[Gartner SRM Summit 2025] Demonstrating the CTEM Framework with Adversarial Exposure Validation
- Pyo Kwon
- Jun 12
- 3 min read
In 2023 and 2024 the Gartner SRM Summit focused on ASM (Attack Surface Management) and CTEM (Continuous Threat Exposure Management) methodologies and frameworks. In 2025 Adversarial Exposure Validation (AEV) has risen as the essential practice for building a CTEM framework from an attacker’s perspective.
AEV aims to assess an organization’s exposure as a real attacker would and to deliver precise security posture diagnostics and improvement guidance. It is defined as a mash-up of Breach and Attack Simulation and Automated Penetration Testing.
On June 9 2025 at the Gartner SRM Summit Eric Ahlm presented “Tips for Improving Your Security Operations With Adversarial Exposure Validation.”
The Essence of AEV Generating Value Through a Validation Report
• Are suspected vulnerabilities actually exploitable
• Did the attack succeed or was it stopped by existing controls
• Did each security control perform as expected
• Did security systems raise an alert and did analysts or an MDR service identify and respond to the threat
AEV Workflow and Standard Process
1. Provide Attack Scenarios | Service providers supply timely realistic attack scenarios based on up-to-date threat intelligence |
2. Execute Tests | Scenarios are run against the organization’s actual IT environment (perimeter defenses internal network topology servers and so on) |
3. Collect Result Data | During execution the performance of existing security systems (SIEM XDR EDR) and the detection and response actions of the security operations team are both measured |
4. Generate Validation Report | A detailed report is produced showing which vulnerabilities were present whether attacks succeeded or failed how each control performed and how well the security team detected and responded |
Synergy of AEV and CTEM Key Benefits for Organizations
Strengthened Blue Team Capabilities and Security OptimizationMaximize the efficiency of existing systems (XDR EDR) to maintain top-level defense readiness against real attacks. This use case provides a clear ROI visualization and is often the ideal starting point for many organizations
Exposure Awareness and PrioritizationIdentify which of numerous vulnerabilities requires immediate remediation. This capability is critical for transitioning from ad hoc threat management to a CTEM approach that continuously identifies and executes priorities
Expanded Offensive Testing CapacityContinually validate how well defenses protect an organization’s crown jewels against specific threats. Automated repetitive testing frees up limited red team resources to focus on more creative advanced threat research
Recommended Starting Point for Successful AEV Adoption
Begin by strengthening blue team capabilities and optimizing security operations. This approach delivers tangible results by evaluating detection and response performance and by effectively communicating key technology investments and team achievements to leadership.
Expert Insights and Practical Experience
Pago Networks has long emphasized continuous threat exposure management. As an MDR service provider we work tirelessly to keep organizations safe from cyber threats. Although causes of security incidents vary one thing is clear.
When initiating incident response via on-site and remote monitoring at the Pago MDR Center we first assess external attack surface exposure. While exact figures are hard to quantify we frequently find critical assets exposed without the organization’s awareness.
Some services necessarily face external exposure. Public web services are a common example. Even in those cases we apply adversarial exposure validation tactics to assess security from an attacker’s viewpoint. This process fosters a stronger more optimized environment and ultimately enables the CTEM framework so organizations can respond to cyber threats with greater agility.
Author - Pyo Kwon, CPTO | PAGO Networks
