The Skinny
-
Breaches are now the norm, with 96% of organizations experiencing at least one in the past year, according to Cymulate research.
-
CTEM helps organizations stay ahead of evolving threats by identifying, validating, and prioritizing exposures.
-
Automation enables teams to run significantly more security tests than manual methods, improving threat detection, resilience, and overall cyber effectiveness.
Security breaches are no longer an anomaly — they’re a part of life. With attackers becoming more sophisticated and better equipped — often leveraging AI and advanced automation — security teams face growing pressure to ensure their defenses can stand up to emerging threats. This evolving threat landscape is driving interest in Continuous Threat Exposure Management (CTEM), a strategic framework that emphasizes ongoing assessment, validation and improvement of security posture.
Recent Cymulate research shows that 96% of organizations have suffered at least one breach within the past year, and 84% of cybersecurity professionals have expressed concern over whether their defenses could withstand an attack from a sophisticated threat actor. That’s an alarming stat—one that should make business leaders nervous. Savvy attackers are always refining their tactics, making life increasingly difficult for today’s security teams.
That means it’s more important than ever for organizations to not just have the right solutions in place, but to know that they are working as expected. Plug-and-play security solutions are no longer enough to get the job done — today’s security teams need to continuously test, validate, update and calibrate their solutions to ensure they are capable of standing up to evolving tactics and emerging threats.
Using CTEM to Combat the Modern Threat Landscape
Having the right security solutions in place is a good first step — while stopping every attack is impossible, it’s still important to have perimeter protections, endpoint defenses, internal detection and response capabilities, and other layered defenses. But modern digital environments are sprawling, and they are changing on a near-constant basis. A solution that functioned well two years ago might be obsolete by now, especially if it hasn’t been updated and maintained. Another solution might struggle as the organization scales. Another that worked well for on-premises systems might not be as adept at securing cloud environments.
Cybersecurity is not a “set it and forget it” discipline; it requires constant attention to ensure the organization is adequately protected. Cybercriminals never stand still. They are always innovating and trying new things. Security teams must have a similar mindset and approach.
This has led to the growth of CTEM, a framework of practices first introduced by Gartner in 2023. The idea behind CTEM is simple: an organization needs to continuously evaluate the effectiveness of its security program to identify and prioritize exposures that pose the greatest threat to the business. With more systems and applications to secure than ever and threats multiplying on a near-daily basis, it is effectively impossible for security teams to address every vulnerability. But by employing CTEM practices to automatically identify, validate and prioritize potential exposures, they can ensure they are at least addressing the most critical threats.
CTEM helps organizations better understand how protected they actually are, while enabling them to make incremental improvements to ensure their security posture remains strong over time. CTEM practices can also highlight potential issues with change management and drift detection, explaining when and why security posture changes occur within the security ecosystem.
Critical Role of Security Validation
Validation is a critical part of CTEM. It’s the stage where organizations determine whether a potential exposure actually poses a danger to them, or whether it is mitigated by compensating controls. As a result, security professionals are embracing validation at an accelerating rate. Today, 90% of security leaders say they apply validation to the exposure management process at least once a month, and an eye-opening 71% of them say they consider validation to be “absolutely essential” to their security practices.
Those who automate the validation process are even more effusive, with 97% saying automated control validation has had a positive impact on their cyber effectiveness. This comes as little surprise. There are always potential vulnerabilities, even in the most secure environments, and manually testing them can be an arduous process. As automation becomes increasingly common within cybersecurity solutions, streamlining testing practices has proven to be a potent force multiplier.
How potent? Respondents to Cymulate’s research indicated that automated validation solutions allow their security teams to conduct over 200x as many tests as manual processes, ensuring they can more accurately assess how their security capabilities stand up to today’s most dangerous threats. That has real, tangible benefits: 47% of security professionals stated that deploying exposure validation improved their mean time to detection, 40% said it increased their threat resilience against the latest immediate threats, and 37% said it played a key role in the continuous validation and tuning of their security controls. Most importantly, organizations that run exposure validation processes at least once per month reported a 20% reduction in breaches overall.
This isn’t groundbreaking. In fact, it makes perfect sense that organizations capable of identifying their exposures and prioritizing their remediation have more secure and resilient environments. But it’s one thing to recognize the value of validation and another to implement it. Many security professionals reported that lack of resources or capacity continues to hold them back when it comes to addressing vulnerabilities, and nearly half cited it as a factor when deprioritizing exposure remediation. Those teams would likely benefit the most from automated security validation and its force multiplier effect, but helping business leaders understand the value created by security investments can be a challenge. Still, 98% of respondents stated that they plan further investments in exposure management capabilities—which is a positive sign for the future.
Positive Momentum for Security Validation
Cymulate’s research found that security leaders almost unanimously reported that security control validation had a positive impact on their security posture since implementation, and 95% said testing the threat prevention and detection capabilities of their security controls is important. As worrisome as it is that 84% were concerned over their ability to defend against sophisticated threat actors, these numbers show that organizations are moving in the right direction.
As CTEM gains momentum, a growing number of businesses are now continuously testing, validating and improving their security capabilities — and that’s making life harder for attackers.
Brian Reed
Brian Reed is Senior Director of Sales Engineering for North America at Cymulate, provider of a SaaS-based breach and attack simulation platform. He previously served as Senior Director of Cybersecurity Strategy at Proofpoint and was a Senior Director and Analyst at Gartner, where he led research on topics including insider threats, cloud security and enterprise DLP. Earlier in his career, Reed held leadership roles in business development, product management and engineering at companies such as Sourcefire, HP, McAfee and Internet Security Systems. A frequent industry speaker, he serves on advisory boards and holds degrees from the University of Georgia and Kennesaw State University.
