Cisco Vulnerability Management (formerly Kenna.VM)
Risk-based vulnerability management software
Vulnerability management software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Cisco Vulnerability Management (formerly Kenna.VM) and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Information technology and software
- Professional services (engineering, legal, consulting, etc.)
- Real estate and property management
What is Cisco Vulnerability Management (formerly Kenna.VM)
Cisco Vulnerability Management (formerly Kenna.VM) is a risk-based vulnerability management platform that ingests vulnerability and asset data from scanners, endpoint tools, and cloud/security systems to prioritize remediation work. It is used by security operations, vulnerability management teams, and IT remediation owners to focus on vulnerabilities that present higher likelihood and impact. The product emphasizes normalization of findings across sources, risk scoring/prioritization, and workflow/reporting to drive remediation at scale. It is commonly deployed in environments that already use multiple security and asset data sources and need a unified prioritization layer.
Risk-based prioritization at scale
The platform is designed to rank vulnerabilities using contextual signals beyond raw severity, helping teams focus on a smaller set of issues that are more likely to be exploited or impactful. It supports large data volumes by aggregating findings from multiple tools into a single prioritization view. This approach aligns well with organizations that struggle with vulnerability backlogs and need defensible remediation prioritization.
Broad data source integration
Cisco Vulnerability Management is built to ingest and normalize vulnerability and asset data from common scanners and security/IT systems. This reduces the need to standardize on a single scanning vendor and supports heterogeneous enterprise environments. Normalization helps reduce duplicate findings and improves consistency in reporting and remediation tracking.
Remediation workflow and reporting
The product provides dashboards and reporting to communicate risk posture and remediation progress to different stakeholders. It supports operational workflows that translate prioritized findings into actionable remediation queues for IT owners. This helps vulnerability management teams measure outcomes (e.g., risk reduction over time) rather than only counting open CVEs.
Depends on upstream data quality
Risk scoring and prioritization quality depends heavily on the completeness and accuracy of ingested asset inventory and vulnerability scan data. Gaps in coverage, inconsistent asset identifiers, or stale scan results can lead to misleading prioritization. Organizations often need to invest time in connector configuration, data hygiene, and asset identity reconciliation.
Not a full scanning replacement
The platform primarily prioritizes and manages vulnerabilities rather than performing broad vulnerability discovery on its own. Most deployments still require separate vulnerability scanners, endpoint agents, or cloud posture tools to generate findings. Buyers expecting an all-in-one scanner plus prioritization may need additional products and integration work.
Cisco ecosystem considerations
As a Cisco product, roadmap, packaging, and integrations may align closely with Cisco’s broader security portfolio. Organizations with limited Cisco footprint may need to validate integration depth with their existing tooling and confirm licensing/entitlement details. Procurement and deployment can be more complex in enterprises that prefer lightweight, single-purpose tools.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Advantage | Contact Cisco – pricing not publicly listed | Core RBVM features: vulnerability data ingestion, risk meters (asset groups), scoring for vulnerabilities/assets/risk meters, Top Fix Groups, ticketing integration, risk meter reporting, peer benchmarking, intelligent evidence-based SLAs. Add-ons: Application Security module, Private Deployment, Test Environments. See Cisco product "At a Glance". |
| Premier | Contact Cisco – pricing not publicly listed | Includes all Advantage features plus remediation analytics & scoring, Zero-Day Intelligence (Cisco Talos), Vulnerability Intelligence UI & API, faster response features, and measurement of remediation performance. |
| Add-ons / Deployment options | Contact Cisco / custom pricing | Application Security module (add-on), Private Deployment, Test Environments. |
Notes: Cisco's official product pages and collateral do not display public list prices; Cisco requires contacting sales or a partner to obtain pricing. Cisco has published an End-of-Sale / End-of-Life announcement for Cisco Vulnerability Management (formerly Kenna.VM) updated January 14, 2026 (last day to order March 10, 2026; last day to renew/add to subscription June 11, 2026).
Seller details
Cisco Systems, Inc.
San Jose, California, USA
1984
Public
https://www.cisco.com/
https://x.com/Cisco
https://www.linkedin.com/company/cisco/
