{"id":10032,"date":"2026-04-01T15:25:48","date_gmt":"2026-04-01T15:25:48","guid":{"rendered":"https:\/\/cyberwatch.fr\/?p=10032"},"modified":"2026-04-13T15:46:59","modified_gmt":"2026-04-13T15:46:59","slug":"ctem-continuous-threat-exposure-management","status":"publish","type":"post","link":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/","title":{"rendered":"CTEM (Continuous Threat Exposure Management): Continuously manage your exposure surface with Cyberwatch"},"content":{"rendered":"\n<p>\u201cWe already manage our vulnerabilities; we perform regular security scans.\u201d<\/p>\n\n\n\n<p>If you\u2019re a CIO or CISO, you may have said this before. And it\u2019s a valid point: your tools are likely in place, your analysis cycles are scheduled, and your dashboards are filling up. On the surface, everything seems under control.<\/p>\n\n\n\n<p>The problem is that between scans, your attack surface continues to evolve. And your assets, once considered secure, may no longer be so.<\/p>\n\n\n\n<p>The challenge is therefore no longer just to detect your vulnerabilities at regular intervals, but to <strong>manage your exposure in real time<\/strong>, based on threats, your context, and your actual remediation capabilities.<\/p>\n\n\n\n<p>This is exactly what <strong>CTEM (Continuous Threat Exposure Management) <\/strong>promises: <strong>moving from a periodic control approach to continuous, structured risk management<\/strong>.<\/p>\n\n\n\n<p>In this article, we\u2019ll break down this now-essential approach, understand how it redefines vulnerability management, and explain how Cyberwatch enables you to integrate it into your practices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a><strong>CTEM: A New Approach to the Limitations of Traditional Vulnerability Management<\/strong><\/h2>\n\n\n\n<p>For years, vulnerability management (VM) and information system security relied on periodic audits: a monthly scan, a quarterly penetration test, an annual compliance audit.<\/p>\n\n\n\n<p>But this approach is no longer in step with the reality of modern information systems. And this is for several reasons:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>1) Increasingly dynamic and ephemeral infrastructures<\/strong><\/h3>\n\n\n\n<p>The traditional vulnerability management model is based on a simple principle: <strong>taking a snapshot of the information system\u2019s security status at a given moment<\/strong>, analyzing the results, and then fixing the identified issues.<\/p>\n\n\n\n<p>But here\u2019s the thing: in the age of the cloud and continuous deployments, that snapshot becomes outdated the moment it\u2019s taken.<\/p>\n\n\n\n<p>Imagine a monthly scan cycle that runs on the 1st of the month. On the 3rd, your DevOps team deploys a microservice with a vulnerable dependency. On the 7th, a critical CVE is published for a component present in 30% of your infrastructure. On the 15th, an intern launches an EC2 instance to test a POC and forgets to deactivate it.<\/p>\n\n\n\n<p>Your next scan will uncover these issues 2 to 4 weeks later, at best.<\/p>\n\n\n\n<p>This scenario is not hypothetical. In modern architectures, with hybrid multi-cloud environments, thousands of microservices, Kubernetes-orchestrated containers, serverless functions, and publicly exposed APIs, <strong>your attack surface is effectively multiplied, and changes to your infrastructure are constant<\/strong>.<\/p>\n\n\n\n<p>The consequence is immediate: <strong>the asset inventory on which your analysis relies quickly becomes obsolete<\/strong>, and some assets slip through the cracks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>2) An exploding volume of vulnerabilities<\/strong><\/h3>\n\n\n\n<p>Beyond these blind spots in asset monitoring, <strong>the volume of vulnerabilities to address is increasing at an unprecedented rate<\/strong>.<\/p>\n\n\n\n<p>According <a href=\"https:\/\/www.first.org\/blog\/20251229-Vulnerability-Forecast-Review\" target=\"_blank\" rel=\"noreferrer noopener\">to figures from FIRST<\/a> (Forum of Incident Response and Security Teams), nearly 50,000 CVEs were recorded in 2025. This represents an increase of approximately 21% year-over-year, following a rise already estimated at +39% between 2023 and 2024.<\/p>\n\n\n\n<p>Added to this avalanche of vulnerabilities is a shortening of exploitation timelines: <strong>attackers are now industrializing the exploitation of critical flaws, <\/strong>and for the most high-profile vulnerabilities (such as Log4Shell a few years ago), the time between disclosure and the first attacks sometimes drops to less than 24 hours.<\/p>\n\n\n\n<p>The result: the remediation window is shrinking drastically, further widening the gap with periodic analysis cycles.