Black Hat 2025 had it all. Vegas heat outside, but inside the halls were packed with energy – nonstop conversations, bold ideas, and the kind of buzz you can’t fake.
But one thing rose above everything else.
I saw it on banners, heard it in pitches, and caught it in the hallway chatter. And honestly, seeing it take center stage felt exciting, because while many were just starting that story, we had already been living it for years.
That story is Continuous Threat Exposure Management (CTEM).
Gartner named it in 2022, defining it as a cycle of Scoping, Discovery, Prioritization, Validation, and Mobilization, a practical way to continuously measure and reduce risk. By their prediction, organizations running a CTEM program would be three times less likely to suffer a breach by 2026.
Suddenly, everyone wanted to be “doing CTEM.”
And this year at Black Hat, I saw it play out in real time. It made me proud, because while the crowd was just joining the race, we had already been running it for years.
When CTEM Became the New Gold Rush
Before Gartner’s announcement, there were already companies mapping closely to the five phases – they just didn’t have the CTEM label yet.
By mid-2023, the floodgates opened. Vendors raced to put “CTEM” on their slides. Some built it from the ground up. Many more simply rebranded existing products.
If you looked closely, you could divide the market into two camps:
- Purpose-built CTEM platforms – integrating multiple exposure management capabilities in one place.
- Rebranded/adapted offerings – existing tools repositioned under the CTEM banner.
The First Fully Branded CTEM Launches
The first public launches that carried “CTEM” in the product name from day one looked like this:
- Cymulate – Exposure Analytics – June 20, 2023
- Outpost24 – Outpost24 CORE – July 21, 2023
- Strobes Security – Strobes CTEM Platform – October 12, 2023
- NSFOCUS – CTEM Offerings – October 17, 2023
- Integrity360 + XM Cyber – CTEM-as-a-Service – September 23–24, 2024
We were one of the first three companies in the world to launch a fully branded CTEM platform. That’s not marketing spin, that’s the timeline.
The Pioneers Before the Name Existed
Long before CTEM had a catchy acronym, a few companies were already living its philosophy:
- XM Cyber – Since 2018, mapping hybrid attack paths and managing exposures continuously.
- Strobes Security – In 2021, we unified Attack Surface Management, Risk-Based Vulnerability Management, and Penetration Testing-as-a-Service into one platform — years before “CTEM” became the industry’s keyword.
- Tenable, Rapid7, and Qualys – All had overlapping capabilities pre-2022 but leaned into CTEM branding later.
This is why we can confidently say: we didn’t rebrand into CTEM – we were already doing it.
How the Vendor Space Grew
In 2023, CTEM was still a whisper. Only a handful of companies had the nerve to launch under its name: Cymulate, Outpost24, Strobes Security, and NSFOCUS.
By 2024–2025, CTEM had become a competitive battleground. The ecosystem included more than 20 cybersecurity companies marketing CTEM-centric solutions. Roughly half a dozen to a dozen were purpose-built platforms aligned to Gartner’s five stages, while at least another dozen were simply repackaging existing tools like asset management, scanning, or pentesting under the CTEM banner.
That’s where the split became clear:
- Purpose-built platforms like Strobes, Cymulate, Outpost24, XMCyber, and NSFOCUS started covering the entire lifecycle in one place.
- Rebranded offerings from Pentera, Tenable, Rapid7, Qualys, Check Point, Trend Micro, and Zscaler reshaped older products to fit the CTEM narrative.
And Gartner has been clear on this. You can’t run CTEM on a single old-school tool, and while companies used to stitch products together, the real shift now is toward unified suites, something Gartner itself called out in its 2024 Hype Cycle.
According to a Growth Market Reports forecast, the momentum isn’t slowing. The CTEM market is expected to grow at a 14.7% CAGR through 2033, rising from $1.98B in 2024 to $6.08B by 2033.
From a handful of launches in 2023 to a projected multi-billion-dollar market by 2033, CTEM hasn’t just grown – it has exploded into one of the fastest-scaling movements in cybersecurity.
Our Place in This Story
Here’s what that journey looks like:
And this isn’t just something we say — our history proves it.
From starting as an application security company in 2016 to launching one of the first CTEM platforms in 2023, every milestone has moved us closer to making continuous threat exposure management a reality for our clients.
Here’s what sets us apart:
- Built, not bolted-on – From the start, our platform was designed to integrate ASM, PTaaS, and RBVM seamlessly.
- Pioneer status – Among the first three global CTEM-branded launches.
- Pre-CTEM alignment – Our architecture already matched Gartner’s model before they named it.
- Proven track record – Multiple industries, global enterprises, and measurable outcomes.
We didn’t pivot to ride a trend. We were already running the race while the starting gun was still being loaded.
Built Into Our DNA, Not Just Marketing
Breaches today are costly and constant. That’s why a CTEM program that truly works, not just one that looks good on a slide, is the difference between thinking you’re secure and knowing you are.
The market will keep filling with CTEM-branded tools. But only a handful can say they were there when the blueprint was still being drawn.
We can. And we’ve been refining it ever since.
For us, CTEM isn’t a label to slap on a product. It’s a discipline we’ve built into our DNA – tested in real-world environments, shaped by client challenges, and proven in measurable results. While others are still learning the playbook, we helped write it. And we’re already running it at scale.
So when I walked the halls of Black Hat and saw CTEM everywhere, it didn’t feel like hype. It felt like validation.
That’s the difference between a platform that talks CTEM and a partner who lives it. Ready to experience the difference? Book a free demo with Strobes today.
