Evolving Approaches to Security Validation and Vulnerability Management
Organizations are increasingly recognizing that simply investing in cybersecurity technologies such as firewalls, SIEMs, and endpoint detection and response (EDR) platforms does not guarantee effective protection against cyber threats. Despite significant expenditures on these tools, attackers continue to exploit misconfigurations, untested rules, and hidden dependencies that evade even the most advanced security environments. A major challenge lies in the misplaced confidence that security teams place in their technology stack, often assuming that controls are functioning as intended without continuous validation. This lack of ongoing assessment can result in underutilized investments, unnoticed security gaps, and operational inefficiencies, ultimately eroding the return on investment (ROI) of security programs. Many organizations focus on the costs and budget allocations of their cybersecurity tools but rarely measure whether these investments are actually effective at the point of need. For example, a next-generation firewall may be capable of blocking advanced threats, but improper configuration can leave critical blind spots. Similarly, endpoint protection platforms may fail to trigger detections during real attacks due to internal telemetry gaps. To address these issues, the cybersecurity industry is witnessing a shift from traditional, periodic vulnerability management (VM) to Continuous Threat Exposure Management (CTEM). CTEM, a term popularized by Gartner, emphasizes the need for continuous, proactive, and automated assessment, prioritization, validation, and remediation of exposures across an organization’s entire attack surface. Unlike traditional VM, which is often reactive and manual, CTEM leverages vulnerability and threat intelligence, attack simulation, and threat validation to provide comprehensive visibility and optimize risk prioritization and remediation. This evolution aims to help organizations coherently understand and manage risk across diverse environments, including endpoints, cloud, SaaS, and code repositories. The adoption of CTEM is driven by the need to address growing vulnerability backlogs, capacity and reliability issues with vulnerability databases, and the demand for actionable, business-aligned risk management. By continuously validating security controls and exposures, organizations can ensure that their investments are delivering measurable protection and are aligned with business outcomes. This approach also helps security teams move away from a perpetual search for new tools and instead focus on optimizing and validating the effectiveness of existing technologies. Ultimately, the integration of continuous validation and CTEM practices is becoming essential for organizations seeking to maximize the ROI of their cybersecurity investments and maintain robust defenses in an increasingly complex threat landscape.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Fixing Gaps in Enterprise Security with Adversarial Exposure Validation
picussecurity.com
Open sourceSecurity validation: The key to maximizing ROI from security investments
helpnetsecurity.com
Open sourceVulnerability Management Evolves to CTEM
resilientcyber.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Adoption and Impact of Exposure Management and CTEM in Modern Cybersecurity Programs
Organizations are increasingly turning to exposure management and Continuous Threat Exposure Management (CTEM) frameworks to address the challenges of fragmented visibility and risk prioritization in cybersecurity. Security teams often face an overwhelming influx of data from various tools such as vulnerability scanners, identity and access management (IAM) systems, cloud posture platforms, and attack surface monitoring solutions, each providing only a partial view of organizational risk. This fragmented approach can lead to confusion, undermine business confidence, and make it difficult for CISOs to demonstrate measurable risk reduction to boards and regulators. CTEM was developed as a structured, repeatable process to unify discovery, prioritization, validation, and mobilization, aiming to bridge the gap between technical insights and business impact. However, many organizations struggle to move beyond the conceptual stage of CTEM, often using it as a diagnostic tool rather than a means to drive actionable risk reduction. This can create a false sense of progress, where dashboards and reports abound but real security improvements lag behind. Case studies from companies such as Drogaria Araujo, Tenable, and Verizon illustrate the tangible benefits of implementing exposure management platforms. Drogaria Araujo, for example, leveraged exposure management to enhance attack surface visibility and provide the CISO with the necessary context to report on high-risk exposures and demonstrate compliance with Brazil’s General Data Protection Law (LGPD). Before adopting exposure management, Drogaria Araujo’s security efforts were hampered by noisy vulnerability assessments that failed to integrate findings from cloud, identity, or operational technology (OT) systems, resulting in an unmanageable volume of remediation tickets. By unifying siloed data and prioritizing risks that create attack paths to critical assets, these organizations were able to improve their security posture and compliance outcomes. The exposure management maturity model, which includes stages from Ad Hoc to Optimized, provides a roadmap for organizations to advance their cybersecurity programs. Implementing exposure management principles is seen as a crucial step for organizations seeking to mitigate cyber threats effectively. Despite the promise of CTEM and exposure management, the execution gap remains a significant challenge, with many organizations still working to translate conceptual frameworks into deliverable, measurable security outcomes. The experiences of these companies highlight the importance of moving beyond diagnostics to actionable risk reduction, ensuring that security investments lead to real improvements in organizational resilience. As regulatory scrutiny increases and attackers become more sophisticated, the ability to connect visibility to measurable outcomes is essential for maintaining business confidence and reducing liability. The integration of exposure management platforms can help organizations overcome the limitations of fragmented security tools, providing a holistic view of risk and enabling more effective prioritization and remediation. Ultimately, the shift from conceptual frameworks to deliverable solutions is critical for organizations aiming to stay ahead of evolving cyber threats and regulatory demands.
