Continuous Threat 风险管理 (CTEM)

CTEM的五个阶段

从前到后, 首尾相连, there are several steps in the process of continuously managing threat exposure. 重要的是，它们是顺序执行的，这样就不会有漏洞或潜在威胁从裂缝中溜走，并再次困扰组织.

• 范围根据关键绩效指标(kpi)和业务目标评估攻击面的风险状态将有助于安全团队获得并达成明确的行动计划.
• 发现: After scoping has completed, 然后，CTEM程序中的发现工具可以开始以原始的方式识别实际的漏洞并攻击表面漏洞, i.e. before prioritization begins.
• 优先级: Based on the initial scope that was performed according to security 和 business strategy, 然后，CTEM程序将开始为发现的问题分配优先级的自动过程.
• 验证: 根据Gartner, “automated validation using technology or service capabilities, such as breach 和 attack simulation (BAS), or automated penetration testing tools will:
  • 通过确认攻击者确实可以利用先前发现的和优先级暴露来评估可能的“攻击成功”.
  • 通过超越初始足迹并分析指向关键业务资产的所有潜在攻击路径来评估“最大潜在影响”.
  • 确定响应和修复已确定问题的流程是否对业务足够快和足够."
• 动员•在确认潜在威胁载体后，在所有受影响的利益相关者之间进行沟通，并就补救行动计划达成一致，这是流程上的闭环——同时也回到确定范围的第一步.

CTEM的好处

There are obvious benefits to an always-on approach with regard to monitoring, 发现, 和 remediating network 攻击表面 issues. 假设根据安全组织的特定需求正确地实现了CTEM计划，企业可以期望看到以下好处.

A Reduction of Blast Radius 和 Impact

通过利用IAM和 network access control (NAC) authentication 和 segmentation best practices, it becomes more difficult for threat actors to access a network – but not impossible. 但是将这些无关的网络防御能力整合到一个持续监控程序中, 如果攻击者能够真正破坏，就有可能大大减少潜在破坏的影响.

更强的安全态势

因为在建立一个成功的CTEM项目后，可能会发生大量的风险降低, 安全组织有可能采用更主动的威胁缓解措施，并最终实现更强大 cloud security posture management 跨云环境. The results are a less-porous 攻击表面 as well as protecting the enterprise from a position of strength 和 resilience.

降低成本

This is the benefit every stakeholder likes to see. The costs of a breach – especially a sizable one – are many: potential ransomware 支出, initiating backups that might not account for current data, lost customers from reputational fallout, 还有更多. A CTEM program that can effectively help to decrease risk, 改善安全态势, 利用自动化, 和 reduce breach fallout can save untold amounts of money 和 headaches in the long run.

CTEM Program Implementation Best Practices

CTEM计划可能会将安全计划的现有方面拉入一个屋檐下，以支持和自动化功能, 可以这么说. When it comes to an enterprise 攻击表面, there are constant threats looming 和 exposures surfacing that didn’t previously pose a risk.

With a proliferation of providers out there, 不仅很难知道哪个供应商的产品最适合一个组织，而且很难知道该计划的实施究竟涉及到什么. 让我们看一下各种独立的能力，一个CTEM计划可能依赖于一个统一的能力，以进一步实现网络弹性的目标.

Ensure External Threats are Addressed

考虑到组织攻击面的漏洞或漏洞可能很快成为外部攻击者破坏网络并迅速造成大量损害的威胁载体.

集成 external 攻击表面 management (EASM) 将能力整合到CTEM程序中可以帮助加强后边界攻击面的防御，以便团队可以解决诸如暴露凭证之类的问题, 云配置错误, 和 external commercial operations.

Communicate 和 Align on Outcomes - As Early as Possible

CTEM程序汇集了许多不同的工具，通过持续监视和识别暴露来保护企业攻击面. The purpose of CTEM bears re-stating because it’s got a big job, with many stakeholder opinions to take into account.

因此, 就结果达成一致，并就CTEM的目标达成一致，将有助于日常安全从业人员筛选不同的CTEM工具将不可避免地带来的诊断噪音. 只有当系统根据这些结果进行适当校准时，才能自动确定大量警报的优先级.

Gain a Clear 和 Current View of Risk

If CTEM spots the exposures 和 helps teams remediate them, then incorporating digital risk protection (DRP) 功能将传达网络系统将包含漏洞/暴露的整体可能性的视图，并帮助团队修复这些问题.

一个面向公共互联网的应用程序(与任意数量的内部系统绑定)的风险级别可能比一个几年没有看到大量流量的老公司网页要高得多.

The application with the higher risk level might not contain any significant exposures right now, but it’s receiving more frequent updates than the outdated webpage – way more. And more frequent updates means more potential for inadvertent exposures, 和 thus the higher risk level.