Prioritization to Prediction: Getting Real About Remediation.

Getting Real About Remediation

In an ideal world, security teams would patch every vulnerability as soon as it was discovered. But that isn’t possible. There are more vulnerabilities than there are people, tools, and processes to fix them. Effective vulnerability management comes down to the ability to prioritize which threats present the most danger, and tackling those first.

Prioritization to Prediction: Getting Real About Remediation provides a rare window into the strategies of real companies tackling today’s cybersecurity challenges. The report compares the efforts of these companies, and begins to show how variations in vulnerability management strategies really do matter. A real, measurable improvement can be gained by making smarter remediation decisions, surpassing those of other commonly-used remediation strategies.


About one-third of all the published CVEs are ever seen in a live environment.

In fact, just 5% of published CVEs have known exploits developed against them and are observed in enterprise environments. Even that relatively small percentage of CVEs left a relatively large attack surface – over 544 million vulnerabilities with a known exploit were observed in this study. While this might seem like a large number, compared to the over three billion vulnerabilities observed in this study, this finding reinforces the need for organizations to prioritize remediation efforts.


Just one-third of vulnerabilities were remediated within 30 days of discovery, but that’s OK.

With Kenna’s predictive model, organizations can identify and focus on the riskiest vulnerabilities, improving operational efficiency and security. Despite the seemingly countless number of vulnerabilities in any organization’s environment, vulnerability management programs do matter and measurable improvements can be gained by making smarter remediation decisions.

Click here to visit Kenna Security and get a copy of this free report.

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase