CTEM: How It’s Changing Cybersecurity and Tech Pros’ Jobs | Dice.com Career Advice

Posted on Author AIJobNexus

This post was originally published on this site.

Cybersecurity teams must defend an attack surface that continues to grow in scale and complexity. One 2022 study found that 67 percent of organizations reported their attack surfaces had grown over the previous two years; another report called attack surface expansion the main security and risk management concern for many organizations and enterprises.

Thanks to continuing investment in cloud platforms and applications—as well as a hybrid and remote workforce—attack surface security concerns continue to grow. The methods to address these security issues, however, have not kept up with the size and scale of cyber threats and risks. 

Experts noted that patch management, vulnerability scanning, and even penetration testing are not enough to keep pace with constant attacks from persistent threat groups.

“Patch management and vulnerability remediation operated on a slow cadence, typically monthly or weekly,” said Ben Radcliff, senior director of cyber operations at Optiv. “If a detection and response team verified a true positive event in their SIEM, there was a fair amount of manual effort and cross-functional collaboration needed to perform emergency remediation.”

By the time security teams can react and start mitigating an incident, attackers will likely have breached the network. Additionally, threat actors can gain additional footholds within the targeted infrastructure to make other attempts, even if initially expelled.

An updated approach to address these cyber issues is needed. In 2022, Gartner coined the concept of Continuous Threat Exposure Management, or CTEM, which looks to take a more active approach to vulnerability management. Over the last two years, this framework has started to gain traction.

Like zero trust, CTEM is a cybersecurity mindset and management process that organizations must embrace holistically; no single platform or tool can implement these changes. 

For many organizations, CTEM is a proactive approach that involves continuously monitoring, assessing, prioritizing and resolving cybersecurity issues. This methodology ultimately seeks to reduce, and possibly eliminate, attackers’ ability to exploit various bugs and flaws. In Gartner’s definition, the end goal of CTEM is to “get a consistent, actionable security posture remediation and improvement plan that business executives can understand and architecture teams can act upon.”

As Trey Ford, the CISO of Bugcrowd, recently told Dice: “CTEM is ultimately an attacker-centric restructure of classical asset-centric vulnerability management, answering the business questions of ‘What do we have, what is accessible, what is vulnerable, what needs to be patched or hardened next to make the attacker’s work more difficult, expensive, and dangerous?’”

For tech and security professionals on the front lines of vulnerability management and threat monitoring, CTEM offers a fresh approach to the seemingly never-ending cycle of threats exploiting a myriad of flaws. This approach includes rapid application patching to keep up with new generations of bugs. 

However, embracing this mindset requires developing skills and expertise as CTEM gains traction within enterprises looking to improve their cybersecurity posture.

CTEM as a Five-Step Process

Before setting out to develop new skill sets, tech pros need to understand the basics of CTEM, which can be broken down into a five-step process.

The CTEM framework outlined by Gartner aims to continually reduce risk and improve posture in a way that’s measurable and repeatable. This is done by expanding vulnerability management programs to include misconfigurations, identity issues, unmanaged devices and more. 

To better understand attack surfaces, attack paths to critical assets, and overall risk, these environments must be considered in a holistic way (i.e., the way an attacker will view them). This enables organizations to fix what matters most in an efficient way, said Boaz Gorodissky, CTO and co-founder at XM Cyber.

To improve an organization’s cyber resilience, the CTEM framework leverages five critical steps:      

  • Scoping to define business-critical assets, systems and processes requiring protection.
  • Discovery of all exposures across the infrastructure, including vulnerabilities, misconfigurations, risky identities, and so on.
  • Prioritization, which analyzes exposures based on exploitability, prevalence, and potential business impact to guide the improvement plan.
  • Validation, which confirms that exposures could truly be exploited in the organization through simulations.
  • Mobilization, which drives collaboration between teams to implement controls, processes, and technology to reduce risk.

“The CTEM process is iterative and involves continual discovery, prioritization and remediation activities,” Gorodissky told Dice. “But unlike traditional vulnerability management, which loses context once issues fall off the latest scan reports, CTEM maintains persistent recall of the environment. Progress towards risk reduction is measurable regardless of how threats evolve.”

With the CTEM approach, tech professionals use a common language to understand risk, which is a benefit. Traditional vulnerability management leaves organizations without a way to model the interconnectedness of exposures or understand the resulting business risk. This means security teams cannot convey severity in a way that resonates with IT and the business, so both groups lack the context to make data-driven decisions on resource allocation, Gorodissky noted.

“By providing a risk-based model to understand exposures, security teams can align remediation with exploitation likelihood and business criticality,” Gorodissky said. “The data dispels uncertainty around securing complex hybrid environments and grants actionable insights, enabling teams to strategically strengthen defenses with confidence.”

Reskilling for a CTEM Approach

Since the CTEM framework relies on continuous monitoring to stay ahead of threats and vulnerabilities, cybersecurity experts need to understand automation, which includes using machine learning techniques as well as artificial intelligence (AI).

“In 2020, 17,000 new vulnerabilities were reported—a rate that equals one new vulnerability every six minutes. Attackers waste no time seeking to develop exploits, which means that defenders must be equally nimble and fast to respond,” Gorodissky said. “Defenders using these tools are overwhelmed with the job of managing cyber vulnerabilities. Even large, well-funded organizations can’t patch all the vulnerabilities they discover. There are simply too many vulnerabilities, and there are systems that can’t be patched as well as supply chain dependencies.”

In addition, the skillset of platform engineers responsible for tuning and configuring CTEM tools is shifting toward developing and maintaining orchestration and automation, so knowledge of scripting languages and GET or POST API call functions is key, Optiv’s Radcliff noted.  

“That said, while automation and AI can do quite a bit, there will always be those odd scenarios where a security practitioner familiar with vulnerability, threat and kill-chain analysis will still play a pivotal role,” Radcliff told Dice.