Chapter 2. Introducing Exposure Management

Vulnerability management was an important first step toward limiting exposure, but it was not enough. The modern IT environment has evolved dramatically since vulnerability management was first introduced. Organizations are no longer centralized in offices, with their core technologies stored in internal data centers and their entire workforce on premises. Today, businesses utilize cloud technologies and mobile workforces, and a variety of technology is integrated into every facet of the traditional office, with ever-present Internet of Things (IoT) devices controlling everything from building access to coffeemakers.

This has created an attack surface that is too broad and complex for traditional vulnerability management, which generates too much data with no relevant context. As a result, organizations were left chasing exposures with high CVSS scores that didn’t improve the actual organizational risk posture. Those vulnerabilities were being resolved, but assets with lower vulnerabilities were left exposed.

Businesses needed a new solution that would build on vulnerability management’s foundation yet would offer a broader perspective, integrating continuous threat assessment with business priorities and context.

What Is Exposure Management, and Why Was It Created?

Exposure management is the natural evolution of vulnerability management. It is a more comprehensive approach to identifying, assessing, and mitigating risks that can expose ...