Detecting a threat before it’s exploited is one of the most important priorities for any organization with a digital presence today. But how can you achieve this without compromising your internal network? Is it possible to have real visibility into your vulnerabilities without performing intrusive or invasive scans? The answer is yes, and tools like Kartos by Enthec are making it possible.
Kartos is an advanced solution for Continuous Threat Exposure Management (CTEM), designed specifically for businesses. It enables you to identify, prioritize, and address digital weaknesses before an attacker can exploit them as an entry point.
Through an external, non-intrusive, and fully automated approach, Kartos continuously scans your digital footprint, including domains, subdomains, exposed applications, cloud assets, public configurations, and other relevant information. All without the need to install agents or access your internal network.
Are you interested in learning how you can reduce your risk of cyberattacks without modifying your current infrastructure? Discover how Kartos can help you take the next step toward a more confident and proactive posture.
What is a CVE, and why should you pay attention to it?
Before getting into the subject, it is essential to understand what a CVE is.. The acronyms correspond to Common Vulnerabilities and Exposures. It’s an international standard that classifies and labels known security flaws in software and hardware. Each vulnerability is given a unique identifier, such as CVE-2024-12345, making it easier to track and resolve.
Why are they so relevant to your company? Because when a CVE is published, cybercriminals also become aware of it. Many rely on these lists to find organizations that have not yet patched their systems or that remain publicly exposed.
CVE and cybersecurity are terms that should always be used in conjunction. It’s not enough to know them; you have to manage them proactively.
If you’d like to learn more about CVEs, we recommend checking out our content: What is a CVE?
CVSS Severity Levels: How a CVE is Classified
| Level | CVSS Score | Meaning | Urgent action |
|---|---|---|---|
| None | 0.0 | No real impact | No action required |
| Low | 0.1 – 3.9 | Limited impact | Monitor |
| Half | 4.0 – 6.9 | Exploitable with conditions | Plan patch |
| High | 7.0 – 8.9 | Significant impact | Patch urgently |
| Critical | 9.0 – 10.0 | Exploitable remotely, without authentication | Immediate action |
How does the CVE system work? Vulnerability lifecycle
Understanding how the CVE system works is essential for managing them effectively. From the moment a vulnerability is discovered until it appears in the databases, the process follows these stages:
- Discovery: A researcher, user, or vendor identifies a vulnerability in a system.
- Report: A CNA (CVE Numbering Authority), such as MITRE, Microsoft, Oracle, or NIST, is notified.
- ID Assignment: The CNA assigns a unique identifier CVE-YEAR-NUMBER.
- Publication: The CVE is published on the official CVE list and in the NIST National Vulnerability Database (NVD).
- Enrichment: NVD adds CVSS scores, attack vectors, CWE configurations, and references.
- Management and patching: Manufacturers release updates; security teams prioritize and apply fixes.
¿Why proactively manage CVEs? Key advantages
- Reduction of exposure time: Identifying CVEs before they are exploited drastically reduces risk.
- Regulatory compliance: ENS, NIS2, and GDPR require active vulnerability management. Ignoring a critical CVE can lead to penalties.
- Resource optimization: Prioritizing by CVSS score allows you to focus efforts on the failures with the greatest real impact.
- Reputation and trust: Companies that proactively manage CVEs earn greater trust from customers and partners.
- Defense against known threats: More than 60% of cyberattacks exploit CVEs with available but unapplied patches.
How to detect CVE vulnerabilities from the outside: without touching your internal network
There is a widespread belief that detecting vulnerabilities requires performing internal scans, installing agents, or accessing the company’s network. However, this is no longer true. Thanks to modern approaches such as CTEM, you can map your entire exposure without touching a single line of your private network.
How does the external CVE detection model work with Kartos?
At Enthec, we’ve developed Kartos, a solution that simulates an external attacker’s perspective to detect CVEs on your digital surface. The process is structured in three phases:
- Asset discovery: Kartos maps everything exposed on the internet that belongs to your digital footprint, including IPs, domains, subdomains, SSL certificates, web endpoints, public metadata, open configurations, and cloud buckets…
- Correlation with CVE databases: The identified assets are automatically cross-referenced with public databases such as NIST NVD, MITRE CVE List, and ExploitDB to detect if they are affected by any known vulnerabilities.
- Prioritization and real-time alerts: Kartos not only detects but also classifies CVEs by their real risk level and alerts you with concrete, actionable recommendations.
Advantages of this approach
No intrusions, no friction
One of the most significant benefits is that it does not interfere with your internal operations. . Since it doesn’t require network permissions or software installation, implementation is quick and secure. It also reduces IT or technical department resistance, as nothing in the corporate environment is disrupted.
View from the attacker’s perspective
A common mistake in cybersecurity is focusing solely on what happens “inside.” However, attackers don’t start inside your network: they begin outside. Having visibility into how a cyber attacker perceives you allows you to act before he does.
Smart prioritization
Not all CVEs are equally dangerous. Some are theoretical, while others have already been discovered to have known exploits. Kartos not only detects vulnerabilities but also identifies the most critical ones, helping you make more efficient and informed decisions.
What role does CVE play in modern cybersecurity?
Business cybersecurity in Spain and around the world is facing a growing problem: the escalation of cyberattacks.. Every year, we learn of new cases that occur worldwide. In this context, reacting is no longer enough; we must anticipate.
That’s where the concept of CVEs as a risk indicator comes in. Knowing which CVEs affect your digital infrastructure is a crucial first step toward developing a robust defense strategy. But just as important is discovering them early and consistently.
In other words, CVE management is the foundation of an active security posture.
The CTEM approach and its application with Kartos
What is CTEM
CTEM, or Continuous Management of Threat Exposure,is an approach that goes beyond one-off audits. It involves continually assessing the attack surface to identify vulnerabilities and remediate them before they can be exploited.
Why Kartos stands out
Compared to other more technical tools or those focused on internal network scans, Kartos adopts a 100% external philosophy, adapted to the real world.. It detects relevant CVEs in your visible assets, alerts you in real time, and provides concrete, actionable recommendations.
Additionally, it’s scalable, enabling you to protect everything from startups to large corporations without requiring infrastructure or internal team adjustments.
What if I’m an individual? There’s a solution, too.
If you are a self-employed professional or a user concerned about your digital footprint, Enthec has also developed Qondar, a solution designed for individuals. It provides visibility into your personal digital exposure, ideal for executives or professionals at risk of targeted cyberattacks.
CVE vulnerabilities are present in almost every connected infrastructure, and waiting for them to be exploited is a luxury no company can afford. Cybersecurity tools like Kartos enable you to adopt a proactive and practical approach, with agile implementation, and without the need to alter your internal network through perimeter-based cybersecurity.
Detecting CVEs from the outside is not only possible, but is an increasingly recommended practice in the field of cybersecurity.
Request a free Kartos demo today and see for yourself how you can reduce your exposure to threats without changing a single line on your servers. Contact us!


