What tools/services do you use for CTEM (continuous threat exposure management)?

Outsourcing & Managed Services Threat Intelligence & Incident Response

1.6k views6 Comments

Sort by:

Director of IT2 months ago

We rely on tools like Pentera Surface, Qualys, Wiz, and RiskRecon, among others, to pinpoint vulnerabilities that represent actual threats to the business.

CISO in Insurance (except health)2 months ago

CTEM cannot be covered by a tool itself as it is a framework. I have used in the past XM Cyber and Teanable.

Chief Information Security Officer2 months ago

Interpres is also a really good CTEM tool. It integrates tightly with MDR, Pen Testing services also (the vendor has both). A lot of pure play CTEM vendors only have the CTEM component not the services component.

CISO in Manufacturing5 months ago

We use several CTEM tools, but Ionix is our main platform. It quickly discovers assets, validates findings and ranks risks, helping us prioritize remediation.

VP & CISO in Healthcare and Biotech5 months ago

Might not be what you define as CTEM, but we use BitSight for monitoring our external attack surface. It finds assets we might not see with scanners. Qualys has a module called Threat Protect that is good for surfacing what to work on.

Content you might like

What can organizations do to mitigate risks from Windows 10 devices that can’t be upgraded to Windows 11, like industrial control systems (ICS)?

How many hours on average does your team spend on compliance and reporting each week?

Less than 5 hours32%

5-10 hours41%

11-15 hours17%

16-20 hours6%

21-25 hours1%

More than 25 hours2%

View Results

Cyber threat hunting is gaining momentum in the industry. If you are offering this as part of your advanced security services, which challenges are you experiencing?

Poor efficiency of the detection and threat hunting solution (SIEM/SOAR, EDR solutions)41%

Too much time wasted on false positive alerts68%

Lack of security skills and defined processes31%

Not enough demand in the market8%

View Results

Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?