organisations are shifting from reactive to proactive security strategies by adopting Continuous Threat Exposure Management (CTEM) and Security Exposure Management (SEM), enabling real-time risk reduction and resilience against evolving cyber threats.In today’s fast-moving world of cyber threats, simply reacting to attacks isn’t enough anymore to protect crucial business assets. Organizations need to shift towards a more proactive, ongoing approach—one that doesn’t just find vulnerabilities but actively manages and reduces risks before hackers have a chance to exploit them. That’s where Continuous Threat Exposure Management (or CTEM) comes in—a strategic framework designed to embed an adaptable, cyclical process into security operations, helping organizations stay ahead. Basically, CTEM is built around five main stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. This model was introduced by Gartner back in 2022 and really changes the game—moving away from isolated, one-time assessments towards an ongoing, dynamic effort. Its goal? To keep security posture aligned with ever-changing digital environments and new types of threats. At its core, CTEM helps organizations define their most critical assets, often called “crown jewels,” identify all possible attack routes, prioritize risks based on what truly matters to the business, test defense measures, and then act quickly to fix issues—all while continuously monitoring the situation. A key player in making CTEM work is something called Security Exposure Management (SEM). Think of it as a comprehensive toolset that streamlines each step within the framework, gathering real-time data and turning it into actionable insights. SEM offers a unified map of an organization’s attack surface—bringing together device info, identity details, user data, and cloud workload data—to provide a complete picture. Its Critical Asset Management feature helps with precise scoping—classifying assets based on how vital they are, including recent updates that mark senior executives and other key personnel as especially high-risk, considering insider threats. Discovery in SEM is pretty extensive—it covers multiple organizational units and hybrid environments. It continuously pulls in data from Microsoft’s security tools and external sources like ServiceNow CMDB, Qualys, and Tenable. This wide view allows organizations to map complex attack paths that may run from on-prem servers into cloud platforms—an essential capability given how interconnected modern networks have become. When it comes to Prioritization, SEM uses contextual security insights to group vulnerabilities into manageable projects tailored to specific threat domains and organizational priorities. The platform models possible attack paths, highlighting choke points—places where various threat vectors converge—so security teams can focus their remediation efforts where it really counts. And as for progress? SEM tracks it with metrics, helping security teams focus on the most impactful issues based on the business context and operational realities. The Validation stage leverages SEM’s visualization of attack paths, blast radius analysis, and its integration with Microsoft Defender’s Advanced Hunting features. These tools allow security teams to simulate real attack scenarios and verify how well their defenses hold up. It’s not just about assuming you’re secure; it’s about constantly testing and validating, which is pretty critical for effective security. Then comes Mobilization—turning all these insights into actual security actions. SEM supports direct remediation efforts, prioritization based on choke points, and integration with broader security tools like Microsoft Sentinel and Defender XDR. Event alerts, role-based access controls, and detailed logs of past actions all contribute to a flexible, measurable approach to improving security posture over time, ensuring organizations stay resilient. All in all, adopting CTEM—especially with platforms like SEM—marks a significant shift from reactive vulnerability management to a proactive, business-aligned way of reducing risks. Experts agree that CTEM promotes continuous visibility, better prioritization, ongoing validation, and coordinated responses—crucial elements to stay ahead of increasingly sophisticated cyber adversaries. By weaving these practices into everyday security routines, organizations can bolster their defenses, cut down on exposure, and better protect their most vital assets amidst the complex digital landscape. References: - Paragraph 1 – Microsoft Tech Community, Tenable, Kroll - Paragraph 2 – Microsoft Tech Community, CTEM.org, Tenable, Palo Alto Networks, Pentera - Paragraph 3 – Microsoft Tech Community - Paragraph 4 – Microsoft Tech Community, Palo Alto Networks - Paragraph 5 – Microsoft Tech Community - Paragraph 6 – Microsoft Tech Community, Tenable, WithSecure, CTEM.org, Palo Alto Networks - Paragraph 7 – Microsoft Tech Community Source: Noah Wire ServicesVerification / Sources https://techcommunity.microsoft.com/blog/securityexposuremanagement/proactive-security-with-continuous-threat-exposure-management-ctem/4452149 - Please view link - unable to able to access data https://www.tenable.com/cybersecurity-guide/learn/what-is-ctem - This article from Tenable explains Continuous Threat Exposure Management (CTEM) as a continuous cycle comprising five stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. It emphasizes the importance of defining the scope of exposure assessments, enhancing discovery to include unpatchable attack surfaces, prioritizing exposures based on severity and exploitability, validating risks through simulations, and mobilizing effective remediation by integrating existing workflows and collaborating with non-security teams. The piece highlights best practices for each stage to effectively manage and mitigate cyber threats. https://www.kroll.com/en-us/publications/cyber/what-is-continuous-threat-exposure-management - Kroll's article introduces CTEM as a five-stage approach to continuously expose an organization’s networks, systems, and assets to simulated attacks to identify vulnerabilities and weaknesses. The stages include Scoping, Discovery, Prioritization, Validation, and Mobilization. The article discusses the benefits of CTEM, such as shifting from point-in-time vulnerability assessments to a repeatable security posture remediation and validation program, and the importance of regularly exposing assets to simulated attacks to identify and fix vulnerabilities before malicious actors can exploit them. https://www.withsecure.com/en/expertise/resources/understanding-ctem - WithSecure's resource provides an in-depth understanding of CTEM, detailing its five stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. It discusses key components of CTEM, including continuous monitoring, vulnerability management, risk prioritization, integration of threat intelligence, and automation and orchestration. The article emphasizes how CTEM enables organizations to proactively identify and mitigate cyber threats, enhance decision-making, ensure compliance adherence, and foster continuous improvement in cybersecurity defenses. https://ctem.org/docs/what-is-continuous-threat-exposure-management - CTEM.org's page defines Continuous Threat Exposure Management as a framework designed to reduce an organization’s exposure to cyber threats by continuously identifying vulnerabilities and attack paths, prioritizing risks based on their potential impact on critical assets, validating security measures to ensure effectiveness, and systematically remediating threats in a coordinated and iterative manner. The page outlines the five stages of CTEM: Scoping, Discovery, Prioritization, Validation, and Mobilization, and highlights the importance of continuous monitoring and refinement of security postures to stay ahead of potential threats. https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management - Palo Alto Networks' article explains CTEM as a structured, ongoing approach to identifying, validating, prioritizing, and remediating security exposures across assets, attack paths, and business risks before attackers exploit them. It shifts security from reactive operations to continuous, threat-informed, and business-aligned risk reduction. The article discusses the five stages of CTEM and the benefits of implementing such a program, including improved threat visibility, risk-based prioritization, validation of real-world risk, measurable security improvement, and strategic alignment with business objectives. https://pentera.io/glossary/continuous-threat-exposure-management-ctem/ - Pentera's glossary entry defines CTEM as a programmatic approach consisting of a five-stage iterative cycle designed to systematically reduce an organization's security exposures. The stages are Scoping, Discovery, Prioritization, Validation, and Mobilization. The article emphasizes the cyclical nature of CTEM, allowing organizations to enhance their security posture by identifying and addressing problematic areas, and the importance of recognizing exposures and their potential exploitation to gain a true attacker’s perspective. Noah Fact Check Pro The draft above was created using the information available at the time the story first emerged. We've since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation. Freshness check Score: 8 Notes: The narrative introduces Continuous Threat Exposure Management (CTEM), a framework developed by Gartner in 2022. The earliest known publication date of substantially similar content is March 13, 2024, when Microsoft announced the public preview of Microsoft Security Exposure Management, which incorporates CTEM. (techcommunity.microsoft.com) The report appears to be original, with no evidence of recycled content. The inclusion of recent data and references to current Microsoft initiatives suggests a high freshness score. Quotes check Score: 9 Notes: The report does not contain direct quotes. The information is presented in a paraphrased manner, indicating originality and exclusivity. Source reliability Score: 10 Notes: The narrative originates from the Microsoft Tech Community, a reputable platform for official Microsoft communications. This enhances the credibility and reliability of the information presented. Plausability check Score: 9 Notes: The claims made in the report align with known developments in the field of cybersecurity, particularly regarding Microsoft's initiatives in exposure management. The technical details and descriptions of CTEM are consistent with industry standards and Microsoft's documented strategies. The language and tone are appropriate for a professional audience, and there are no inconsistencies or suspicious elements. Overall assessment Veredict (FAIL, OPEN, PASS): PASS Confidence (LOW, MEDIUM, HIGH): HIGH Summary: The report is original, with no evidence of recycled content. It originates from a reputable source, the Microsoft Tech Community. The information is current and aligns with known developments in Microsoft's cybersecurity initiatives. The absence of direct quotes and the professional tone further support its credibility.

