Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Cisco to Acquire Vulnerability Management Firm Kenna Security

Networking giant Cisco said Friday that it has agreed to acquire Kenna Security, a privately held cybersecurity company focused on vulnerability management technology.

Networking giant Cisco said Friday that it has agreed to acquire Kenna Security, a privately held cybersecurity company focused on vulnerability management technology.

Santa Clara, Calif.-based Kenna provides a risk-based vulnerability management platform that helps organizations identify and determine which vulnerabilities pose the highest risk so that security teams don’t waste valuable time on weaknesses that are unlikely to be exploited.

Kenna Security Acquired by CiscoCisco told SecurityWeek that the terms of the acquisition were not being disclosed.

Kenna has raised more than $98 million in funding.The company was oringinally founded as Risk I/O and rebranded as Kenna Security in August 2015.

Cisco said Kenna’s technology, which integrates with all major industry vulnerability assessment platforms, will be integrated into Cisco’s SecureX platform to help customers respond quickly and automate the decision making process with tailored information.

“Hybrid work is here to stay, and the increasing complexity of cybersecurity is our customers’ biggest challenge. We must radically simplify security to stay ahead of the evolving threat landscape,” said Jeetu Patel, senior vice president and general manager, Cisco Security and Collaboration. “Our goal is to unify all critical control points into a single platform. With the addition of Kenna Security, we will fundamentally strengthen our platform experience by giving customers the ability to prioritize vulnerabilities based on a robust risk methodology that is tuned to their unique needs.”

Kenna investors include Sorenson Capital, Citi Ventures, Bessemer Venture Partners, U.S. Venture Partners, Costanoa Ventures, Hyde Park Angels and OurCrowd.

The acquisition is expected to close in Cisco’s fourth quarter of fiscal 2021.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.