If you’re a cybersecurity expert, you’re probably familiar with the sea of acronyms the industry is obsessed with. From CNAPP he to CWPP to CIEM and all countless others, it seems that new initialisms are being born every day.
In this article, we take a look at another trending acronym, CTEM (which stands for Continuous Threat Exposure Management), and the often surprising challenges that come with seeing a CTEM program to maturity. The concept of CTEM is not new, with his July 2022 publication debut, but it is now in the process of rolling out programs that many organizations have started. last few months. And as organizations begin to execute their carefully designed plans, they may encounter unforeseen challenges that can lead to setbacks.
What is Continuous Threat Exposure Management (CTEM)?
But first, to get back on track, let’s quickly review what a CTEM is and what it isn’t.
Continuous Threat Exposure Management is not a technology, so you can’t go to a vendor expecting to find a CTEM solution (or at least one tool alone will solve it). CTEM is an ongoing five-step program or framework intended to help organizations monitor, assess, and reduce levels of exploitability, and validate that analysis and remediation processes are optimal. is. According to a Gartner® report, “The purpose of the CTEM is to develop a coherent and actionable security posture remediation and improvement plan that business leaders can understand and architecture teams can act on.” (Gartner, 2022 7 Implementation of the Continuous Threat Exposure Management (CTEM) Program on March 21)
Download our new white paper Establishing a modern exposure control programAnd discover:
- Why Critical Vulnerability Does Not Equal Risk
- Different types of exposures impacting an organization’s security posture
- A key foundation for a modern exposure management program designed for the evolving risk landscape
- more!
What are the goals of CTEM?
The Gartner report goes on to say, “Technology-centric attack surface and vulnerability self-assessment projects generate a long list of rarely-executed reports and common remediations. Vulnerability management programs keep up with aggregates across organizations. There is very little to do, leading to rapid escalation of attacks.” surface”. (Gartner, 21 July 2022, Implementation of the Continuous Threat Exposure Management (CTEM) Program) These factors, such as the difficulty of maintaining a security posture over time in an ever-growing attack surface, Combined with a few other key factors, traditional methods are becoming less and less effective as a holistic approach to security.
According to Gartner, “The purpose of CTEM is to develop a consistent and actionable security posture remediation and improvement plan that business leaders can understand and architecture teams can act on.” (Gartner, 21 July 2022) , implementing a Continuous Threat Exposure Management (CTEM) program). A successful CTEM implementation can continuously improve an organization’s security posture by identifying and remediating potential problem areas before they can be exploited by attackers.
Three challenges to meeting CTEM
wonderful. what are you looking for
Sustaining; Setting up a CTEM program is a great undertaking, but there are some challenges that need to be addressed during implementation for successful execution. Considering them early in the implementation stage can potentially save you time and future frustration.
Challenge 1 – Put non-security and security on the same page
this is well-known fact IT/Infrastructure/DevOps/Applications etc teams and security teams don’t always speak the same language. While this is problematic in many ways, this disconnect can become even more problematic when implementing new programs and initiatives. This can lead to problems in CTEM implementations such as not understanding who owns what on the non-security team and not aligned with SLA expectations.
The problem here is that it’s hard to fully communicate your needs, especially if your team is bogged down with a ton of “Urgent!” projects – and to them, CTEM is just one of those projects. This lack of understanding can lead to a lack of motivation to actually do what you are supposed to do.
How to fix – Include stakeholders outside the security team in the conversation from the very beginning. Providing a to-do list is not enough. Instead, sit down with them and explain the goals you’re trying to achieve so they get the right idea of what’s going on. Ask them for their opinion and find out what they need from you and other teams in your organization to make their lives easier. Additionally, sharing news of cyberattacks with them makes them more aware of the impact they can have on their business and how it actually ties into part of their business. will be
Task 2 – Looking at the bird’s eye view
Our comprehensive CTEM program covers a wide variety of areas, from cloud to AD, software vulnerabilities, network security, and basically everything else. Each of these lives in its own silo, with its own owner, its own tools, and its own list of issues to fix. The goal of CTEM is to integrate them all into one holistic view, with all areas providing information to other areas. In practice, this means aggregating all information and using it to understand priorities and responsibilities.
But getting a baseline of understanding is difficult because each of these areas requires different expertise. The last thing you want is a program that has been painstakingly built and run but doesn’t understand the risks that each area poses, or worse, forgetting to include specific problem areas. .
How to fix – Define someone as a “point person”. This is one person who can get a bird’s eye view and become an advanced master at understanding how all the areas covered converge and affect each other. This person doesn’t need to understand in detail how each tool works or what each category of security issue covers, but they need to understand the overall You should be able to see the whole image. Explained and addressed continuously by experts with deep and nuanced expertise.
Challenge 3 – Overcome diagnostic overload
Back to that point about the different areas covered by CTEM. Another important aspect to note is that all have their own tools, so they all generate alerts. Therefore, while the main purpose of CTEM is to streamline all the information obtained from these tools, one notable by-product is the large amount of extraneous noise.
How to fix – Accept the fact that it’s nearly impossible to fix everything. That means we need to prioritize and be as efficient as possible. To do this, focus on the scope and dangers that are most likely to be exploited by attackers and have the greatest impact on your business. Taking a “crawl, walk, run” approach might help. That is, start with small scope-focused baby steps and expand the scope as the program becomes more mature. (Want to make your CTEM meetings even easier? Get our checklist of practical tips for streamlining your CTEM here.)
Conclusion
According to Gartner, “By 2026, organizations that prioritize security investments based on an ongoing exposure management program will be one-third less likely to suffer a breach.” (Gartner, 2022) Implementation of the Continuous Threat Exposure Management (CTEM) Program, July 21, 2019) And we feel it is huge. Hopefully, resolving some of the potential issues along the way will prepare the organization for his CTEM seamlessly.
Note: This article was written and contributed by Shay Siksik, Vice President of Customer Experience at XM Cyber.
