Go to content
logoNanitor
ALL

Exposure Management

CTEM Needs to Include Identity Security

Derek Melber

Derek Melber

Chief Strategist

19.01.24

3 min read

Introduction

Continuous Threat Exposure Management (CTEM) is a trending technology that was initially created by Gartner. It is so important that Gartner named it the #2 strategic technology trend for 2024. Gartner also stated that:  

“By 2026, organizations that prioritize their security investments based on a continuous exposure management program will be 3x less likely to suffer a breach.” 

These are very powerful statements considering that the technology is new and many have not even heard of it.   

Pillars of CTEM According to Gartner  

CTEM is all about Diagnostics and Action (Figure 1). Which aligns with every organization's security needs. Within each section, there are 5 main steps:  

  • Scoping  
  • Discovery  
  • Prioritization  
  • Validation  
  • Mobilization  

CTEM framework by Gartner

Each step assures that the entire enterprise of assets is being considered, as the attackers are also considering every asset as a possible inroad to the network.   

The scoping step is the area that defines which assets make up the attack surface:  

  • Vulnerable entry points  
  • Assets  
  • External attack surface  
  • SaaS security  

What CTEM is Missing  

CTEM is a great technology with a solid foundation. However, it is clear that it is missing “identity security”. Identity is at the root of nearly every attack, exploit, and breach. The attackers need identity to move laterally, gain privileges, and then deploy malicious code and ransomware.   

Identity is not only user accounts and not only located on-prem. Identity consists of accounts that have access to the network, data, servers, workstations, services, applications, etc.   

When many say “identity security”, they immediately move to multi-factor authentication and privileged access management. These are key security solutions that every organization needs. However, they don’t actually secure the identity!   

Identity security is more about securing the identity from being exploited, impersonated, attacked, reused, etc. The majority of identity security controls live with the identity! Every identity platform provides controls (AKA attributes/properties) that give the identity special privileges, capabilities, etc.   

It is these controls that need to be secured in order to secure the identity!   

CTEM Security   

Therefore, CTEM needs to incorporate as many security controls to make the overall security hygiene of the organization strong and resistant to attacks. The key security areas that CTEM needs to incorporate include:  

  • Vulnerabilities  
  • Patching  
  • Misconfigurations  
  • Software security  
  • Cloud security  
  • Identity security  
  • External attack surface  

Summary  

Once you can incorporate all of the key security areas under a CTEM technology, you will have a rock-solid security platform. If any of these are omitted or not prioritized along with the others, you really don’t have a CTEM platform!  

If you want to test your network against a unified CTEM platform, get a free assessment, or a killer demo, contact joe@nanitor.com.