Continuous threat exposure management is a framework that differs from traditional, reactive cybersecurity by leveraging existing controls to continuously discover, prioritize and remediate security exposures across the organization's entire attack surface. Unlike traditional vulnerability management, which generates a “point in time” list of common vulnerabilities and exposures, CTEM focuses on the business impact of vulnerabilities and how to mitigate them most effectively in an environment.
The framework identifies threats, assesses the damage they could cause across an agency’s systems and determines the best remedy for resolving them.
Throughout the years, agencies have amassed threat intelligence platforms capable of projecting impact, but they might not flag a common threat from 2018 as serious. CTEM might, if the environmental data it’s scanning suggests the threat poses risks specific to the agency in question, and then it will interface with security controls, triggering them to perform remediation.
Those controls might block an IP address in a firewall’s ports or shut off communications to an endpoint, depending on the situation.
Click the banner below to establish a CTEM framework for your agency.
How CTEM Came To Be — and How Agencies Can Implement It
CTEM evolved out of the need for faster cloud security, with agencies often quickly — but sometimes ineffectively — building out their networks and creating vulnerabilities in the process. The framework then migrated to a physical network environment, linking threat feeds with user and application identities.
Depending on an agency’s preferences, CTEM can interface with security information and event management and security orchestration, automation and response to run automated playbooks or interface directly with controls.
Adopting CTEM begins with an agency inventory of security controls, how they’re deployed, how the agency is currently responding to immediate threats and how it determines where improvements can be made.
Based on the desired improvements and whether the IT environment is in the cloud, on-premises or hybrid, the agency must then choose a CTEM framework with the appropriate feature set. Different CTEM frameworks have different advantages and involve working with different vendors.
The more complicated an agency’s network, the longer it will take to integrate CTEM with security controls.
Click the banner below for the latest federal IT and cybersecurity insights.
CTEM Demands Continuous Refinement, Particularly to Automate
CTEM isn’t something an agency can set and forget; it requires continuous refinement, because false positives will persist. Agencies must have a frank internal discussion about whether they have the resources and energy to deploy a framework.
While CTEM can be automated, some agencies prefer to establish an approval process with alerts. If an agency does opt to automate, it should be done in phases to avoid a situation where a flurry of false positives see many users kicked off the network.
At the end of the day, humans need help rapidly responding to threat data from multiple security tools, and CTEM meets that need while adding context and triggering controls.
