持续威胁暴露管理(CTEM) is a program that security practitioners can put into place to automate continuous monitoring of 攻击表面s that are seeing exponential growth due to the number of IT 和 security systems needed to maintain modern network infrastructure 和 the sheer volume of devices requesting network access.
身份和访问管理(IAM) capabilities are a critical part of a CTEM program in that they help to properly authenticate the large number of users 和 machines to an enterprise network, 从而主动防范威胁. 根据Gartner®的研究在美国,CTEM项目目前正受到越来越多的欢迎,原因在于:
研究继续陈述, “The focus of concern with exposure-related problems has shifted away from simply managing software vulnerabilities in commercial products. The realization of increased technology risk on such a large scale is overwhelming to security operations teams.”
The implication of potential large-scale risk on an enterprise environment that may be healthcare-focused, 例如, is that there could be more access points 和/or vulnerabilities for threat actors to exploit at will.
从前到后, 首尾相连, 在持续管理威胁暴露的过程中有几个步骤. It’s important they are performed sequentially so that no vulnerabilities or potential threats slip through the cracks 和 come back to haunt the organization.
在监视方面,始终在线的方法有明显的好处, 发现, 修复网络攻击面问题. The following benefits a business can expect to see assume that a CTEM program has been properly implemented according to the specific needs of the security organization.
通过利用IAM和 网络访问控制(NAC) 身份验证和分段最佳实践, 威胁行为者进入网络变得更加困难——但并非不可能. But incorporating these tangential network defense capabilities into one continuous-monitoring program, it becomes possible to vastly reduce the impact of a potential breach if an attacker is able to actually breach.
Due to the potential for ample risk reduction that can occur after st和ing up a successful CTEM program, it becomes possible for a security organization to adopt more proactive threat-mitigation measures 和 ultimately achieve stronger 云安全态势管理 跨云环境. 结果是多孔性更少 攻击表面 以及保护企业不受强势和弹性地位的影响.
这是每个利益相关者都希望看到的好处. 数据泄露的代价——尤其是规模相当大的泄露——是很多的:潜在的 ransomware 支出, 启动可能不考虑当前数据的备份, 因声誉受损而失去客户, 还有更多. 一个可以有效帮助降低风险的CTEM项目, 改善安全态势, 利用自动化, 从长远来看,减少违规后果可以节省数不清的资金和头痛.
A CTEM program will likely pull in existing aspects of a security program to shore up 和 automate capabilities under one roof, 可以这么说. 当涉及到企业攻击面时, 持续不断的威胁正在逼近,以前没有构成风险的暴露正在浮出水面.
随着供应商的激增, it can be difficult not only to know which vendor’s offering best fits an organization but also what exactly is involved in the implementation of the program. Let’s take a look at the various st和alone capabilities upon which a CTEM program might rely in a consolidated capacity to further the goal of achieving cyber resilience.
Consider that gaps or vulnerabilities along an organization’s 攻击表面 can quickly become threat vectors for an external attacker to breach the network 和 quickly cause lots of damage.
集成 外部攻击面管理(EASM) capabilities into a CTEM program can help to fortify defenses along a post-perimeter 攻击表面 so that teams can address things like exposed credentials, 云配置错误, 以及外部商业运作.
A CTEM program brings together many different tools to protect an enterprise 攻击表面 by continuously monitoring for 和 identifying exposures. CTEM的目的需要重申,因为它的任务很大, 有许多利益相关者的意见需要考虑.
因此, agreeing on outcomes 和 aligning on what CTEM’s objectives are will help day-to-day security practitioners to sift through the inevitable diagnostic noise that the different CTEM tools will inevitably bring. Automating prioritization of this massive number of alerts can only be done when the system is properly calibrated according to those outcomes.
如果CTEM发现了暴露并帮助团队修复它们,那么合并 数字风险保护(DRP) capabilities will impart a view of the overall likelihood that network systems will contain vulnerabilities/exposures 和 help teams remediate these issues.
The risk level for one public-internet facing application – tied to any number of internal systems – might be much higher than an older company webpage that hasn’t seen significant traffic in a few years.
具有较高风险级别的应用程序现在可能不包含任何重要的暴露, 但它比过时的网页收到更频繁的更新——多得多. 更频繁的更新意味着更有可能无意中暴露, 因此风险水平更高.