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>3) <\/strong><strong>Prioritization that remains too disconnected from actual risk<\/strong><\/h3>\n\n\n\n<p>In this context, you can no longer address everything: you need to know what to fix first, and by when.<\/p>\n\n\n\n<p>However, in traditional approaches, prioritization still relies heavily on generic technical scores (CVSS), without taking into account:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The asset\u2019s actual exposure,<\/li>\n\n\n\n<li>Its business criticality,<\/li>\n\n\n\n<li>The existence of active exploits,<\/li>\n\n\n\n<li>Or your operational capacity to remediate.<\/li>\n<\/ul>\n\n\n\n<p>The result: <strong>your teams accumulate thousands of vulnerabilities without being able to clearly identify which ones need to be addressed first<\/strong>.<\/p>\n\n\n\n<p>Several weeks (sometimes several months) can therefore elapse between the detection of a critical vulnerability and its effective remediation.<\/p>\n\n\n\n<p>This delay is all the more problematic as regulatory pressure intensifies. <strong>The NIS2 Directive (effective since October 2024) imposes stricter cyber risk management obligations<\/strong>, with penalties of up to 2% of global revenue.<\/p>\n\n\n\n<p>To address all these challenges, it is no longer enough to improve scans: a new approach is needed. This is the very purpose of CTEM.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a><strong>CTEM Under the Microscope: Definition and Key Principles of Continuous Threat Exposure Management<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>A concept popularized by Gartner<\/strong><\/h3>\n\n\n\n<p>The term CTEM (Continuous Threat Exposure Management) was introduced by the research and consulting firm Gartner in 2022, in its work on \u201cexposure management.\u201d<\/p>\n\n\n\n<p>Gartner defines it as a <strong>set of processes and capabilities organized into five phases <\/strong>(which we will detail shortly), <strong>enabling the continuous assessment of the accessibility, exposure, and exploitability of digital and physical assets.<\/strong><\/p>\n\n\n\n<p>Two elements are essential to this definition:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>First, the CTEM is not merely a tool. It is a <strong>comprehensive methodological framework <\/strong>that structures how an organization measures its actual exposure, prioritizes its security actions, and tangibly reduces the risk of compromise.<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Second, <strong>the approach is firmly focused on exploitability and business impact<\/strong>, rather than solely on vulnerability detection. The goal is no longer merely to determine how many vulnerabilities exist in the information system, but which ones can actually be exploited, on which critical assets, and with what consequences for the organization.<\/li>\n<\/ol>\n\n\n\n<p>The objective is clear: to systematically and measurably reduce exposure to threats through a continuous cycle.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>The 5 phases of the CTEM framework<\/strong><\/h3>\n\n\n\n<p>The CTEM framework is structured around five phases:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Discovery<\/strong>: It all starts with a reliable, up-to-date view of the attack surface. This phase involves identifying assets, exposed services, identities, and cloud resources\u2014including those that fall outside traditional inventories.<br><br><\/li>\n\n\n\n<li><strong>Scoping<\/strong>: Once this visibility is achieved, the challenge is to define the scope that truly takes priority. The analysis focuses on critical assets and compromise scenarios with a significant business impact, rather than treating the entire IT infrastructure uniformly.<br><br><\/li>\n\n\n\n<li><strong>Prioritization<\/strong>: In a context where not everything can be fixed immediately, this step allows vulnerabilities to be ranked according to actual risk. Unlike traditional approaches based solely on the CVSS score, prioritization here incorporates contextual criteria: the existence of active exploits, the probability of exploitation (via scores such as the EPSS), or the level of network exposure of the asset in question.<\/li>\n<\/ol>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>Validation<\/strong>: Before mobilizing teams, it is essential to confirm that the risk is real. Attack path analysis or simulations help identify vulnerabilities that can actually be exploited and rule out those that do not pose an immediate threat.<br><br><\/li>\n\n\n\n<li><strong>Mobilization<\/strong>: The final phase transforms prioritization into planned, time-bound remediation actions, taking into account operational constraints and the teams\u2019 actual capacity to address the issues.<\/li>\n<\/ol>\n\n\n\n<p>These five phases form a <strong>continuous loop<\/strong>, and this is precisely what sets them apart from a traditional sequence of security actions.