The devastating Kerr County floods highlight critical gaps in emergency preparedness, warning systems, and leadership, prompting calls for urgent reforms and improved resilience measures.Following the devastating flash floods that hit Kerr County, Texas, over the July 4th weekend, a pretty clear lesson comes into focus for elected officials everywhere: proactive emergency management really is crucial if we want to lessen the impact of natural disasters. The event took more than 100 lives and left roughly 170 people still missing, highlighting some serious gaps in preparedness, early warning systems, and how well different agencies coordinated their response efforts. Jim Mullen, who used to be the emergency management director in Seattle, stresses that officials shouldn’t just sit back and relax because a disaster happens somewhere else. Instead, he suggests they need to team up with emergency managers to thoroughly assess vulnerabilities and come up with solid contingency plans. Mullen warns that, honestly, tight budgets often limit how much preventive work gets done — but it’s the duty of leaders to look into all options to keep their communities safe from disasters that, let’s face it, we could see coming. He also emphasizes the importance of honest communication with the public, pointing out that ignoring known risks could lead to outcomes that are both morally wrong and politically damaging when crunch time hits. This Kerr County tragedy really drives home what can go wrong when oversight is lacking. Despite being in a zone known for flash floods—some folks even call it 'flash-flood alley'—the county didn’t have a proper flood warning setup in place. For over ten years, there were multiple attempts to get funding—around a million dollars—to install sensors and sirens, but those efforts kept hitting walls thanks to political resistance, concerns over the budget, and rejected grant applications. Even when the state tossed in grants and interest-free loans, local officials turned them down, citing unfavorably terms. People living there and critics alike are pretty upset, claiming that these missed chances probably contributed to the high death toll and destruction. Since then, state leaders have promised to increase funding for disaster relief and warning systems, but for many, the response feels a bit slow, which, well, underscores just how costly inaction can be. The issues with early warning systems didn’t end there. Despite the National Weather Service issuing warnings on time, local authorities were slow to order evacuations. Many residents didn’t get alerts—or if they did, they weren’t sure what to do with them. Kerr County didn’t have enough integrated sirens, and it only adopted the federal Wireless Emergency Alerts system after the waters had already peaked. Experts say that poor cell coverage, alert fatigue, and confusing messages all made it harder for folks to respond effectively—this isn’t just a Kerr County problem, by the way, but one that reflects broader challenges across the country, especially as climate change makes extreme weather events more intense and frequent. Another major issue was the overall lack of preparedness and good coordination among local officials. There was a five-year-old emergency plan for Kerr County, but it was quite generic and not really followed during the crisis. Reports indicate that key leaders, like the sheriff and emergency director, weren’t available at the start of the flood, and no evacuation drills had ever really been carried out across the county. The mayor and county judge, who are supposed to help guide disaster response, were either absent or uncommunicative. This kind of organizational weakness made managing the emergency even tougher. The plan, after all, specifically identified flash flooding as the biggest threat, but no rehearsals or clear leadership structures were in place. That lack of preparedness and leadership really hampered their ability to respond effectively as the flood worsened. In light of all this, Texas has started introducing new laws aimed at stopping such tragedies from happening again. These measures include tougher safety rules for youth camps—like Camp Mystic, where many victims lost their lives. The new legislation bans cabins in flood-prone areas, mandates better emergency plans, requires staff training, and allocates $240 million to boost early warning systems. Governor Greg Abbott, who attended the bill signing alongside families of victims, emphasized that these reforms are critical to protecting vulnerable populations. Some camp operators worry about the financial burden this might impose, but families and safety advocates argue that safety should always come first. The hope is that Texas’ efforts can serve as a model for other states too. The Kerr County flood tragedy