To increase security readiness given today’s dynamic attack surfaces and diverse cyberthreats, security professionals need to move away from traditional vulnerability-centric methods to a new approach that identifies exploitable security exposures in their live IT environments.
Gartner describes Exposure Management (EM) as a new framework that incorporates the adversary's view to continuously uncover exploitable security gaps, and prioritize remediation accordingly. One of the pillars of EM is security validation, which provides evidence of attackers’ possible achievements in the context of an organization’s deployed assets, configurations, and security controls.
During this session, we will present a pragmatic approach to implementing an Exposure Management strategy, focusing on automated security validation.