<\/p>\n\n\n\n<p>This leaves one key question: how can you industrialize this cycle and truly integrate it into your security operations?<\/p>\n\n\n\n<p>This is where Cyberwatch comes in, our <a href=\"https:\/\/cyberwatch.fr\/en\/our-platform\/vulnerability-manager\/\" type=\"page\" id=\"3325\">vulnerability<\/a> and <a href=\"https:\/\/cyberwatch.fr\/en\/our-platform\/compliance-manager\/\" type=\"page\" id=\"3329\">compliance managemen<\/a>t platform: not as just another component in your security stack, but as the platform that operationalizes every step of the CTEM cycle.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a><strong>Implementing CTEM with Cyberwatch, step by step<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>1) Discovery: Build a reliable, dynamic inventory of your assets<\/strong><\/h3>\n\n\n\n<p>Without a comprehensive and up-to-date inventory, CTEM is impossible.<\/p>\n\n\n\n<p>That\u2019s why Cyberwatch leverages a <a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/use_assets\/discoveries\/\" target=\"_blank\" rel=\"noreferrer noopener\">wide range of discovery mechanisms<\/a> to <strong>automatically identify the assets in your infrastructure<\/strong>, whether they\u2019re on-premises, in the cloud, containerized, or external.<\/p>\n\n\n\n<p>Key discovery mechanisms:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>On-premises infrastructure<\/strong>: network scans and targeted discovery to detect unregistered machines, followed by integration (possible in agentless mode), organization into groups, and ongoing monitoring via recurring scans.<br><br><\/li>\n\n\n\n<li><strong>Cloud (AWS, Azure, GCP, OpenStack\u2026)<\/strong>: API queries to map VMs and associated resources (e.g., Microsoft Entra ID), with multi-project\/multi-region coverage and recurring updates.<br><br><\/li>\n\n\n\n<li><strong>Docker &amp; Kubernetes (EKS\/AKS\/OpenShift\u2026)<\/strong>: image inventory (registries and\/or images actually deployed) with automatic addition for analysis.<br><br><\/li>\n\n\n\n<li><strong>External Exposure (IP \/ DNS \/ WHOIS \/ Certificate Transparency)<\/strong>: IP range scanning and domain inventory, detection of related domains (brands, subsidiaries, forgotten domains), and identification of subdomains via public TLS certificate logs (Certificate Transparency), including those that evade traditional DNS approaches.<\/li>\n<\/ul>\n\n\n\n<p>Ultimately, every newly detected asset is automatically integrated, and decommissioned assets are removed from the inventory: <strong>you have a continuously reliable view of your exposure surface<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>2) Scoping: defining a scope aligned with your business priorities<\/strong><\/h3>\n\n\n\n<p>Once the inventory has been validated through the discovery phase, the challenge is no longer to analyze everything in the same way, but to adapt the level of scrutiny to the level of risk.<\/p>\n\n\n\n<p>A critical asset, such as an ERP server exposed to the Internet, must, for example, be monitored as a priority, while a low-exposure asset, such as an isolated development environment, is a lower priority.<\/p>\n\n\n\n<p>Scoping involves <strong>organizing your attack surface into coherent scopes <\/strong>to eliminate noise and <strong>focus your efforts where the business impact is real<\/strong>.<\/p>\n\n\n\n<p>With Cyberwatch, this approach is implemented by <a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/configurations\/projects\/\" target=\"_blank\" rel=\"noreferrer noopener\">organizing assets <\/a><a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/configurations\/groups\/\">into<\/a><a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/configurations\/projects\/\">projects<\/a> or <a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/configurations\/groups\/\" target=\"_blank\" rel=\"noreferrer noopener\">groups<\/a> corresponding to your environments (Production, DMZ, web servers, testing, etc.).<\/p>\n\n\n\n<p>Each perimeter can then have <a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/configurations\/rules\/\" target=\"_blank\" rel=\"noreferrer noopener\">its own rules<\/a>: scan frequency, alert thresholds, prioritization criteria, or access rights.<\/p>\n\n\n\n<p>For example:<\/p>\n\n\n\n<p>&#8220;Production&#8221; Project<\/p>\n\n\n\n<p>\u251c\u2500 Scan frequency: daily<\/p>\n\n\n\n<p>\u251c\u2500 Alert threshold: CVSS \u2265 9.0 (immediate notification)<\/p>\n\n\n\n<p>\u2514\u2500 Access: CIO + CISO<\/p>\n\n\n\n<p>It is also possible to precisely define the IP ranges to be monitored and to distinguish exposed assets from internal systems.