Application security, AI/ML, AI benefits/risks, Exposure management

Why our AI world demands a remediation-first approach to exposure management  

(Adobe Stock)

(Adobe Stock)

COMMENTARY: Exposure management has emerged as a powerful alternative to traditional vulnerability management for good reason. A proactive, always‑on security discipline that continuously identifies an organization’s exposures and prioritizes them based on risk helps us know where to best focus our limited resources.

Yet, we are already at the precipice of the next stage of maturity for exposure management driven by timely, automated remediation. Enter remediation-first exposure management.

What does remediation-first actually mean?

Many exposure management programs start with visibility. They identify vulnerabilities, misconfigurations, and other risks. They then prioritize those risks and share them with the teams responsible for remediation. But this process has its downfalls—operations teams may not know how to remediate each risk, and some findings may already have scheduled remediations, which adds time and frustration into the remediation process.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

What if we inverted this process? By starting with remediation actions, like patches or application updates, grouped by the findings they remediate, we can quickly put together a checklist of steps that we can share between security and operations teams for simple, unified risk reduction. By layering in context like existing patch schedules and patch safety, we can make confident, risk-based decisions about which actions to take first, eliminating the need to go line-by-line through a spreadsheet of findings.

Using visibility to quantify risk reduction

There are a few foundational pieces needed to turn remediation-first vision into reality, starting with a single view of risk. Trying to compile an idea of risk exposure using multiple tools and correlating data from disparate tools and spreadsheets will cause frustration and lead to decisions made from incomplete data. The challenges of this approach include:

  • Disparate tools mean context gets lost when switching between them, and each has its own prioritization method.
  • No clear quantification of risk reduction from a remediation action.
  • Reporting across disparate tools is manual, time-consuming, and error prone.
  • Different tools can lead to multiple sources of truth and potential gaps.
  • Difficulty measuring patch impact on overall risk posture.
  • Tool sprawl, integration debt, and alert fatigue​.

Nearly 50,000 CVEs reported last year only exacerbates these challenges. And CVEs aren’t the only risks teams need to care about. In addition to understanding vulnerability data, we need a pipeline of continuously updated external attack surface intelligence, insecure TLS/SSL certificates, misconfigurations, rogue containers, and additional context such as lateral movement risk and asset criticality for a complete risk picture. We need it all in one consolidated place entrusted as the source of truth with clear pathways between identified risks and remediation actions.

Driving action with trusted risk scoring

Next we need to consider accurate risk scoring. Industry-standard scoring like the Common Vulnerability Scoring System (CVSS) represents a starting point, but real-world prioritization demands more. Combining CVSS with asset criticality, exploit maturity and intelligence, and lateral-movement risk ensures we focus on exposures that matter the most now. Unified scoring allows for:

  • Instant identification of high-impact exposures.
  • Direct linkage to remediation workflows that include patching, configuration enforcement, and application updates.
  • Accurate prioritization based on context, not just theoretical severity.

Many exposure‑management tools focus on scoping, discovery, and prioritization. With remediation-first exposure management, prioritized risks are connected directly to in‑product remediation tools, including patching, application updates, certificate fixes, and configuration changes. This tight link between scoring and action accelerates risk reduction and ensures that identified exposures are actually resolved.

How AI can help

Emerging capabilities like AI-powered recommendations and automated remediation workflows promise to remove many long-standing challenges of vulnerability management. They lets us customize our remediation plans so that they’re adaptable to different environments, compliance requirements, and operational constraints. We can automate patches, application updates, proactive policy enforcement, and other controls depending on what’s most appropriate for the asset and vulnerability type.

Exposure management needs to also cover a growing list of external assets: operational technology (OT), Internet-of-Things (IoT), and cloud workloads. Here too, the same assessments for asset criticality, lateral movement risk, and threat intelligence apply. With such a massive scale of endpoints, AI-driven automation can help us get a handle on our technology environment. It can update operating systems and applications, enforce and/or update policies before validating remediation actions, and rescan infrastructure and execute reports.

Remediation workflows can use AI to support the entire lifecycle in the following five ways:

  • Automatically adjust asset criticality when a system becomes externally exposed.
  • Generate smarter patch plans based on exposure context.
  • Update operating systems, applications, and policies as part of automated remediation.
  • Validate remediation actions, rescanning, and reporting as continuous, closed‑loop processes.
  • Reduce risk across diverse, modern environments at the speed required

Remediation-first exposure management prioritizes closing security gaps immediately after they are identified, rather than stopping at assessment or reporting. A complete exposure management platform with automated remediation as a central tenet combines continuous vulnerability discovery and risk scoring with integrated, automated remediation workflows.

This approach lets us reduce the attack surface continuously, which means reducing the risk of costly cyber breaches and the window of opportunity for attackers, and improving resilience. For these reasons, anyone aiming to improve their cyber risk management and compliance goals and strengthening their organization’s overall security posture should pivot their exposure management to lead with remediation.

Julia Grunewald, senior director, product management, Tanium

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Julia Grunewald

Julia Grunewald is VP, Product Management at Tanium, where she leads the Exposure Management portfolio. A published voice on remediation-focused exposure management, she specializes in helping enterprises gain visibility into cyber risk and turn it into action.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BannerBlack HatBrowserCookieDeepfakeDefacementDenial of ServiceDistributed ScansDomain HijackingDumpster Diving

You can skip this ad in 5 seconds