Every enterprise security team recognizes the importance of vulnerability management. In fact, the vast majority of Chief Information Security Officer (CISO)-led teams include a designated group that focuses on vulnerability management. The problem is that conventional approaches such as trying to keep an inventory of known vulnerabilities and trying to keep up with patches have not worked well. Gaps remain in enterprise defenses, and teams have been hopeful to find better methods.
The industry has more recently begun to focus more on the issue of exposure, and a new category of solutions has arisen from the analyst community known as cyber threat exposure management or CTEM. While the naming and category treatment are less important, the focus on exposure is welcome, as it is so related to maintaining an understanding of the attack surface versus individual vulnerabilities that might be irrelevant to the organization.