CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management

In a world of ever-expanding jargon, including one other FLA (4-Letter Acronym) to your glossary would possibly look like the very last thing you’d wish to do. However in case you are in search of methods to repeatedly scale back danger throughout your setting whereas making important and constant enhancements to safety posture, in our opinion, you most likely wish to contemplate establishing a Steady Risk Publicity Administration (CTEM) program.

CTEM is an strategy to cyber danger administration that mixes assault simulation, danger prioritization, and remediation steering in a single coordinated course of. The time period Steady Risk Publicity Administration first appeared within the Gartner ® report, Implement a Steady Risk Publicity Administration Program (CTEM) (Gartner, 21 July 2022,). Since then, now we have seen that organizations throughout the globe are seeing the advantages of this built-in, continuous strategy.

Webinar: Why and The right way to Undertake the CTEM Framework

XM Cyber is internet hosting a webinar that includes Gartner VP Analyst Pete Shoard about adopting the CTEM framework on March 27 and even should you can’t be part of, we’ll share an on-demand hyperlink, do not miss it!

Concentrate on Areas With the Most Threat

However why is CTEM widespread, and extra importantly, how does it enhance upon the already overcrowded world of Vulnerability Administration?

Central to CTEM is the invention of actual, actionable danger to essential belongings. Anybody can establish safety enhancements in a corporation’s setting. The difficulty is not discovering exposures, it is being overwhelmed by them – and having the ability to know which pose essentially the most danger to essential belongings.

In our opinion, a CTEM program helps you:

1. Determine your most uncovered belongings, together with how an attacker would possibly leverage them
2. Perceive the affect and probability of potential breaches
3. Prioritize essentially the most pressing dangers and vulnerabilities
4. Get actionable suggestions on methods to repair them
5. Monitor your safety posture repeatedly and observe your progress

With a CTEM program, you may get the “attacker’s view”, cross referencing flaws in your setting with their probability of being utilized by an attacker. The result’s a prioritized checklist of exposures to deal with, together with ones that may safely be addressed later.

The 5 Phases of a CTEM Program

Quite than a selected services or products, CTEM is a program that reduces cyber safety exposures by way of 5 levels:

1. Scoping – Based on Gartner, “To outline and later refine the scope of the CTEM initiative, safety groups want first to know what’s essential to their enterprise counterparts, and what impacts (akin to a required interruption of a manufacturing system) are prone to be extreme sufficient to warrant collaborative remedial effort.”
2. Discovery – Gartner says, “As soon as scoping is accomplished, it is very important start a strategy of discovering belongings and their danger profiles. Precedence must be given to discovery in areas of the enterprise which were recognized by the scoping course of, though this is not at all times the driving force. Publicity discovery goes past vulnerabilities: it could embody misconfiguration of belongings and safety controls, but additionally different weaknesses akin to counterfeit belongings or dangerous responses to a phishing take a look at.”
3. Prioritization – On this stage, says Gartner, “The aim of publicity administration is to not attempt to remediate each concern recognized nor essentially the most zero-day threats, for instance, however reasonably to establish and handle the threats more than likely to be exploited in opposition to the group.” Gartner additional notes that “Organizations can’t deal with the standard methods of prioritizing exposures by way of predefined base severity scores, as a result of they should account for exploit prevalence, obtainable controls, mitigation choices and enterprise criticality to replicate the potential affect onto the group.
4. Validation – This stage, in accordance with Gartner, “is the a part of the method by which a corporation can validate how potential attackers can truly exploit an recognized publicity, and the way monitoring and management techniques would possibly react.” Gartner additionally notes that the targets for Validation step contains to “assess the probably “assault success” by confirming that attackers may actually exploit the beforehand found and prioritized exposures.
5. Mobilization – Says Gartner, “To make sure success, safety leaders should acknowledge and talk to all stakeholders that remediation can’t be absolutely automated.” The report additional notes that, “the target of the “mobilization” effort is to make sure the groups operationalize the CTEM findings by lowering friction in approval, implementation processes and mitigation deployments. It requires organizations to outline communication requirements (info necessities) and documented cross-team approval workflows.”

CTEM vs. Various Approaches

There are a number of various approaches to understanding and enhancing safety posture, a few of which have been in use for many years.

• Vulnerability Administration/RBVM focuses on danger discount by way of scanning to establish vulnerabilities, then prioritizing and fixing them primarily based on a static evaluation. Automation is important, given the variety of belongings that have to be analyzed, and the ever-growing variety of vulnerabilities recognized. However RBVM is proscribed to figuring out CVEs and would not handle id points and misconfigurations. Moreover, it would not have info required to correctly prioritize remediation, sometimes resulting in pervasive backlogs.
• Crimson Crew workout routines are guide, costly, point-in-time exams of cyber safety defenses. They search to establish whether or not or not a profitable assault path exists at a selected time limit, however they can not establish the complete array of dangers.
• Equally, Penetration Testing makes use of a testing methodology as its evaluation of danger, and it offers a point-in-time end result. Because it includes lively interplay with the community and techniques, it is sometimes restricted with respect to essential belongings, due to the chance of an outage.
• Cloud Safety Posture Administration (CSPM) focuses on misconfiguration points and compliance dangers solely in cloud environments. Whereas essential, it would not contemplate distant staff, on-premises belongings, or the interactions between a number of cloud distributors. These options are unaware of the complete path of assault dangers that cross between completely different environments—a standard danger in the true world.

It’s our opinion {that a} CTEM program-based strategy presents some great benefits of:

• Overlaying all belongings—cloud, on-premises, and distant—and realizing which of them are most crucial.
• Repeatedly discovering all sorts of exposures—conventional CVEs, identities, and misconfigurations.
• Presenting real-world insights into the attacker view
• Prioritizing remediation efforts to get rid of these paths with the fewest fixes
• Offering remediation recommendation for dependable, repeated enhancements

The Worth of CTEM

We really feel that the CTEM strategy has substantial benefits over options, a few of which have been in use for many years. Essentially, organizations have spent years figuring out exposures, including them to endless “to do” lists, expending numerous time plugging away at these lists, and but not getting a transparent profit. With CTEM, a extra considerate strategy to discovery and prioritization provides worth by:

• Shortly lowering general danger
• Growing the worth of every remediation, and probably liberating up assets
• Bettering the alignment between safety and IT groups
• Offering a standard view into the complete course of, encouraging a optimistic suggestions loop that drives steady enchancment

Getting Began with CTEM

Since CTEM is a course of reasonably than a selected service or software program resolution, getting began is a holistic endeavor. Organizational buy-in is a essential first step. Different concerns embody:

• Supporting processes and knowledge assortment with the best software program parts
• Defining essential belongings and updating remediation workflows
• Executing upon the best system integrations
• Figuring out correct govt reporting and an strategy to safety posture enhancements

In our view, with a CTEM program, organizations can foster a standard language of danger for Safety and IT; and be sure that the extent of danger for every publicity turns into clear. This allows the handful of exposures that truly pose danger, among the many many 1000’s that exist, to be addressed in a significant and measurable manner.

For extra info on methods to get began along with your CTEM program, take a look at XM Cyber’s whitepaper, XM Cyber on Operationalizing The Steady Risk Publicity Administration (CTEM) Framework by Gartner®.