top of page
컨퍼런스 어울링

NEWS

"Introduction of CTEM should be considered to take preemptive defense against new threats"

June 12, 2024



"Introduction of CTEM should be considered to take preemptive defense against new threats"

 



At the Gartner Security & Risk Management Summit 2024 held in Washington, D.C., from June 3 to June 5, VP analyst Pete Shoud gave a lecture on "Exposure Management: What's It All About?"

In an annual study of top 10 strategic technology trends, Gartner predicted that process-based security investments through Continuous Threat Expression Management (CTEM), one of the 10 key areas of 2024 to focus on, would reduce organizational intrusions by two-thirds.




In this connection, Pete Shouard said in a lecture, "Gartner wrote a prediction that the offensive surface of cybersecurity is expanding in 2021, and it should be noted. And now the attack surface has expanded as predicted," he shared.

It emphasizes the need to continuously choose and invest in a threat and exposure management method using a strategic roadmap called CTEM to address the problems posed by these various cyber threats.


On why Exposure Management (EM) should be established or strengthened, Pete Shouard said, "The traditional isolated view of vulnerabilities and exposures is vulnerability scanning. "Vulability Management, which companies think of, only explores and analyzes the major assets of On-Prem and what vulnerabilities exist," he said.

"For this reason, gaps caused by non-assets of companies such as SaaS applications, social media, and development assets such as Code Repository are not considered or included in the scope."


The following figure shows that the attack surface is extensive, while at the same time recognizing once again that the traditional way companies are focused is simply targeting endpoints and servers.



In addition, looking at estimates of other threat exposures that are estimated based on statistical vulnerabilities, we realize the current situation. They don't even know where the problem lies, so they lose control of threat exposure and are creating a gap from various threats as mentioned earlier. This is why we need to establish EM and monitor a wider range of areas.



So, through what approach should companies manage "vulnerabilities" and exposures rather than vulnerabilities disclosed? Gartner anticipated that EM would replace the traditional Vulability Management approach, and defined the following five steps through CTEM.


▶Step 1 - Scoping If you look at the above, you will be worried that a very wide range of areas should be designated as a range. However, it is not easy to cover the entire range with insufficient manpower and tools. Therefore, mission-critical priorities are judged to be the most important, and the risk perceived as the greatest should be prioritized.


▶ Step 2 - Explore vulnerabilities and exposed threats according to the priorities and scope specified.


▶Step 3 - Prioritize prioritization Even within the threat explored, prioritize according to importance.


▶ Step 4 - Validation Breach and Attack Simulation, Penetration Test, and Red Team Validate all explored threats and exposures using all valid resources. Non-Patchable is the reason why some verification is needed. This is a for This is because many companies have the premise that certain systems cannot be patched for reasons of availability.


▶ Step 5 - The problem should be solved through communication between various teams, including mobilization security organizations, infrastructure organizations, and intelligence organizations. Like IT and security tools, organizations have silos. emphasizes that within a are It emphasizes that problem-solving methods within a one-sided organization are not effective.


It's not putting and validating and taking at the above It's not about putting everything in one bucket and finding, validating, and taking action at the above stage. 's is a of risks that are as in a , and , and then and it What's important is an iterative cycle of scoping the risks perceived as the biggest in the enterprise, finding and solving the problem, and then building the next new scope and doing it again."


As the term "continuous" indicators, it is important to plan and implement steps 1 to 5. 5 and and a of in Shouard expanded step five and then said, "I extend a lot of time and invest in discovering problems, you don't time , so as as can plans However, he stressed that there is not enough time to fix and solve the problem, and invest as much time as possible in making a correction and resolution plan.


Gartner guided in 2022 that companies should expand their security management operations to EM as a forecast study, and announced CTEM as Top Cyber Security Trends for 2023-2024.


Additionally, it was included in the 10 strategic technical areas of 24 years. In words, it is the company will able to operations while it to in to a the is In other words, it is expected that the CTEM process will need to be fully considered in order to take a preemptive defense posture against the various new threats facing companies, while reducing security risks and enabling more improved security operations.



o Link to the original article(Korean)-"Introduction of CTEM should be considered to take preemptive defense against new threats"




bottom of page