Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Perspectives

Continuous Threat Exposure Management – Your Path to Reduced External Cyber Security Risk

Jason-Pappalexis
By Jason Pappalexis
Sr. Technical Marketing Manager
October 18, 2023

Security teams are under constant pressure to improve, but they often struggle. Like pushing a square wheel instead of taking the time to install a round one, organizations are often caught running the same plays because transformation is disruptive. There is never the right time for sweeping change, which just builds frustration due to delays, siloed teams and manual workflows.

Gartner’s 2022 release of Continuous Threat Exposure Management (CTEM) is a response to a need to evolve from the traditional workflows that have been the norm for decades. CTEM is a program that relies on people, processes and technology to be successful. Cyber security leaders frustrated with the status quo and looking for the right model to align with should explore CTEM for fit. If implemented properly, the program can enable a significant reduction in mean time to detect (MTTD), analysis time and mean time to remediation (MTTR) of threats.

What is Continuous Threat Exposure Management (CTEM)?

CTEM is a coordinated threat response process that focuses on proactive risk and vulnerability detection, rapid communication and validated response. Communication involves not only the right people, but also the right information to make informed decisions. This shift from reactive to proactive not only prevents attacks from being successful, but also ensures cross-functional teams are aware and have input on the solution.

Recent research1 validates this need. Eighty-one percent of respondents say improving collaboration between teams is important to improving risk identification and prioritization workflows, yet only 22% of respondents’ organizations have a cross-functional team assigning priority for remediation. 

Complexity is the enemy of any security program. As a result, choosing the right technology for external exposure management is critical to success.

External Assets (and Exposures) Have Unique Challenges

CTEM involves all exposures, both internal and external. Most front line remediation teams know that externally exposed assets have their own risk management challenges and that these challenges cannot be met at scale using manual workflows and legacy security technologies. These challenges include: 

  • The external attack surface changes too rapidly – Up to 10% per month2
  • The external attack surface is too big – Unknown infrastructure segments that can contain thousands of assets
  • Vulnerability scans don’t identify all risk – Passive scanning based CVEs alone are superficial but adding active testing increases complexity exponentially
  • Scan cadence doesn’t maintain pace with risk – Monthly/quarterly scans can’t keep up
  • Too many issues to patch – Lack of accurate severity scores mean too many issues are critical or high

Most teams respond with “If we just work faster we will get it done”. More frequent scans, more people tracking change, more prioritization and status meetings. Unfortunately this isn’t a scalable answer. Automation and a modern approach is the only path forward.

Moving from Chaos to Coordination

Even the most mature security team can have elements of chaos. Manual workflows, asset inventory spreadsheets, infrequent updates, incomplete email distribution lists, status update meetings and emergency maintenance windows leave behind a feeling of instability.

Adopting CTEM is a journey. Changing behaviors and processes can be difficult, but technology doesn’t have to be. The key is to define the goal and then break it down into smaller pieces. Some examples:

  • People. What representatives from each business unit are associated with risk? Ensure these teams have input to the new goal (and ensure their management buys in on it too).
  • Process. What is the current frequency of threat detection across all digital assets? How is this information shared? Identify gaps and work from there. Build team alias based email distribution lists – not person – and test them frequently.
  • Technology. How many tools are in place both internally and externally? How many resources are assigned to manage this tooling? External threats to infrastructure are most common and pose significant risk; ensure risk to your external attack surface is identified promptly with automated tooling.

These are just some examples of questions to ask as you build your plan for CTEM adoption.

Shortcut CTEM Technology Selection with a Checklist

Evaluating technologies for CTEM adoption involves consideration of many capabilities. Each phase of CTEM has requirements that need to be met. 

Change is difficult but is required to evolve. Download the CyCognito report “Demystifying Continuous Threat Exposure Management” to shorten your ramp up on CTEM; definition, requirements, and a technology purchase checklist for external attack surface management as it applies to CTEM. 

Find Out More About CyCognito’s Threat Exposure Management Solutions

CyCognito is a cloud-native software-as-a-service that was built to meet the external risk requirements of the largest and most complex organizations. 

For more information on how CTEM maps to EASM and how CyCognito uniquely solves external risk management challenges, please visit cycognito.com.

1. Source: Forrester Research “Teamwork shines a light on hidden risk”, 2022

2. Source: CyCognito “State of External Exposure Management Report“, Summer 2023


Topics



Search the Blog



Recent Posts




Tim Matthews
How to Budget for EASM
By Tim Matthews
November 18, 2024




Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.