Mar 21, 2026
Modern Approaches to Vulnerability and Exposure Management
Organizations are facing an overwhelming volume of software vulnerabilities, with over 40,000 new CVEs published in 2024 alone, making traditional vulnerability management approaches unsustainable. This has led to a shift toward exposure management, which focuses on reducing the active attack surface rather than simply closing vulnerability tickets. Exposure management platforms, such as Spektion, employ advanced techniques like behavioral monitoring and pre-CVE detection to identify and prioritize risks based on real-world exploitability, including the discovery of shadow IT and actively loaded vulnerabilities. To support effective prioritization, the Common Vulnerability Scoring System (CVSS) provides a standardized framework for assessing and communicating the severity of vulnerabilities. The latest version, CVSS v4.0, introduces expanded metric groups and more granular scoring, enabling organizations to better compare vulnerabilities, prioritize mitigation efforts, and communicate risk to stakeholders. Together, these developments in exposure management platforms and vulnerability scoring systems are helping security teams move beyond the "CVE treadmill" and focus resources on the most critical threats.
Mar 21, 2026
Evolving Cybersecurity Training and Incident Response for Modern Threats
Security leaders are increasingly recognizing that traditional approaches to cybersecurity training and incident response are insufficient in the face of rapidly evolving threats. According to the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report, 57% of significant cyber incidents involve attack scenarios that organizations have never rehearsed, highlighting a critical gap in preparedness. Many organizations focus their tabletop exercises on well-known threats such as ransomware, but the real challenge often comes from novel and unexpected attack vectors. Security experts argue that tabletop exercises are frequently either too specific or too grandiose, failing to address the nuanced and likely scenarios that teams are more apt to encounter. For example, some enterprises have gone to great lengths, such as purchasing burner phones for secure communications during exercises, only to discover practical issues during the simulation. Analysts and consultants point out that these exercises often lack realism and do not align with the actual risk and threat profiles of the organization. Meanwhile, a global survey by DarkTrace found that 74% of cybersecurity professionals view AI-powered threats as a major challenge, and 90% expect these threats to significantly impact their organizations within the next one to two years. The increasing use of AI-generated malware and autonomous reconnaissance by adversaries means that threats are evolving in real time, outpacing the static, compliance-driven training models many organizations still use. Legacy approaches, such as annual penetration tests and semi-annual tabletop exercises, are no longer adequate, as they provide limited visibility and fail to build lasting strategic capabilities. These outdated models also assume that adversaries are predictable, which is no longer the case in the current threat landscape. Experts advocate for a shift toward Continuous Threat Exposure Management (CTEM), a discipline that emphasizes ongoing, threat-informed practice rather than occasional, fragmented exercises. This approach requires organizations to move from reactive defense to operational resilience, fostering cross-functional collaboration and daily engagement with emerging threats. By making training exercises more relevant, realistic, and tailored to the organization's specific context, security teams can better align with business objectives and improve their ability to respond to unforeseen incidents. The consensus among industry leaders is that a transformation in both mindset and practice is essential to keep pace with the dynamic nature of cyber threats. Organizations that fail to adapt risk being unprepared for the next wave of sophisticated attacks, particularly those leveraging artificial intelligence and automation. Ultimately, the future of cybersecurity training lies in continuous, adaptive, and business-aligned preparation that mirrors the complexity and speed of modern adversaries.
Mar 21, 2026