How does Kenna reconcile scoring that's applied by disparate vulnerability assessment tools?

Kenna has adopted the CVSS standard to normalize the scoring of all vulnerability data that's imported. In addition to the two CVSS categories of Base (1-10) and Temporal (1-10), Kenna also includes a third scoring criteria called “Priority”—analogous to the CVSS "Environmental" category—that’s used to rank the value of an organization's internal assets and is also a component of the overall score. The Kenna priority score also uses a scale of 1-10 to be consistent with the CVSS ranking system.  By combining all three of the Kenna scoring categories—Severity (Base), Threat (Temporal), and Priority (Environmental)—users are presented with a granular and precise scoring system based upon industry standards under which you can more effectively prioritize remediation.

Powered by Zendesk