Continuous threat exposure management - A convergence of AI / ML & threat exposure management

Continuous Threat Exposure Management (CTEM) focuses on leveraging existing security infrastructure and tools to transform reactive Threat Exposure Management (TEM) program to proactive and predictive TEM program. This methodology converges AI/ML & Large Language Models (LLMs) with Threat Exposure Management to resolve challenges faced by Cybersecurity teams and CISOs that are impossible to be solved by conventional means.

Continuous Threat Exposure Management – CTEM enables to:

• Understand the Asset Data – By integrating with existing Security infrastructure and tools, the technology provides complete visibility of internal and external attack surface, improving asset visibility by up to 87%. Cybersecurity teams get a comprehensive, automated, and unified asset inventory set within the business context.
• Measure exposure (Vulnerability Data) – Aggregate direct vulnerability data collected from various VM scanners and indirect vulnerability data inferred from integrated threat intelligence feeds leveraging AI. The platform can also identify the monetary value of the broad set of aggregated vulnerabilities. It prioritizes exposures (CVEs and misconfigurations) based on severity, threats, exposure, controls effectiveness and business criticality, so organizations can identify risk associated with the exposures as well.
• Mitigate threats (Security Validation) – The platform can also provide real-time, actionable next best steps for risk reduction, broken down by business unit, Application owners or asset types. Each action comes with an expected dollar reduction. When actions are authorized, the platform automatically pushes out a fix on internal remediation tools.

This AI driven continuous and automated methodology calculates cyber risk based on the expected financial loss resulting from a breach event by considering the likelihood and impact of the breach, down to the level of each individual asset.

It does not rely on qualitative inputs to populate risk model for individual scenarios, rather it leverages machine-learning techniques and automation to continuously update the risk model.

It utilizes asset data collected from client security infrastructure tools . For organisations, this means that not only can risk analysis be performed continuously in near real-time across a wide range of risk scenarios, but also that the resulting analysis is inspectable, defendable, and actionable, with clear linkage to source data.

Risk calculation here considers five critical factors in real-time. The first four factors are used to calculate breach likelihood: Vulnerability severity, Threat level, Asset exposure to detected vulnerabilities and the risk-mitigating effect of security controls.

The fifth factor, business criticality, is used to calculate breach impact.

Individual assets are continuously monitored for their exposure to the most frequently exploited risk vectors – software vulnerabilities, misconfigurations, credential vulnerabilities and trust relationships.

Breach likelihood is computed for each asset across each risk vector, and then combined to determine a total risk value per asset, with a confidence score.