top of page

How to harden your security with Continuous Threat Exposure Management



The old ways of securing systems no longer work. Many modern cybercrime attacks are potent because they circumvent 'traditional' security thinking with new and seemingly unpredictable attacks.

 

These ambiguous attacks are posing new risks to organisations that think they are safe, says Performanta’s Executive Chairman and CEO, Guy Golan:

"We've heard about known knowns, known unknowns, and unknown unknowns. Traditional security from twenty years ago represents the first group, such as looking for software signatures. The second group consists of evolving attacks, yet we know about them. And the third group is often at the cutting edge of digital crime, where criminals try new techniques and exploit unknown vulnerabilities in systems."

 

Diligent security covers the first group, and smart investment in threat detection reduces the second's risks. But, the unknown unknowns remain a problem, and the other two's threat levels rise because criminals often combine different tactics. For example, criminals breach a system using a zero-day attack (unknown unknown attack) and then hijack unmonitored administrator accounts to gain greater control (known known attack).

 

The situation makes establishing consistent security monitoring and response uncertain and cumbersome. But there is an answer: Performanta's SafeXDR service incorporates Continuous Threat Exposure Management to reduce breach risks by 70 percent.

 

What is Continuous Threat Exposure Management?

What is CTEM? Gartner introduced the concept in 2022 as a set of five assessment steps to articulate a company's threat exposure:

 

Step No. 1: Scope for cybersecurity exposure

Determine the scope of your attack surface based on business risk and potential impact. Consider traditional devices, apps, and applications, as well as less tangible elements such as corporate social media accounts, online code repositories, and integrated supply chain systems.

 

Step No. 2: Develop a discovery process

While scoping will identify numerous focus areas, it primarily serves to determine the extent of threat exposure management. The discovery stage identifies visible and hidden assets, vulnerabilities, misconfiguration and other risks.

 

Step No. 3: Prioritise threats

Not all threats are the same and will vary based on your company's risk profile. Prioritise according to urgency, security, availability of compensating controls, tolerance for residual attack surface (risks that remain after mitigating a particular risk), and the level of risk posed to the organisation. Focus on high-value assets and a plan of treatment that addresses them.

 

Step No. 4: Validate how attacks might work

Analyse potential attack pathways to the asset, identify if the current response plan will mitigate those risks, and convince business stakeholders on what triggers lead to remediation.

 

Step No. 5: Mobilise

Operationalise your CTEM findings, reducing obstacles to approvals, implementation processes or mitigation deployments. Document cross-team approval workflows and communicate your CTEM plan to the security team and business stakeholders.

Gartner CTEM

 


How Safe XDR helps you establish CTEM

Performanta realises Continuous Threat Exposure Management (CTEM) for customers through our Safe XDR platform—the first platform in the market built to enable CTEM. We believe it's the best way to provide comprehensive ongoing security protection at every organisation.

 

CTEM requires an elaborate and multi-disciplinary approach, which Safe XDR delivers through Performanta's experts, leveraging our Encore Attack Surface Management (ASM) service, Extended Detection and Response (XDR) service, and Risk Operations Centre (ROC).

 

Here is how Safe XDR addresses CTEM's five steps:

 

Step No. 1: Scope for cybersecurity exposure

A Performanta CTEM Optimisation Manager conducts a cyber risk assessment and security controls review.

 

Step No. 2: Develop a discovery process

Using our proprietary Encore ASM tool, Performanta's experts identify internal and external threat profiles, and monitor cloud and on-premise IT 24/7 with XDR.

 

Step No. 3: Prioritise threats

Performanta's ROC correlates system information with known vulnerabilities, and assesses compromise risks of specific assets against defined risk tolerance levels.

 

Step No. 4: Validate how attacks might work

Building on step 3, our ROC evaluates that the discovered exploitation risks are accurate and determines what the business impact could be if an attack compromised specific assets.

 

Step No. 5: Mobilise

Performanta develops risk priorities for certain exploitation scenarios, and one of our Security Optimisation Managers organises on-demand access to the right specialists.

 

This is how Safe XDR reduces breach threats by 70 percent, reduces mean time to remediate (MTTR) from days to less than 6 minutes, and achieves 90 percent automation of security tasks.

 

Start using CTEM

Modern, digitally-powered companies rely on complex systems layered with people, processes and technologies to maintain a business advantage. Online criminals constantly look for weak spots in that complexity or try new ways to circumvent security. CTEM is the answer to these ongoing threats, and Safe XDR is the single-package CTEM enabler that every company should consider.

 

"The bad news is that there are always new security threats; the good news is that CTEM lets you evolve security without constantly reinventing or reinvesting," says Guy Golan. "Performanta Safe XDR represents this modern approach to continual security improvements with a comprehensive platform, managed services, and the right security skills in your corner. Whether you are worried about someone hacking your servers or your CEO, CTEM provides remedies."

Comments


bottom of page