<\/p>\n\n\n\n<p>This segmentation <strong>prevents the overestimation of unrealistic risks while applying a higher level of scrutiny to critical resources<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>3) Prioritization: Moving from CVE volume to actual critical risk<\/strong><\/h3>\n\n\n\n<p>Once the inventory is under control and the scope defined, the challenge becomes clear: determining what needs to be fixed first.<\/p>\n\n\n\n<p>In practical terms, this involves <strong>transforming a list of thousands of vulnerabilities into a short, contextualized queue aligned with your business priorities.<\/strong><\/p>\n\n\n\n<p>In Cyberwatch, this prioritization is based first on defining a criticality policy for each asset. Each scope is assigned <strong>Confidentiality, Integrity, and Availability (CIA) <\/strong>requirements that allow for the recalculation of a contextual <a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/encyclopedias\/vulnerability_score\/\">C<\/a><a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/encyclopedias\/vulnerability_score\/\" target=\"_blank\" rel=\"noreferrer noopener\">V<\/a><a href=\"https:\/\/docs.cyberwatch.com\/help\/fr\/encyclopedias\/vulnerability_score\/\">SS score<\/a>: the <strong>CVSS-BTE<\/strong>.<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;6a1ba64aee0a8&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"6a1ba64aee0a8\" class=\"wp-block-image aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" width=\"1024\" height=\"270\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/cvss-metrics-1024x270.png\" alt=\"\" class=\"wp-image-10033\" srcset=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/cvss-metrics-980x258.png 980w, https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/cvss-metrics-480x127.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>This score takes your technical reality into account: for example, a server completely isolated from the network can be defined as accessible only locally. The criticality of remotely exploitable vulnerabilities is then automatically downgraded. Conversely, a flaw affecting an exposed system in production will retain a high priority level.<\/p>\n\n\n\n<p>This contextualization is complemented by a <strong>threat-oriented analysis<\/strong>. Vulnerabilities flagged as high priority are those that combine:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A CVSS threshold above which a vulnerability must be addressed,<\/li>\n\n\n\n<li>The EPSS score, which reflects the probability of exploitation in the real world,<\/li>\n<\/ul>\n\n\n\n<p>Inclusion in reference catalogs such as CERT-FR ALE, CISA KEV, or the lists maintained by Cyberwatch.<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;6a1ba64aee507&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"6a1ba64aee507\" class=\"wp-block-image aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" width=\"1024\" height=\"202\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/high-priority-vulnerabilities-1024x202.png\" alt=\"\" class=\"wp-image-10036\" srcset=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/high-priority-vulnerabilities-1024x202.png 1024w, https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/high-priority-vulnerabilities-980x193.png 980w, https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/high-priority-vulnerabilities-480x94.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>We no longer think in terms of overall theoretical severity, but in terms of actual risk to a given asset.<\/p>\n\n\n\n<p>Prioritization thus becomes directly actionable by teams: <strong>efforts are focused on critical vulnerabilities that are exposed and likely to be exploited<\/strong>, rather than on an unprioritized backlog of CVEs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>4) Validation: Verifying Exploitability and Measuring the Effectiveness of Patches<\/strong><\/h3>\n\n\n\n<p>After defining the vulnerabilities to be addressed as a priority, the validation phase consists of measuring the effectiveness of the decisions made by answering two key questions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Is the threat truly real in your context?<\/li>\n\n\n\n<li>Have the remediation actions effectively eliminated the risk?<\/li>\n<\/ul>\n\n\n\n<p>The goal is to <strong>move from a theoretical decision to a measurable reduction in exposure<\/strong>.<\/p>\n\n\n\n<p>In Cyberwatch, this validation begins by contextualizing each CVE: the vulnerability encyclopedia centralizes, for a given vulnerability, the technical severity (CVSS and CVSS-BTE), available patches, and, most importantly, the existence of public exploits or known attack tools.<\/p>\n\n\n\n<p><br>Cross-referenced with the EPSS score and inclusion in reference catalogs (CERT-FR, CISA KEV, etc.), this information allows for the immediate identification of vulnerabilities that are actively exploited, easy to scale in attack campaigns, and recognized as critical by authoritative bodies.