A Practical Checklist to CTEM

Posted by: Batya Steinherz
May 25, 2023
Getting your Trinity Audio player ready...

There’s a lot of hype around Gartner’s Continuous Threat Exposure Management (CTEM). But CTEM isn’t a specific technology or a category of solutions. Instead, it’s a continuous 5-stage program or framework intended to help organizations monitor, evaluate, and reduce their level of exploitability and validate that their analysis and remediation processes are optimal.

Use this practical checklist to keep yourself and your team on track to continue to meet the stages of CTEM.


STAGE 1 Scoping

This first stage encompasses understanding your attack surfaces and what is more important and what is less important to your business. The scope will naturally expand and shift as your program becomes more established.

When considering your attack surface, don’t forget to include your:

☐  External attack surfaces
☐  SaaS tools
☐  Newly acquired environments (via M&A/mergers)
☐  Third parties
☐  Open source repositories
☐  Information exposed on the darkweb


STAGE 2 – Discovery

This step digs in to uncover assets and their level of risk. When considering risk, it is CRUCIAL to note that risk extends beyond vulnerabilities

Make sure you account for: 

☐  Misconfigurations
☐  W
eak credentials
☐  O
verly permissive identities
☐  Vulnerabilities


STAGE 3 – Prioritization

You’ll never be able to fix EVERYTHING – and you don’t need to. This step is all about identifying the most impactful issues – i.e., the ones with the greatest business impact and the greatest likelihood, or lack thereof, leading to critical assets – and creating a plan to fix those issues first.

Start by identifying your quick wins. These are the issues that can be fixed fast and will have the greatest impact:

☐  Low-complexity attack techniques
☐  Risky users
☐  Areas where multiple attack paths converge (choke points)
☐  Exposed cloud storage containing sensitive info


STAGE 4 – Validation

This stage looks at how attacks can occur and the likelihood of their occurrence. This step will leverage a variety of tools, with the goal of assessing if the assertions of the steps above are accurate and validated.
Tools/methodologies to use:

☐  Pentesting
☐  Attack path modeling and analysis
☐  Breach and attack simulation
☐  Security controls monitoring


STAGE 5 – Mobilization

This stage, which in a sense serves as the facilitating factor for the entire framework, is where you make sure everyone is on the same page and understands their role and responsibilities within the context of the program. 

Make sure that:

☐  You have clearly defined your processes so they are easily understood
These processes have been communicated to anyone relevant
Everyone is aware of the risks and knows their role
☐  There is a feedback loop via which people can ask questions and get answers


There’s lots more to take into account when building your CTEM program. We recommend reading Gartner’s full report and then building a strategic plan to operationalize your adoption. But hopefully with this handy and efficient list, you’ll have a view of the most important highlights and get headed in the right direction.

Batya Steinherz

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.