The cybersecurity landscape is rapidly evolving, with organizations increasingly recognizing the need for proactive security measures to stay ahead of emerging threats.
But what is proactive security exactly? The Cybersecurity Framework (CSF) from NIST (National Institute of Standards and Technology) provides a good framework for understanding the concept of proactive security. The framework is structured around five core functions: Identify, Protect, Detect, Respond, and Recover. The Identify function focuses on understanding the organization’s environment to manage cybersecurity risks effectively. This includes identifying critical assets, potential threats, and vulnerabilities. The Protect function involves implementing safeguards to ensure the delivery of critical digital services, thereby mitigating the impact of potential cybersecurity events.
Proactive security measures align closely with the Identify and Protect steps of the NIST CSF. By identifying potential risks and implementing protective measures, organizations can preemptively address vulnerabilities before they are exploited.
Continuous Threat Exposure Management (CTEM), a concept introduced by Gartner in 2022 that is rapidly gaining momentum, exemplifies this proactive approach. Continuous Threat Exposure Management (CTEM) is a cybersecurity strategy defined by Gartner as a systematic approach that continuously exposes an organization’s networks, systems, and assets to simulated attacks in order to identify vulnerabilities and weaknesses. This five-stage process aims to enhance the organization’s overall security posture by prioritizing risk mitigation strategies and refining security measures, moving beyond traditional point-in-time assessments to a more dynamic, ongoing evaluation of security risks.
Gartner—who has published over 63 articles to date discussing CTEM and is on pace for a record number in 2024 with over 20 published in 1H alone—highlighted the importance of this hot topic during their own summit in June. The Gartner Security & Risk Management Summit in National Harbor, Maryland, was Gartner’s biggest showing yet with over 5,000 attendees and 150 sessions, and at least six of these highlighted CTEM. Of note was Distinguished VP Analyst Neil MacDonald’s predictions on emerging technologies, which is a leading indicator of high-impact risks and security categories to watch for the year and included CTEM as a key technology trend.
As Neil so aptly framed it, CISOs are finding themselves in the crosshairs: from new threats targeting new technologies, identities and humans; to new business requirements and ownership of digital risk; an expanding attack surface; and changing security technology capabilities, including of course GenAI enablement.
He described how, in response, CTEM is emerging as a vital paradigm shift in cybersecurity strategy to address the inadequacies of traditional vulnerability management. Neil advises that CTEM is about mapping the entire attack surface, not just CVEs, to broaden your visibility and understand the risk of your entire digital estate including both internal and external assets as well as third-parties, while prioritizing real business risk.
Everyone is getting into CTEM: Palo Alto Networks acquired attack surface management vendor Expanse, adding onto their own CTEM capabilities; IBM acquired another attack surface management company, Randori, to bolster their CTEM capabilities; and traditional vulnerability management companies such as Qualys, Tenable and Rapid7 have also been adding CTEM features organically and through acquisitions. Walking the show floor at the Gartner Security & Risk Management Summit and the RSA Conference earlier this year reinforced the marketing movement to CTEM.
With modern CISOs responsible for all digital risk, not just IT risk, and the need to shift threat exposure management into a continuous process, it important to remember that CTEM is not a product. It is a proactive and holistic approach to identify, prioritize, and mitigate risks while aligning remediation efforts with business objectives and compliance frameworks.
Looking ahead to the next industry event, Black Hat USA 2024, we expect to see more enterprises looking into a proactive security approach as they seek out research trends and technology innovations in breach and attack simulation, attack surface management and vulnerability management and remediation to enhance their proactive security posture. Look forward to seeing everyone there. If you’d like to learn more about SixMap at Black Hat or chat about the future of proactive security, schedule a conversation here.
About the Author