really acts as a serious wake-up call for communities around the world. Experts argue that investing more—not only in better technology but also in public education, multiple communication channels, and regular drills—is key to building resilience. Essentially, this disaster shows what can happen when delays and denial get in the way of confronting known risks—it's a stark reminder that transparency, teamwork, and strong leadership aren’t optional; they’re essential for effective disaster management. References: - Paragraph 1 – [1], [3], [4] - Paragraph 2 – [1], [4] - Paragraph 3 – [5], [3], [4] - Paragraph 4 – [6], [1], [3] - Paragraph 5 – [2], [1] - Paragraph 6 – [3], [5], [1] Source: Noah Wire ServicesVerification / Sources https://www.coehsem.com/a-few-thoughts/ - Please view link - unable to able to access data https://www.apnews.com/article/91378b4fe4448564d544851f1193f716 - Following the tragic deaths of 27 campers and counselors during a July 4th flood at Camp Mystic in Texas, new state laws have been enacted to enhance youth camp safety. The legislation prohibits cabins in flood-prone areas, mandates emergency preparedness plans, requires staff training, and installs early warning systems. Governor Greg Abbott, accompanied by the victims' families, signed the bills into law, emphasizing their goal to prevent similar tragedies. The laws also allocate $240 million for disaster relief, sirens, and improved weather forecasting. Although some camp owners expressed concern about financial burdens, families like Blake Bonner and Matthew Childress, who lost their daughter Chloe, stressed the importance of safety reforms while affirming their support for camps. Childress hopes Texas' legislative action becomes a model for nationwide camper protections. https://www.ft.com/content/f9d9605d-02d7-4476-b109-23957b9c201c - A devastating flood in Texas has claimed over 100 lives and left approximately 170 people missing, raising serious concerns about the adequacy of early warning systems amid increasingly extreme weather driven by climate change. As the Guadalupe River overflowed during the US Independence Day weekend, many questioned the timeliness and sufficiency of evacuation alerts. Despite advances in weather forecasting, the failure to effectively communicate risks to the public remains a critical issue, as seen in recent disasters in Spain, Hawaii, and Germany. Experts argue that even in high-risk regions with existing flood histories, such as Kerr County, Texas, warning systems like sirens were not implemented due to cost concerns. Globally, only about half of countries have comprehensive early warning capabilities, though improvements have been made since 2015. Specialists stress the need for greater investment in multi-hazard early warning systems, public communication, and preparedness training. Examples from Japan show the benefits of regular drills and awareness campaigns. The Texas flood underscores the necessity of preparing for worst-case scenarios, enhancing national and local alert infrastructure, and overcoming hesitations in issuing timely warnings to avoid future tragedies. https://www.apnews.com/article/0845df62390b9623331ba4a030c5fc7d - Over the past decade, various Texas state and local agencies failed to fund a much-needed $1 million flood warning system in Kerr County, located in a flood-prone area known as 'flash-flood alley.' Despite earlier deadly floods—including one in 2015 and another in 1987 that killed campers—efforts to install monitoring sensors and sirens near areas like Camp Mystic were repeatedly stalled due to political opposition, budget concerns, and unsuccessful grant applications. The county declined state funding offers, including a combination of a grant and an interest-free loan, citing unfavorable terms. These missed opportunities culminated in a tragic July 4 flood that claimed at least 120 lives. Residents and officials criticized the years of inaction, calling it unimaginable that no adequate warning systems were installed despite consistent discussion and evidence of flood threats. While state leaders now promise future funding, many believe the response came too late to prevent unnecessary loss of life. https://www.theatlantic.com/science/archive/2025/07/texas-flood-emergency-alert-failures/683461/?utm_source=apple_news - The article discusses the systemic failures in emergency alert systems during natural disasters, focusing on the deadly July 2025 flooding along the Guadalupe River in Kerr County, Texas, where over 100 lives were lost. Despite timely National Weather Service (NWS) warnings, local government evacuation orders were delayed, and many residents failed to act due to factors like poor cell service, alert fatigue, and lack of actionable information. Kerr County lacked sirens and did not utilize the federal Wireless Emergency Alerts system until after peak flooding. Broader issues include inadequate training for officials responsible for drafting alert messages, the absence of required credentials, and frequent miscommunication during crises, such as the Lahaina fires and California’s tsunami warning in December 2024. Experts emphasize the need for clear, pre-written alerts, multiple communication channels (e.g., drones, landlines, loudspeakers), and public education about local risks and emergency preparedness. The