TENCENT(HK:00700) Sou Hu Cai Jing·2025-11-30 12:09Core Viewpoint - The report "Internet Exposure Risk Trends and Capability Building" released by Tencent Cloud emphasizes the need for Continuous Threat Exposure Management (CTEM) to replace traditional protection models, aiming to provide guidance for enterprises in building a comprehensive risk prevention system. Group 1: Current Risk Landscape - Cyber attacks are increasingly characterized by profit-driven and automated features, with threat actors including state-level attackers and organized crime groups targeting critical national infrastructure, commercial data, and personal sensitive information. High-harm attack cases against government and enterprises are increasing by approximately 27% annually, with frequent ransomware and data theft incidents [1][13]. - The forms of risk are diverse, including bucket theft, API interface leaks, credential leaks, and privacy breaches, which are often hidden attacks. Traditional vulnerability scanning and penetration testing have significant limitations and struggle to cover all risk points in complex architectures [1][21]. Group 2: Challenges in Defense - In the context of regular attack-defense drills, defenders face multiple challenges. Attackers, equipped with professional teams, advanced tools, and sufficient funding, hold the initiative and can flexibly choose their attack timing and targets. Defenders generally lack attack-defense experience and team cohesion, relying mainly on IP blocking and vulnerability scanning, which limits their ability to discover risks from the attacker's perspective [1][23]. Group 3: Advantages of Exposure Management - Exposure management offers significant advantages over traditional vulnerability scanning. It has a broader focus, covering vulnerabilities, cloud configuration errors, and stolen credentials, and encompasses a more comprehensive attack surface, including internal, external, cloud, and IoT devices. The implementation is near real-time monitoring rather than periodic scanning, and risk assessment incorporates severity, threat level, and business impact for quantification [2][30]. Group 4: Service Capabilities and Delivery - Tencent Cloud's exposure management service has established a full-process capability of "monitoring-analysis-validation-repair." Core services include asset mapping (IP, domain, services), exposure identification (supply chain, credentials), vulnerability detection, and correlation analysis. The service leverages self-developed tools and an operations center, featuring capabilities such as real-time asset change perception and fine-grained scanning control [2][42]. - The delivery methods are flexible, including regular exposure service reports, public cloud customer console access, and subscription-based API interfaces, adaptable to various operational, compliance, and security scenarios [3][41]. Group 5: Future Focus - The report emphasizes that enterprises need to establish continuous exposure reduction capabilities through comprehensive risk coverage from an attacker's perspective, precise prioritization, and closed-loop repair operations to enhance risk prevention efficiency. Future exposure management will focus more on intelligence, automation, and full-link collaboration, becoming a core support for enterprise cybersecurity [3][30].