<br><br><\/p>\n\n\n\n<p>Conversely, a severe vulnerability with no known exploit and a low probability of exploitation can be objectively reclassified.<\/p>\n\n\n\n<p>Validation also covers the effectiveness of fixes. After deploying a patch, making a configuration change, or removing a service, Cyberwatch automatically reruns analyses on the affected assets. The CVE\u2019s actual removal is verified, detection and fix dates are logged, and the exposure time is calculated.<\/p>\n\n\n\n<p>You no longer simply report that a fix has been deployed: you demonstrate that the risk has been eliminated, detect remediation failures, and identify any regressions.<\/p>\n\n\n\n<p>These indicators directly inform CTEM management by providing a <strong>factual measure of the effectiveness of the actions taken<\/strong>.<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;6a1ba64aeea5f&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"6a1ba64aeea5f\" class=\"wp-block-image aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" width=\"1024\" height=\"193\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/measure-effectiveness-security-actions-taken-1024x193.png\" alt=\"\" class=\"wp-image-10039\" srcset=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/measure-effectiveness-security-actions-taken-1024x193.png 1024w, https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/measure-effectiveness-security-actions-taken-980x185.png 980w, https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/measure-effectiveness-security-actions-taken-480x90.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>5) Mobilization: Orchestrating remediation and driving risk reduction<\/strong><\/h3>\n\n\n\n<p>Once vulnerabilities have been validated, the challenge is to move to execution: fix, track progress, and demonstrate that the risk is actually decreasing. This is the role of the mobilization phase, where Cyberwatch becomes the central hub connecting security teams, IT operations, and management.<\/p>\n\n\n\n<p>In practice, it is based on three dimensions:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a><\/a><strong>Orchestrating technical remediation with patch management<\/strong><\/h4>\n\n\n\n<p><a href=\"https:\/\/docs.cyberwatch.com\/help\/en\/use_vulnerability_scanner\/deploy_security_fix\/\" type=\"link\" id=\"https:\/\/docs.cyberwatch.com\/help\/en\/use_vulnerability_scanner\/deploy_security_fix\/\" target=\"_blank\" rel=\"noreferrer noopener\">The patch management<\/a> view establishes a direct link between a high-priority vulnerability and the required action. For each asset, it centralizes CVEs, associated patches, and possible operations.<\/p>\n\n\n\n<p><strong>Patches can be deployed automatically <\/strong>on Windows and Linux environments, with dependency management and integration with existing tools such as WSUS or Red Hat Satellite. When software itself is the source of the risk, its uninstallation can be triggered from the platform.<\/p>\n\n\n\n<p>Cyberwatch is no longer limited to identifying vulnerabilities: it provides a <strong>traceable technical action plan<\/strong>, vulnerability by vulnerability.<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;6a1ba64aeee56&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"6a1ba64aeee56\" class=\"wp-block-image aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" width=\"1024\" height=\"182\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/action-plan-vulnerability-by-vulnerability-1024x182.png\" alt=\"\" class=\"wp-image-10042\" srcset=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/action-plan-vulnerability-by-vulnerability-1024x182.png 1024w, https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/action-plan-vulnerability-by-vulnerability-980x174.png 980w, https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/action-plan-vulnerability-by-vulnerability-480x85.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Integrating with IT workflows via ITSM<\/strong><\/h4>\n\n\n\n<p>Mobilizing also means <strong>aligning with the processes of the teams responsible for remediation.<\/strong><\/p>\n\n\n\n<p>ITSM integrations (<a href=\"https:\/\/docs.cyberwatch.com\/help\/en\/administration\/service_now_integration\/\" type=\"link\" id=\"https:\/\/docs.cyberwatch.com\/help\/en\/administration\/service_now_integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">ServiceNow<\/a>, <a href=\"https:\/\/docs.cyberwatch.com\/help\/en\/administration\/incoming_web_hook\/\" type=\"link\" id=\"https:\/\/docs.cyberwatch.com\/help\/en\/administration\/incoming_web_hook\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Teams<\/a>, <a href=\"https:\/\/docs.cyberwatch.com\/help\/en\/administration\/glpi_integration\/\" type=\"link\" id=\"https:\/\/docs.cyberwatch.com\/help\/en\/administration\/glpi_integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">GLPI<\/a>, Jira, etc.) enable the automatic conversion of a validated vulnerability into a pre-filled ticket that includes all relevant context: the affected asset, severity level, and recommended fix.