piece warns that with increasing climate-related disasters and reduced federal support, local authorities and individuals must take greater responsibility for emergency readiness. https://www.texastribune.org/2025/07/31/kerr-county-emergency-plan/ - A five-year-old emergency management plan, obtained by The Texas Tribune, shows that Kerr County and Kerrville officials were operating from a generic disaster response template that, in some cases, officials failed to follow when 30-plus feet of floodwaters swamped the Guadalupe River banks on July 4. The plan, which all counties must file with the Texas Division of Emergency Management, serves as a disaster playbook for local officials. Emergency management plans spell out who is in charge of the entire response to a mass disaster that could result in serious injury and death, and designate which tasks — evacuations, medical treatment tents, sanitation and the recovery of bodies — go to which county and city administrative leaders to keep confusion at a minimum and bureaucratic bottlenecks from occurring. It’s not known if Kerr County and Kerrville officials used the plan. A request for comment was not immediately returned late Thursday. But if they had, there was a clear set of instructions on when to increase monitoring of weather once a flood watch was issued, the first sign that trouble may be approaching, and also at what point evacuations should begin. And the plan indicates that all of the top officials in the area considered flash flooding and flooding as the greatest threat to Kerrville and Kerr County. The plan puts the county judge and the mayor in charge of offering general guidance to disaster response. It puts the emergency management coordinator or the city manager as the lead to direct the overall response. Initially city officials had to take lead because the top three county officials were out missing when the flooding began. According to testimony earlier Thursday at a legislative hearing, both Kerr County Sheriff Larry Leitha and William “Dub” Thomas, the county’s emergency management director, were asleep when the flooding began pouring into homes and Camp Mystic, which resulted in more than 100 people killed. Kerr County Judge Rob Kelly was out of town the day of the flooding. Local officials told lawmakers that they received little warning about the flood, that it came too quickly for an adequate response. Thomas admitted to state Sen. Charles Perry, a Lubbock Republican, that Kerr County and Kerrville first responders had never conducted a countywide evacuation exercise ever. “We have not done a full-scale evacuation exercise,” Thomas admitted. But the 55-page plan indicates that local officials should have been better prepared. The plan was released to the Tribune by the Texas Division of Emergency Management in response to a public records request. Kerr County officials have not responded to a similar request made earlier by the Tribune. “Proper mitigation actions, such as floodplain management, and fire inspections, can prevent or reduce disaster-related losses,” the plan states. “Detailed emergency planning, training of emergency responders and other personnel, and conducting periodic emergency drills and exercises can improve our readiness to deal with emergency situations.” Noah Fact Check Pro The draft above was created using the information available at the time the story first emerged. We've since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation. Freshness check Score: 10 Notes: The narrative is based on a recent press release, which typically warrants a high freshness score. The earliest known publication date of substantially similar content is July 4, 2025, with the most recent update on July 21, 2025. The narrative includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged. No earlier versions show different figures, dates, or quotes. Quotes check Score: 10 Notes: The narrative includes direct quotes from Jim Mullen, the former emergency management director in Seattle. A search for the earliest known usage of these quotes indicates that they have not appeared in earlier material, suggesting potentially original or exclusive content. Source reliability Score: 8 Notes: The narrative originates from a reputable organisation, the Center for Emergency Health Services and Emergency Management (CEHSEM), which adds credibility. However, the CEHSEM's public presence and verifiability are limited, which slightly reduces the reliability score. Plausability check Score: 9 Notes: The narrative's claims align with known facts about the Kerr County flood tragedy, including the number of fatalities, the involvement of Camp Mystic, and the lack of an early-warning system. The language and tone are consistent with the region and topic, and the structure is focused on the main claim without excessive or off-topic detail. The tone is appropriately serious and resembles typical corporate or official language. Overall assessment Veredict (FAIL, OPEN, PASS): PASS Confidence (LOW, MEDIUM, HIGH): HIGH Summary: The narrative is based on a recent press release, includes original quotes, and originates from a reputable organisation. The claims are plausible and consistent with known facts, and the language and tone are appropriate. Therefore, the overall assessment is a PASS with high confidence.