Security Solutions | 6 mins
Continuous Threat Exposure Management (CTEM) will enable security and risk management leaders to build evidence-based security. Although the idea of CTEM isn't entirely novel, having first appeared in print in July 2022, we have now reached a stage where numerous organizations are beginning to implement CTEM into their security stack. As such, it is predicted that by 2026, organizations that prioritize their security investments based on a continuous exposure management program will be three times less likely to suffer from a breach.
Joining our CEO Rogier Fischer for this podcast is Richard Stiennon, former VP of Research at Gartner and Partner Analyst at EM360 – a go-to content platform for IT experts that collects industry insight when researching enterprise technologies or seeking to solve business technology issues.
Unpacking Continuous Threat Exposure Management (CTEM)
by Rogier Fischer, CEO at Hadrian
Vulnerability management on its own can generate a lot of value for companies. However, traditional vulnerability management simply can’t handle the increasing complexity of today’s digital landscape. Thus, depending on the maturity of your vulnerability management program, it’s recommended for organizations leverage existing technologies towards CTEM
CTEM primarily integrates several key areas:
- Threat intelligence
- Vulnerability management
- External attack surface management (EASM)
- Exposure management
Hadrian: From the hacker’s perspective to CTEM provider
Hadrian takes a unique approach to CTEM by adopting an external hacker's perspective. Our CTEM platform entails three key aspects:
A holistic approach with a wide scope
Our goal is to understand what your assets are and how they interact with each other. The relevance and context of data are crucial to pinpointing what information genuinely matters to your organization. For instance, compromising a critical asset in your network architecture poses a significantly higher risk than an outdated VPN server still running but not in active use.
Vulnerability validation
The surplus of false positives distracts security teams from detecting and mitigating real threats. Hadrian’s data validation process provides certainty, enabling organizations to tackle real risks confidently, with no room left for false positives.
Risk prioritization
Acknowledging risks is only half the battle; knowing which risks to address first is what makes the difference. CISOs inherently operate with finite resources. Therefore, it's crucial for them to understand how to allocate these resources effectively. CTEM can assist in this aspect with automated prioritization, enabling a clear understanding of vulnerability levels. This, in turn, helps CISOs decide if a particular issue needs to be addressed immediately, can wait until tomorrow, or even be postponed for several months.
Benchmarking CISOs’ success
At the heart of any organization's cybersecurity strategy is the ability to understand its security strengths and weaknesses. This assessment is often called "benchmarking". In simple terms, benchmarking is the process of comparing your organization's practices and performance metrics with those of the industry.
Unfortunately, this evaluation often becomes blurry when the same vendor provides both offensive and defensive security solutions. "CISOs should not be marking their own homework, nor should security teams," Fischer said. It's like a student grading their own homework – the results might be skewed.
The unique approach adopted by Hadrian breaks away from this traditional, self-evaluating setup. Hadrian’s platform is designed to separate the roles of attacker and defender, with different entities assessing an organization's security measures. This approach offers a clear, objective perspective on an organization's cybersecurity strengths and vulnerabilities.
by Rogier Fischer, CEO at Hadrian
Streamlining alert management
In addition to refining the number of alerts, Hadrian offers real-time dashboards that update multiple times daily, if not hourly. In a threat landscape where threat actors start scanning for vulnerabilities within 15 minutes after a new CVE is disclosed, this provides CISOs with a continuously evolving picture of their security, allowing them to swiftly address the most pressing issues.
When it comes to validating alerts, Hadrian leverages automated systems to ensure accuracy and efficiency. Nearly 90% of our triage process is completely validated automatically, meaning that tests for these issues are computer-validated, leaving minimal room for error. However, recognizing that some risks, such as exposed S3 buckets or admin credentials, although prone to false positives, can be incredibly destructive if true, Hadrian also employs a manual triage team. Fischer explains: "And for this 10% of issues, we actually have our own manual triage team that is verifying these issues 24/7 for our customers."
Recently, a widespread, high-severity vulnerability has been discovered in the Advanced Custom Fields (ACF) plugin for WordPress. Hadrian was able to quickly flag the bug to our customers within hours of publication, allowing them to fix the issue on the same day.
Beyond compliance
70% of organizations expect their compliance requirements to increase annually. While these requirements are necessary, it's important to consider them as part of a larger security posture. Despite being a significant opportunity from a management perspective, it shouldn't be the only factor driving an organization's security agenda.
by Rogier Fischer, CEO at Hadrian
Hadrian’s CTEM platform ensures a future-forward approach that blends regulatory compliance with proactive security practices to ensure a robust defense against cyber threats.
