tencent cloud

Glossary
Download PDF
Last updated: 2025-09-24 17:40:58
Glossary
Last updated: 2025-09-24 17:40:58
Download PDF

Exposure Surface

Exposure surfaces refer to systems, devices, and information that are visible to attackers and can be exploited for intrusion. Not all exposure surfaces are obvious. Many exposure surfaces remain hidden in less visible areas (including supply chains, partners, or specific application services). These hidden exposure surfaces are often overlooked due to incomplete asset troubleshooting or human oversight.

Vulnerability

Vulnerabilities typically refer to asset vulnerability and configuration risks and are part of exposure surfaces. Vulnerabilities are weaknesses in assets or asset groups that may be exploited by threats, causing damages. Once successfully exploited, vulnerabilities may cause harm to assets. Vulnerability or configuration risks may exist across various domains, including a physical environment, organization, process, personnel, management, configurations, hardware, software, and information.

Threat

A threat is a potential source of harm, including collaborative account leakage of supply chain employees or exposed cloud keys. Although threats may not directly lead to data business unavailability or intrusion events, they are potential threats requiring enterprise attention and may cause corresponding security risks.

Risk

A risk refers to the potential loss caused by a threat or exposure surface. It is determined by two factors, that is, the harm it may cause and the probability of its occurrence.

Management of Threats and Exposure Surfaces

Management of threats and exposure surfaces, also known as CTEM, is a complete security solution, which usually involves continuous monitoring, analysis, verification, and remediation of exposure surfaces (including existing assets, ports, and vulnerabilities) and threats (potential attack methods and paths) that may directly or indirectly impact enterprise security. This process eventually promotes continuous risk control and convergence, enabling orderly risk management.



Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback