Use Case

Continuous threat exposure management (CTEM)

A look at what CTEM is, the challenges, and how the Nagomi Proactive Defense Platform fits in.

What is continuous threat exposure management?

CTEM is a strategic approach to cybersecurity that incorporates continuous, real-time monitoring and management of an organization’s threat profile. CTEM seeks to proactively identify threats and risk before they can be exploited by malicious actors. CTEM is not a category of tools, but instead an approach to proactively prioritize threats and remediate them as threats evolve.

What are the benefits of continuous threat exposure management (CTEM)?

Security teams implementing a CTEM approach realize the following tangible benefits:

  1. Proactive Risk Management – By continuously analyzing threats and corresponding defenses, organizations are able to identify remediation opportunities before they are actively exploited.
  2. Actionable Defensive Plans – Security teams that implement a CTEM approach are able to change configuration settings, implement new security features, and maximize protection against threats using the tools they already have.
  3. Ability to Adapt – The only constant in cybersecurity is change, and organizations that use a CTEM approach are – by definition – able to pivot when tools, assets, and attack vectors evolve.

What are the five stages of a continuous threat exposure management (CTEM) function?

The five stages of a continuous threat exposure management function are:

  1. Scoping
  2. Discovery
  3. Prioritization
  4. Validation
  5. Mobilization

CTEM Stage One: Scoping

The initial stage in continuous threat exposure management is scoping, where the goal is to identify and define the infrastructure elements that will be included in the program. This phase includes deciding which elements of the internal and external attack surface will be covered by the program based on business context and risk.

CTEM Stage Two: Discovery

Based on decisions made in stage one, the second stage in building a CTEM function is an in-depth exploration and analysis of the infrastructure identified as part of scoping. This includes asset identification, risk profiling, identifying misconfigurations, uncovering vulnerabilities, and more. In stage two, business context and risk are the key components of understanding risk meaning.

CTEM Stage Three: Prioritization

The prioritization stage in CTEM assigns urgency and importance to what should be remediated. Factors for prioritization include risk tolerance and availability of compensating controls.

CTEM Stage Four: Validation

The validation stage in continuous threat exposure management verifies the cybersecurity posture of the organization either through Breach and Attack Simulation (BAS), Automated Security Controls Validation (ASCA) or security assessments. The goal of stage four is to not only validate posture, but to also understand the interconnectedness of potential attack vectors and the potential for pivoting, lateral movement, and privilege escalation.

CTEM Stage Five: Mobilization

The fifth and final stage in CTEM, mobilization, is about ensuring that teams can operationalize findings by removing friction, building clear approval processes, and creating cross-functional processes.

What are the challenges in building a continuous threat exposure management program?

  1. Perception of security as binary – There’s a pervasive perception among non-security professionals that cybersecurity is a binary choice: we’re either secure or we’re not. Add to that the idea that if an organization just purchases tools like EDR, vulnerability assessment tools, SIEM, etc., that should be enough. The truth is that security is much more nuanced and every organization’s risk profile and attack surface is constantly changing. The biggest challenge in building a strategic CTEM program is a fundamental misunderstanding and misalignment on the goals and challenges of cybersecurity programs in general.
  2. Focus on volume vs. risk – Simply discovering the volume of vulnerabilities is not enough. There will always be more vulnerabilities than the capacity to address them, and creating a list of CVEs is not what CTEM is about. Instead, at the heart of a CTEM program is alignment with business impact. Organizations that focus on the volume of discovered assets and vulnerabilities often get stuck on this stage.
  3. Unclear Mobilization Processes – Since the mobilization stage relies on collaboration between teams and functions, security teams can’t rely on tools and automation alone. This stage requires patience, collaboration, education, and compromise.

How can Nagomi help teams with continuous threat exposure management?

Nagomi is the first security platform that truly aids organizations to address all five stages of the CTEM journey.

  1. Scoping – By deeply understanding a customer’s environment, connecting to all security tools, and providing a comprehensive list of the organization’s assets, Nagomi helps teams scope their work in risk and threat prioritization.  The Nagomi platform understands an organization’s telemetry and can personalize the platform based on the existing groups the organization understands and works with in their day to day operations.
  2. Discovery – Next, Nagomi’s extensive defense assessment provides an in-depth discovery of security tool misconfigurations, overlap, and gaps.
  3. Prioritization – By understanding an organization’s most important initiatives and goals, as well as by creating a specific threat profile based on industry, geography, and size, Nagomi can prioritize remediations based on the relevance of the threat, urgency, level of exposure, and availability of compensating controls.
  4. Validation – Through Nagomi’s in-depth threat analysis which maps to MITRE ATT&CK, as well as a granular understanding of security tools, it can validate the gaps in an organization’s security stack and how they compare to the TTPs attackers use in the wild.
  5. Mobilization – Lastly, Nagomi can help organizations mobilize by not only connecting security engineering and risk teams but also by allowing organizations to report on the status of the security program, its progress, and areas of highest concern.

Nagomi helps cybersecurity teams make their security tools more effective against real-world threats. By connecting to the tools that customers already have, the Nagomi Proactive Defense Platform maps threats like ransomware, phishing, and insider threat to specific campaigns, then analyzes defenses to provide prescriptive, evidence-based remediation plans to reduce risk and maximize ROI.

More like this

Use Case

Cyber defense planning and optimization (CDPO)

A look at what CDPO is, the challenges, and how the Nagomi Proactive Defense Platform fits in.

Learn more ->

Use Case

Breach and attack simulation (BAS)

A look at what Breach and Attack Simulation (BAS) is, the benefits, challenges, and how the Nagomi Proactive Defense differs from BAS.

Learn more ->

Use Case

Proactive security

A look at what Proactive Security is, the challenges, and how the Nagomi Proactive Defense Platform fits in.

Learn more ->

Ready to get started?

Schedule a personalized demo with Nagomi Security or start a risk-free 30 day trial to see what it can do for your organization.