deployed by 7,000 customers since its launch last July.
Cisco’s cybersecurity group is its fastest-growing major business unit. Last quarter, the company’s total revenues fell slightly, but the cybersecurity group grew sales 10% year-over-year, to $822 million. Cisco has made multiple acquisitions over the last few years to expand the unit’s product portfolio.
The purchase of Kenna is the third acquisition announced by the company this week. On Thursday, Cisco said it’s buying virtual conference software provider Socio Labs Inc. A day earlier, the company revealed plans to acquire Sedona Systems Ltd., which provides a platform for monitoring the health of network infrastructure.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.