CTEM - Continuous Threat Exposure Management

Gartner predicts that organizations prioritizing their security investments based on a CTEM program will reap benefits in the form of 3x less likely to suffer breach breaches by 2026.[1]  This approach aligns exposure assessment cycles with specific business projects or critical threat vectors, covering both patchable (vulnerabilities) and unpatchable exposures. The enterprise's exposure and remediation priorities are validated by weighing in the attacker's view and testing the effectiveness of security controls. This leads to evidence-based security optimizations, resulting in improved cross-team mobilization. The expected outcomes from tactical and technical responses are thus shifted towards constructive and sustainable security solutions.


Implementing CTEM is a complex process. It requires a lot of planning, coordination, and collaboration across different teams and stakeholders. It also involves a continuous cycle of scoping, discovery, prioritization, validation, and mobilization, which may be challenging to sustain and optimize over time. It can be difficult to measure the return on investment (ROI) of a CTEM initiative and this can make it difficult to convince stakeholders to support CTEM investments. Businesses that are not prioritizing their security investments based on CTEM programs will likely be exposed to vulnerabilities and will not discover them until after it has been exploited by attackers and a security breach has occurred. By understanding the challenges and taking steps to overcome them, business owners can position their businesses for success in the future.

On a mission to bring the world closer by building bridges through language, Lionbridge translates billions of words daily into more than 350 languages for more than 2,100 customers who want to take their content and stories global. As the company invested in and transitioned heavily to the cloud, Chief Trust Officer Doug Graham and his team needed to ensure they had a firm grasp on Lionbridge’s growing external attack surface. Primarily focused on ensuring his security team could enable new SaaS and cloud applications securely, The team began seeking solutions that could provide visibility into Lionbridge’s evolving environments. Impressed with IBM Security® Randori Recon’s unique approach of continuous asset discovery and risk-based issue prioritization from an attacker’s perspective, the Lionbridge team kicked off an evaluation. By embracing Randori Recon, Lionbridge gained real-time visibility into its external risk posture. Now, as its cloud footprint changes, Lionbridge’s exposure management systems are updated accordingly. With this clarity, the Lionbridge team streamlined their operations by deploying Randori Recon’s bidirectional integrations to map newly identified assets into their asset management solution. If Randori Recon discovers a previously unknown asset, it is flagged and investigated to improve inventory management processes going forward. From this integration, Lionbridge established a strong reporting capability around its external risk and set KPIs around attack surface trends and public cloud security. To move beyond the find-and-fix mentality and continue building a resilient security program, Lionbridge is integrating continuous automated red teaming (CART) into its security program by investing in IBM Security Randori Attack Targeted. By identifying the most problematic areas of their attack surface, the team can run valuable, authentic red and blue team cyberattack scenarios efficiently and at scale. [2] 

CTEM programs continuously monitor a business's attack surface for vulnerabilities and threats, and then prioritize and remediate them before they can be exploited by attackers. This proactive approach is in stark contrast to traditional cybersecurity programs, which are largely reactive and focus on detecting and responding to attacks after they have already occurred. CTEM programs are particularly effective for technology businesses because they are constantly evolving and facing new threats. By continuously monitoring their attack surface, technology businesses can quickly identify and address new vulnerabilities and threats, before they can be exploited by attackers. They are removing data silos by using two-way integrations that are compatible with their existing security infrastructure and enhancing the efficacy of their security tools. In a recent case study done by FORRESTER on a CTEM program, huge benefits were realized such as a payback period of less than 6 months, a return on investment (ROI) of 303%, 90% less vulnerability scanning, and 30% Faster SecOps rapid responses.[3]  Overall, implementing a CTEM program is a wise investment for any technology business that is serious about protecting its data and assets from cyberattacks.


Market leaders are using CTEM programs proactively by identifying and remediating vulnerabilities and threats before they can be exploited by attackers. They quickly identify and address any weaknesses in their security posture by having a continuous view of their attack surface. It is helping them to maintain a strong security posture by protecting their customers' data and complying with various industry regulations, such as GDPR and HIPAA. Automating many of the tasks involved in security risk management, such as vulnerability scanning, threat intelligence analysis, and remediation prioritization frees up security teams to focus on more strategic initiatives and reduces the risk of human error. It facilitates collaboration between different security teams in an organization, such as the security operations center (SOC), risk management team, and IT team. This collaboration helps to ensure that security vulnerabilities are remediated quickly and effectively. CTEM programs can help organizations stay ahead of the ever-evolving cyber threat landscape and protect their data and assets.

No comments:

Post a Comment