Cisco Systems has agreed to purchase Kenna Security to help customers more effectively prioritise vulnerabilities based on threat intelligence and business impact.
The San Jose, Calif.-based networking giant said its proposed acquisition of Santa Clara, Calif.-based Kenna will make it easier for organizations to work cross-functionally to rapidly identify, prioritize and remediate cyber risk. This is the first significant acquisition for Cisco’s robust security business since the company bought multi-factor authentication vendor Duo Security for US$2.35 billion in October 2018.
“With the addition of Kenna Security, we will fundamentally strengthen our platform experience by giving customers the ability to prioritize vulnerabilities based on a robust risk methodology that is tuned to their unique needs,” Jeetu Patel, senior vice president and general manager of Cisco Security and Collaboration, said in a statement.
Terms of the deal weren’t disclosed, and the acquisition is expected to close by late July. Cisco’s stock is up US$0.25 (0.48 percent) to US$52.74 per share in pre-market trading Friday.
Kenna Security was founded in 2010, employs 186 people, and has raised US$98.3 million in six rounds of outside funding, according to LinkedIn and Crunchbase. The company most recently closed a US$48 million Series D round in September 2019 that was led by Citi Ventures and Sorenson Capital.
“As malicious actors continue to evolve their methods, we need to make it easier than ever for customers to predict, detect, prioritize and respond to the security threats that matter,” Kenna CEO Karim Toubba said in a statement. “The breadth and scale of Cisco coupled with Kenna Security’s mastery of machine learning and data science will reshape how the entire industry addresses cyber risk.”
Kenna uses machine learning and data science to track and predict real-world exploitations, empowering security teams to manage the ever-evolving threat landscape, according to Cisco. The company currently protects more than 14 million assets and handles more than 12.7 billion managed vulnerabilities, Cisco said.
Cisco intends to use Kenna’s technology to combine threat and risk-based vulnerability management and enable comprehensive scorecards for security controls and threat response performance. This integration will help customers prioritize vulnerabilities, speed up and automate decision making with tailored information, and accelerate response time for cyber readiness, according to Cisco.
“The combination of Kenna Security and SecureX will allow customers to address critical challenges by generating prioritized lists of vulnerabilities, streamlining collaboration between security and IT teams, and automating remediations to improve their overall security posture,” Gee Rittenhouse, senior vice president and general manager of Cisco Security, wrote in a blog post.
Over the past seven years, Toubba said he’s been focused on creating a better way to do vulnerability management that leverages the massive amounts of available intelligence to help security and IT teams made quick decisions based off the massive volumes of data they already had. Kenna was looking to do this at scale while remaining data source agnostic and providing a full-stack view of risk, Toubba said.
Kenna’s creation of the risk-based vulnerability management (RBVM) category has made it possible for everyone in a customer’s organization to work together and reduce cyber risk, Toubba said. Once the acquisition by Cisco is complete, Toubba said Kenna will be one step closer to delivering its RBVM platform to the more than 7,000 customers using Cisco’s SecureX today.
“Over the past decade, we have not only defined and created the RBVM category but also established Kenna as a clear leader, which is a very rare accomplishment,” Toubba wrote in a blog post. “And the best part is that our customers are demonstrably more secure as a result.”