Safeguard digital assets, business operations with CTEM

Dwain Muller, COO, Snode Technologies.

---

There’s a saying in cyber security that defenders have to be lucky all the time, but hackers only need to get lucky once. And, unfortunately, there is no silver bullet when it comes to cyber security. This is especially true as businesses adopt cloud computing, expand their digital footprints and embrace new technologies. Today, perhaps more so than ever, a robust and holistic approach to cyber security is paramount.

Continuous threat exposure management (CTEM) offers a dynamic and comprehensive strategy to safeguard digital assets and business operations. CTEM isn’t a tool or technology, it’s a programme and a strategic approach to cyber security that regularly exposes a business’s systems to simulated attacks to validate if current security controls can identify and mitigate risks. “CTEM is more than a trend, it’s a transformative approach to cyber security that is essential for today’s digital-first business environment,” explains Dwain Muller, COO at Snode Technologies. It moves beyond traditional risk and vulnerability management, which often focuses on isolated data assets, and adopts a broader risk lens, considering threats and assets both within and outside the organisation.

The term was coined by Gartner in 2022. IT research and advisory firm predicts that CTEM will become a core strategy for all businesses by 2026. Furthermore, Gartner forecasts that those prioritising security investments based on CTEM will see a two-thirds reduction in breaches come 2026.

Gartner defines CTEM around two pivotal pillars: diagnose and action. These pillars serve as a structured approach to managing and mitigating the unique risks associated with an organisation's digital assets. “At Snode, we fuse this methodology with our own innovative strategies to provide a robust, data-driven cyber defence system,” notes Muller.

Snode’s approach transcends traditional risk and vulnerability management by embracing a broader, more comprehensive risk lens, leveraging its flagship technology stack to integrate both internal and external threats and assets, Muller outlines. This expanded perspective is not only about identifying potential vulnerabilities but also about continuously evaluating the cyber defence controls deployed across digital environments. It assesses both the effectiveness and health of these controls in real-time to ensure their robustness.

Moreover, the approach incorporates a deep understanding of adversary tradecraft and advanced threat intelligence, helping organisations to anticipate and counter emerging threats. The classification of assets based on their value to the core business is central to this model, ensuring that the most critical assets receive the highest level of protection and strategic focus. This broader lens ensures that security measures are aligned not just with existing vulnerabilities but also with the dynamic nature of evolving threats and the organisation's overarching business priorities. An outline of Snode’s approach is unpacked below.

• Scope: We begin by identifying and scoping digital assets across all domains of the organisation, says Muller. “This step goes beyond traditional IT assets, extending to code repositories, cloud and publicly exposed digital assets and even assets managed by third parties.” The aim, he says, is to align these assets with what is most crucial to the business, ensuring comprehensive coverage.
• Discovery: Next, we perform a thorough completeness check, he continues. This involves conducting threat models and open source threat intelligence gathering techniques, as well as identifying risks associated with these assets. According to Muller, the objective is to cover potential vulnerabilities, whether they stem from inadequate internal processes or potentially vulnerable misconfigurations unknown to digital organisations.
• Prioritise: Finally, we continuously evaluate the safeguards and controls currently in place to protect these assets, he adds. This step is crucial in identifying any areas of exposure and determining where additional resources or improvements may be necessary.”

• Validate: Once the diagnosis is complete, says Muller, the next step is to validate the effectiveness of the deployed controls and safeguards. This validation ensures that the security measures are not only comprehensive, but also effective in real-world scenarios.
• Mobilise: With validated insights, we then focus resources and investments on managing the most significant threats. “This approach moves away from a scattergun method of defence to a more targeted and strategic posture, optimising the use of limited cyber security resources and leaning on the power of advanced data analytics to fuse the disparate data sets to identify areas with the highest area of exposure for organisations.”

In today’s complex and fast-paced digital landscape, traditional cyber security measures are proving to be insufficient, concludes Muller. CTEM – amplified with SIEM, SOAR and advanced analytics capabilities from Snode's team of managed detection and response cyber defenders – offers a dynamic and comprehensive strategy to safeguard digital assets and secure business operations.