Remediation Performance Score

 

The Kenna Remediation Score, which is available in the Kenna.VM homepage, reflects a composite score of these four measurements. 

 

blobid0.png

 

When you click on the score, you can view sub-scores reflecting the four metrics:coverage, efficiency, velocity, and capacity. 

blobid1.png

 

Coverage 

Coverage measures the completeness of your remediation. It asks the question, “Of all vulnerabilities that should be remediated (the ones that are truly high risk), what percentage was correctly identified for remediation?” It assesses if you’re fixing the vulnerabilities that really matter. 

Coverage is calculated: 

[Number of closed vulnerabilities with an active internet breach or easily exploitable vulnerability definition] / [Total of all vulnerabilities with an active internet breach or easily exploitable vulnerability definition] * 100

 

Efficiency

Efficiency measures the percentage of remediations that address high-risk vulnerabilities.  This metric helps us gauge if we’re spending our resources on the right things. 

Efficiency is calculated: 

[Number of remediations that have at least one Active Internet Breach or Easily Exploitable categorization] / [Total of all remediations] * 100

 

Velocity

Velocity measures the speed and progress of remediation. Velocity asks, “How quickly are issues addressed and how long do they persist within and/or across assets?​” 

Velocity is calculated: 

Minimum(365, Number of days between vulnerability close date and vulnerability creation date) else Minimum(365, Number of days between current date and vulnerability creation date)

 

Capacity

Capacity measures the average proportion of open vulnerabilities closed in a given time period.  

Capacity is calculated: 

[Number of vulnerabilities open on all assets at beginning of month] / [Number of vulnerabilities closed on all assets in the past 30 days of that month] (calculated for each month) / number of months on all asset’s life (capped at 12 months)

 

For guidance on how to better your remediation score and sub-scores, please speak with your customer success or sales representative. 

You can also learn more by reading the following research reports from Kenna and the Cyentia Institute:

Prioritization to Prediction—Volume 2: Getting Real About Remediation

Prioritization to Prediction—Volume 3: Winning the Remediation Race

Prioritization to Prediction—Volume 4: Measuring What Matters

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.