What tools/services do you use for CTEM (continuous threat exposure management)?

Outsourcing & Managed Services Threat Intelligence & Incident Response

1.2k views1 Upvote6 Comments

Sort by:

Director of ITa day ago

We rely on tools like Pentera Surface, Qualys, Wiz, and RiskRecon, among others, to pinpoint vulnerabilities that represent actual threats to the business.

CISO in Insurance (except health)2 days ago

CTEM cannot be covered by a tool itself as it is a framework. I have used in the past XM Cyber and Teanable.

Chief Information Security Officer11 days ago

Interpres is also a really good CTEM tool. It integrates tightly with MDR, Pen Testing services also (the vendor has both). A lot of pure play CTEM vendors only have the CTEM component not the services component.

CISO in Manufacturing2 months ago

We use several CTEM tools, but Ionix is our main platform. It quickly discovers assets, validates findings and ranks risks, helping us prioritize remediation.

VP & CISO in Healthcare and Biotech3 months ago

Might not be what you define as CTEM, but we use BitSight for monitoring our external attack surface. It finds assets we might not see with scanners. Qualys has a module called Threat Protect that is good for surfacing what to work on.

Content you might like

When applying a patch, how valuable to reducing regressions is this if a system administrator has visibility into only the Linux systems they own/manage that are in violation of company compliance policies?

Highly Valuable28%

Moderately Valuable69%

Not at all Valuable3%

View Results

How valuable to reducing change/fail % is it if a sys admin is able to predict the impact of a kernel or glibc change before applying the change to their Linux systems?

Highly valuable30%

Moderately valuable68%

Not valuable at all.1%

View Results

How are you making sure the security team has visibility into social engineering attempts on helpdesk staff, especially with attacks using voice impersonation or other deepfake techniques?

Disesdi Susanna Cox outlines 3 critical threats:
1. Non-deterministic decisions – same prompt, different actions (e.g., unintended transfers).
2. Cascading failures – multi-step tasks = more attack surface.
3. Emergent behavior – guardrails can’t cover infinite edge cases; focus on blast radius and recovery.

3 Controls to Implement Now:
• Map agent workflows to attack tactics (MITRE ATLAS)
• Weekly prompt-injection tests (OWASP + CSA)
• Least-privilege, expiring agent tokens (NIST AI RMF + CSA MAESTRO)

Which control or framework gives you the biggest headache, and how are you tackling it?

Full analysis: https://disesdi.substack.com/p/openai-just-dropped-their-agentic

What tools/services do you use for CTEM (continuous threat exposure management)?

Sort by:

Content you might like

When applying a patch, how valuable to reducing regressions is this if a system administrator has visibility into only the Linux systems they own/manage that are in violation of company compliance policies?

How valuable to reducing change/fail % is it if a sys admin is able to predict the impact of a kernel or glibc change before applying the change to their Linux systems?

How are you making sure the security team has visibility into social engineering attempts on helpdesk staff, especially with attacks using voice impersonation or other deepfake techniques?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

2024 Product Management Priorities and Challenges

Data-Driven Customer Experience: Uniting D&A and CX Teams

Navigating Economic Uncertainty in 2024: IT Leader Perspectives

Take Your Insights On-the-Go