<\/p>\n\n\n\n<p>Security teams manage the process in Cyberwatch, while IT teams work in their usual tools, yet the workflow remains seamless and synchronized.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a><\/a><strong>Driving remediation over time<\/strong><\/h4>\n\n\n\n<p>Mobilization is sustainable only if it is measurable. Cyberwatch logs the detection and resolution dates for each vulnerability and calculates processing times.<\/p>\n\n\n\n<p>This data feeds <strong>into dashboards<\/strong>: critical vulnerabilities by scope, average remediation time, SLA compliance, and scan coverage.<\/p>\n\n\n\n<p>The alert module automatically triggers notifications or integrations when a threshold is reached: new critical CVE, obsolete system, correction deadline exceeded.<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;6a1ba64aef278&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"6a1ba64aef278\" class=\"wp-block-image aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" width=\"1024\" height=\"574\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/cves-dashboard-1024x574.png\" alt=\"\" class=\"wp-image-10045\" srcset=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/cves-dashboard-980x549.png 980w, https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/cves-dashboard-480x269.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>You no longer just track deployed patches; <strong>you manage long-term risk reduction objectives<\/strong>.<\/p>\n\n\n\n<p>This traceability enables you to provide insights to steering committees, demonstrate compliance (particularly NIS2), and base decisions on factual indicators from the field.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a><strong>CTEM: Key Takeaways<\/strong><\/h2>\n\n\n\n<p>Implementing a CTEM program ultimately means changing your approach: <strong>shifting from ad-hoc vulnerability management to continuous management of the attack surface<\/strong>.<\/p>\n\n\n\n<p>With Cyberwatch, this approach becomes very concrete, as every stage of the cycle is operationally implemented within the platform:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A reliable, dynamic inventory of all your assets, including those that fall outside traditional approaches<\/li>\n\n\n\n<li>Segmentation of your attack surface aligned with your business priorities and criticality levels<\/li>\n\n\n\n<li>Moving away from the &#8220;endless backlog&#8221; to focus efforts on exploitable vulnerabilities that are effectively targeted and critical to your context<\/li>\n\n\n\n<li>The transition from abstract CVEs to proven exposure, with systematic re-scanning and reference catalogs<\/li>\n\n\n\n<li>Orchestrated and traceable remediation, from patch deployment to demonstration of risk reduction<\/li>\n<\/ul>\n\n\n\n<p>It is this <strong>continuity between detection, decision-making, and action <\/strong>that enables a concrete response to current challenges: operational resilience, regulatory compliance (NIS2), and transparency with respect to your governance.<\/p>\n\n\n\n<p>Would you like to see how this approach translates into practice in a real-world environment?<\/p>\n\n\n\n<p>\u2192&nbsp; <a href=\"https:\/\/cyberwatch.fr\/en\/contact\/\">Request a Cyberwatch demo<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a><strong>CTEM FAQ<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>What is Continuous Threat Exposure Management (CTEM)?<\/strong><\/h3>\n\n\n\n<p>CTEM is a framework defined by Gartner to continuously identify exposed assets, prioritize exploitable vulnerabilities, and effectively reduce the risk of compromise.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>Is CTEM a tool or a methodology?<\/strong><\/h3>\n\n\n\n<p>CTEM is a methodology that relies on discovery, analysis, and remediation tools to drive risk reduction.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>Why has CTEM become a leading approach in cybersecurity?<\/strong><\/h3>\n\n\n\n<p>It has gained prominence in particular because it enables cybersecurity to be adapted to cloud and hybrid environments where the attack surface is constantly evolving.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>What are the 5 phases of CTEM?<\/strong><\/h3>\n\n\n\n<p>The CTEM framework defined by Gartner follows a continuous cycle: Discovery \u2192 Scoping \u2192 Prioritization \u2192 Validation \u2192 Mobilization.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><strong>What is the connection between CTEM and NIS2?<\/strong><strong><\/strong><\/h3>\n\n\n\n<p>CTEM facilitates NIS2 compliance by providing a continuous view of risk, with tracking of remediation and performance metrics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cWe already manage our vulnerabilities; we perform regular security scans.