SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Digital shield surrounded by computer networks cloud icons cybersecurity framework
#
Cloud Security
#
Advanced Persistent Threat Protection
#
Breach Prevention

DivisionHex launches new framework to streamline exposure management

Sat, 6th Dec 2025
Author image
By Sean Mitchell, Publisher

Coalfire's security division, DivisionHex, has introduced a framework for exposure management, seeking to address long-standing confusion among organisations over how to assess and mitigate their digital exposure to cyber threats. The offering aims to provide companies with clearer processes and measurable milestones based on current threat intelligence, powered by Tenable One's platform.

Sector fragmentation

Exposure management has been acknowledged by security leaders as an essential priority for safeguarding organisations, but it remains a disparate field. Unlike other aspects of cybersecurity, such as vulnerability management or incident response, there are no established frameworks or universally accepted models guiding exposure management maturity. This vacuum has often left Chief Information Security Officers with a surfeit of unprioritised data and unclear improvement targets.

The new framework from DivisionHex was designed to tackle these challenges by presenting a phased approach that can be adopted by organisations at various stages of their risk management journey. Central to this approach are processes for continuous visibility of assets, risk-based prioritisation, and the application of threat intelligence tailored to individual business contexts.

Threat-driven focus

DivisionHex's methodology builds on live adversary tactics, techniques and procedures (TTPs) to inform defence strategies that better reflect the changing threat landscape. Rather than relying solely on automated detection tools, its service combines the identification of cloud, on-premises, and hybrid assets with ongoing assessment of their exposure to real-world threats.

Key to the service is risk-based prioritisation, correlating discovered vulnerabilities with the likelihood of actual exploitation and the operational impact of each asset, rather than treating all potential exposures with equal urgency. According to DivisionHex, this translates into more efficient use of security resources and a move away from blanket remediation tactics.

Data challenge

The approach responds to growing industry concern over the deluge of vulnerability data and the limited utility of traditional scoring systems. Recent findings cited by DivisionHex and Tenable suggest that less than 3% of vulnerabilities are actively exploited, yet many organisations still expend significant resources managing low-risk items identified by systems based solely on the Common Vulnerability Scoring System (CVSS).

This has led to what the company characterises as a misallocation of effort, with its service model advocating stronger linkage between vulnerability data, threat intelligence, and business priorities.

Industry perspective

"Technology alone can't solve the exposure management challenge. Software vendors have focused too narrowly on detection, leaving customers overwhelmed by data and unclear on how to act. Our framework helps organizations bridge that gap by turning vast amounts of data into meaningful insights and action through better processes, smarter prioritisation and faster remediation, empowering security teams to focus on problems before they become breaches," said Charles Henderson, Executive Vice President and Head of DivisionHex, Coalfire.

Adam Kerns, Managing Principle, Cyber Security Services, Coalfire, said: "Organisations are drowning in vulnerability data without the context to act effectively. Tenable research shows traditional CVSS-only approaches create 10x more work than necessary and less than 3% of vulnerabilities are exploited, yet teams waste resources treating all CVEs equally. Our exposure management approach changes this by correlating vulnerabilities with active threat intelligence, exploitability and business impact - enabling security teams to focus on the exposures that actually matter to their organization."

Jeff Brooks, Senior Vice President, Global Channels & Alliances, Tenable, said: "CISOs are shifting their mindset from emphasis on reactive firefighting to proactive fireproofing. Exposure management is a game-changer, enabling organizations to prevent breaches and reduce risk. We are thrilled to continue our partnership with Coalfire and help customers build robust exposure management programs to accurately prioritise and eliminate exposures based on the likelihood of attack."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cyb3r Operations raises $5.4m to tackle cyber risk
Deepfake boom fuels relentless wave of celebrity scams
Visionplatform.ai adds AI agents to Milestone XProtect
Phishing services drive 389% surge in account breaches
isVerified launches AI voice deepfake defence for execs

Top stories

NuSummit, Simbian launch AI-driven CognixMDR security SOC
Executive-level CISO titles surge amid rising scope strain
Ransomware hits record high as Qilin tops threat list
US travellers trust AI for trip ideas, not payments
Asimily boosts Cisco ISE with new device microsegmentation