Looking for a Kenna Replacement? Migrate to PlexTrac
With Cisco Vulnerability Management (formerly Kenna Security) sunsetting, PlexTrac is supporting security teams through a smooth transition helping them migrate data, maintain prioritization discipline, and operationalize CTEM-aligned exposure assessment and remediation workflows.
For a limited time, customers with up to 12 months remaining on their Kenna contract who migrate to PlexTrac under a PlexTrac subscription agreement will receive up to 12 months of PlexTrac free, subject to terms and conditions.
Trusted by Security Leaders
“For the first time, we can clearly explain to leadership what’s getting fixed, why it matters, and how our risk profile is improving. That alone made the transition worth it.”
—CISO, Global Technology Company
Kenna End-of-Life Announcement
On December 9, 2025, Cisco announced that it is retiring its suite of vulnerability management tools, stating
“There is no replacement available for the Cisco Vulnerability Management, Vulnerability Intelligence, and Application Security Module (formerly known as Kenna.VM, Kenna.VI, and AppSec) at this time.”
The key end-of-life milestone dates are listed below.
End-of-Sale Date – March 10, 2026 | End of Subscription Changes or Renewals – June 11, 2026 | End of Support – June 30, 2026
Seamlessly Replace Kenna with PlexTrac
Week 1
Configuration & Development
Working with your implementation specialist to get your PlexTrac set up to meet your needs.
Week 2
Workflow Development
What will your new workflow be? How will we help get you there?
Week 3
Training
Get your end users up to speed with training options to meet your needs and designed with your workflow in mind.
Week 4
Go Live
Everyone is trained, you are ready to go into PlexTrac and work with your data!
Learn how to unify vulnerability management in a centralized collaboration platform like PlexTrac, recognized as a niche player in the Gartner Magic Quadrant.
Exposure Assessment Platform (EAP) is a recent product category defined by Gartner that helps organizations support Continuous Threat Exposure Management (CTEM) programs. EAP focuses on the activities related to identifying vulnerabilities, aggregating them across various sources, prioritizing them effectively, and facilitating the remediation lifecycle.
Automate the CTEM Lifecycle With PlexTrac
What is Scoping
Scoping sets the foundation for your CTEM program by defining which assets should be evaluated for threat exposure and how they should be prioritized based on the company’s business objectives and potential risk impact.
How PlexTrac helps
Establish clear asset ownership and manage all assets within PlexTrac for comprehensive attack surface visibility. Use this centralized view to collaborate across teams and define the testing scope based on business priorities and risk. Once the scope is established, leverage PlexTrac’s scheduling feature enables engagement management to support a continuous cadence of continuous testing
What is Discovery
Discovery is where organizations identify potential exposures within the systems and assets that are part of the scope. It involves both manual testing and automated tools to build an up-to-date view of the organization’s threat landscape to lay the groundwork for effective prioritization and validation.
How PlexTrac helps
Conduct manual testing, such as pentests, repeatable test plans, adversary emulation, or other offensive assessments, directly within PlexTrac. Consolidate these results with data from integrated discovery tools, which are automatically deduplicated to reduce noise. This enables continuous monitoring of assets and exposures within the defined scope.
What is Prioritization
CTEM is not about remediating every exposure, but about prioritizing those that pose the greatest business risk and are most likely to be exploited. Effective risk prioritization must consider a combination of urgency, severity, compensating controls, risk appetite and overall potential impact to the organization. This ensures that resources are focused on exposures that matter most to the business.
How PlexTrac helps
Automate contextual, risk-based prioritization with fully configurable scoring equations that enrich exposures with a risk score based on potential business impact. This enables teams to identify the highest impact threats, align on treatment plans, and track remediation efforts.
What is Validation
Validation tests how identified exposures could be exploited by attackers and how detection and response controls perform in real-world scenarios. It often involves manual assessments like penetration tests and red team exercises to evaluate likely attack success, potential business impact, and response readiness. Effective validation removes uncertainty so teams can focus on remediating exposures with proven adversarial impact.
How PlexTrac helps
Continuously validate the prioritized exposures that are scored as most critical by using automated retesting and validation workflows, ensure your security team stays focused on the highest-impact risks.
What is Mobilization
Mobilization is the process of organizing and enabling teams to act on CTEM findings by reducing friction throughout the remediation orchestration workflows. It emphasizes automation, clear communication channels, and cross-functional collaboration to reduce friction and accelerate risk reduction.
How PlexTrac helps
Mature remediation workflows by assigning, tracking, and collaborating on CTEM findings directly in PlexTrac. Integrate with ticketing systems to eliminate manual steps and enable bi-directional updates between systems that streamline collaboration. Leverage automation to reduce friction and accelerate resolution of high-priority exposures.
PlexTrac Package Pricing
Service Provider
Scale service delivery by accelerating pentest reporting and continuously managing threat exposure in a single platform.
Scale pentest reporting services by streamlining the end-to-end workflow—from scoping through to the final end deliverable.
Go beyond pentest reporting and shift to continuous testing to deliver exposure management and prioritized remediation services.
Evolve and scale risk-based service offerings that align with the CTEM framework to show a measurable risk reduction over time.
*Plex AI is available as an add-on to the PlexTrac Essential, Core or Premium Packages. You must be using a cloud-based version of the PlexTrac platform to leverage AI features
Enterprise
Accelerate pentest reporting and continuously manage threat exposure in a single platform.
Streamline and automate the internal testing and documentation life cycle—from scoping through to the final end deliverable.
Conduct continuous testing, automate the findings handoff through ticketing integrations, and manage exposures across your entire attack surface.
Evolve into the CTEM framework by centralizing data management, contextually prioritizing risk, and automating remediation orchestration.
*Plex AI is available as an add-on to the PlexTrac Essential, Core or Premium Packages. You must be using a cloud-based version of the PlexTrac platform to leverage AI features
Featured Resources
Migrate from Kenna / Cisco Vulnerability Management to PlexTrac
For a limited time, organizations transitioning from Kenna can take advantage of PlexTrac’s migration program, designed to minimize disruption and avoid incremental platform costs, subject to standard terms.