\u201d If you\u2019re a CIO or CISO, you may have said this before. And it\u2019s a valid point: your tools are likely in place, your analysis cycles are scheduled, and your dashboards are filling up. On the surface, everything seems under control. The problem is that [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":10048,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[29],"tags":[],"class_list":["post-10032","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Step-by-Step Guide to CTEM - Cyberwatch<\/title>\n<meta name=\"description\" content=\"Discover CTEM (Continuous Threat Exposure Management): methodology, key steps, and practical implementation with Cyberwatch.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Step-by-Step Guide to CTEM - Cyberwatch\" \/>\n<meta property=\"og:description\" content=\"Discover CTEM (Continuous Threat Exposure Management): methodology, key steps, and practical implementation with Cyberwatch.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyberwatch\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-01T15:25:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-13T15:46:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/thumbnail-ctem.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1953\" \/>\n\t<meta property=\"og:image:height\" content=\"1015\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Amine Ait Kaci\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amine Ait Kaci\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/\"},\"author\":{\"name\":\"Amine Ait Kaci\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#\\\/schema\\\/person\\\/d7f6fdaa8c12687dbfaac2822287e3d3\"},\"headline\":\"CTEM (Continuous Threat Exposure Management): Continuously manage your exposure surface with Cyberwatch\",\"datePublished\":\"2026-04-01T15:25:48+00:00\",\"dateModified\":\"2026-04-13T15:46:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/\"},\"wordCount\":2675,\"publisher\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cyberwatch.fr\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/thumbnail-ctem.png\",\"articleSection\":[\"news\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/\",\"url\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/\",\"name\":\"Step-by-Step Guide to CTEM - Cyberwatch\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cyberwatch.fr\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/thumbnail-ctem.png\",\"datePublished\":\"2026-04-01T15:25:48+00:00\",\"dateModified\":\"2026-04-13T15:46:59+00:00\",\"description\":\"Discover CTEM (Continuous Threat Exposure Management): methodology, key steps, and practical implementation with Cyberwatch.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cyberwatch.fr\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/thumbnail-ctem.png\",\"contentUrl\":\"https:\\\/\\\/cyberwatch.fr\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/thumbnail-ctem.png\",\"width\":1953,\"height\":1015},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/news\\\/ctem-continuous-threat-exposure-management\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CTEM (Continuous Threat Exposure Management): Continuously manage your exposure surface with Cyberwatch\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/\",\"name\":\"Cyberwatch\",\"description\":\"Supervisez vos vuln\u00e9rabilit\u00e9s. Contr\u00f4lez vos conformit\u00e9s.\",\"publisher\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#organization\",\"name\":\"Cyberwatch\",\"url\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/cyberwatch.fr\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/logo_simple_black.png\",\"contentUrl\":\"https:\\\/\\\/cyberwatch.fr\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/logo_simple_black.png\",\"width\":1883,\"height\":500,\"caption\":\"Cyberwatch\"},\"image\":{\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cyberwatch.fr\\\/en\\\/#\\\/schema\\\/person\\\/d7f6fdaa8c12687dbfaac2822287e3d3\",\"name\":\"Amine Ait Kaci\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8533d8753c0f52656768b416ecc446762a20dc62fd6f416a8b07362a4a34d91c?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8533d8753c0f52656768b416ecc446762a20dc62fd6f416a8b07362a4a34d91c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8533d8753c0f52656768b416ecc446762a20dc62fd6f416a8b07362a4a34d91c?s=96&d=mm&r=g\",\"caption\":\"Amine Ait Kaci\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Step-by-Step Guide to CTEM - Cyberwatch","description":"Discover CTEM (Continuous Threat Exposure Management): methodology, key steps, and practical implementation with Cyberwatch.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/","og_locale":"en_US","og_type":"article","og_title":"Step-by-Step Guide to CTEM - Cyberwatch","og_description":"Discover CTEM (Continuous Threat Exposure Management): methodology, key steps, and practical implementation with Cyberwatch.","og_url":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/","og_site_name":"Cyberwatch","article_published_time":"2026-04-01T15:25:48+00:00","article_modified_time":"2026-04-13T15:46:59+00:00","og_image":[{"width":1953,"height":1015,"url":"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/thumbnail-ctem.png","type":"image\/png"}],"author":"Amine Ait Kaci","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Amine Ait Kaci","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/#article","isPartOf":{"@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/"},"author":{"name":"Amine Ait Kaci","@id":"https:\/\/cyberwatch.fr\/en\/#\/schema\/person\/d7f6fdaa8c12687dbfaac2822287e3d3"},"headline":"CTEM (Continuous Threat Exposure Management): Continuously manage your exposure surface with Cyberwatch","datePublished":"2026-04-01T15:25:48+00:00","dateModified":"2026-04-13T15:46:59+00:00","mainEntityOfPage":{"@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/"},"wordCount":2675,"publisher":{"@id":"https:\/\/cyberwatch.fr\/en\/#organization"},"image":{"@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/#primaryimage"},"thumbnailUrl":"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/thumbnail-ctem.png","articleSection":["news"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/","url":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/","name":"Step-by-Step Guide to CTEM - Cyberwatch","isPartOf":{"@id":"https:\/\/cyberwatch.fr\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/#primaryimage"},"image":{"@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/#primaryimage"},"thumbnailUrl":"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/thumbnail-ctem.png","datePublished":"2026-04-01T15:25:48+00:00","dateModified":"2026-04-13T15:46:59+00:00","description":"Discover CTEM (Continuous Threat Exposure Management): methodology, key steps, and practical implementation with Cyberwatch.","breadcrumb":{"@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/#primaryimage","url":"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/thumbnail-ctem.png","contentUrl":"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2026\/04\/thumbnail-ctem.png","width":1953,"height":1015},{"@type":"BreadcrumbList","@id":"https:\/\/cyberwatch.fr\/en\/news\/ctem-continuous-threat-exposure-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cyberwatch.fr\/en\/"},{"@type":"ListItem","position":2,"name":"CTEM (Continuous Threat Exposure Management): Continuously manage your exposure surface with Cyberwatch"}]},{"@type":"WebSite","@id":"https:\/\/cyberwatch.fr\/en\/#website","url":"https:\/\/cyberwatch.fr\/en\/","name":"Cyberwatch","description":"Supervisez vos vuln\u00e9rabilit\u00e9s. Contr\u00f4lez vos conformit\u00e9s.","publisher":{"@id":"https:\/\/cyberwatch.fr\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cyberwatch.fr\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cyberwatch.fr\/en\/#organization","name":"Cyberwatch","url":"https:\/\/cyberwatch.fr\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberwatch.fr\/en\/#\/schema\/logo\/image\/","url":"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2021\/04\/logo_simple_black.png","contentUrl":"https:\/\/cyberwatch.fr\/wp-content\/uploads\/2021\/04\/logo_simple_black.png","width":1883,"height":500,"caption":"Cyberwatch"},"image":{"@id":"https:\/\/cyberwatch.fr\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/cyberwatch.fr\/en\/#\/schema\/person\/d7f6fdaa8c12687dbfaac2822287e3d3","name":"Amine Ait Kaci","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/8533d8753c0f52656768b416ecc446762a20dc62fd6f416a8b07362a4a34d91c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/8533d8753c0f52656768b416ecc446762a20dc62fd6f416a8b07362a4a34d91c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8533d8753c0f52656768b416ecc446762a20dc62fd6f416a8b07362a4a34d91c?s=96&d=mm&r=g","caption":"Amine Ait Kaci"}}]}},"_links":{"self":[{"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/posts\/10032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/comments?post=10032"}],"version-history":[{"count":2,"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/posts\/10032\/revisions"}],"predecessor-version":[{"id":10052,"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/posts\/10032\/revisions\/10052"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/media\/10048"}],"wp:attachment":[{"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/media?parent=10032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/categories?post=10032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberwatch.fr\/en\/wp-json\/wp\/v2\/tags?post=10032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}