Glossary

Continuous Monitoring

Q: What does Continuous Monitoring mean in cybersecurity?

Continuous Monitoring is a security term used to describe part of an organisation's external risk, exposure, or vulnerability management process.

Q: Why does Continuous Monitoring matter for external attack surface monitoring?

It matters because attackers evaluate internet-facing assets continuously, and unmanaged exposure can become an exploitable path into customer data, infrastructure, or business operations.

Q: How does VeilScan help with Continuous Monitoring?

VeilScan discovers public assets, checks them for verified issues, prioritises findings by business impact, and produces reports that explain remediation clearly.

Scheduled, automated security scanning that detects regressions over time

Quick Answer: Continuous monitoring in security refers to running automated vulnerability scans and security checks on a regular, scheduled cadence — weekly or monthly — rather than as a one-off or annual exercise. It detects new vulnerabilities as they are introduced through code deployments, infrastructure changes, configuration drift, and newly published CVEs, producing delta reports that show what changed since the last scan.

How does continuous monitoring differ from a one-time scan?

A one-time scan gives you a picture of your security posture at a single moment. Everything that changes after the scan — new deployments, new subdomains, new configurations, new CVEs — is invisible until the next scan.

Continuous monitoring reruns the full pipeline on a schedule. Regressions — vulnerabilities introduced since the last scan — are detected within the scan window. A vulnerability introduced by a Monday deployment is detected by the next weekly scan, not discovered a year later.

What does continuous monitoring produce?

Full scan reports — the complete current state of your attack surface and all verified findings
Delta reports — comparing the current scan to the previous: new findings (regressions), fixed findings (confirmed remediation), and overall risk score change
Immediate alerts — Slack notifications when new Critical or High findings are detected, before the full report is ready
Compliance evidence — a dated, signed record of scanning activity and remediation progress over time

Why do ISO 27001 and SOC 2 require continuous monitoring?

ISO 27001 A.8.8 (Management of technical vulnerabilities) requires organisations to identify and manage vulnerabilities on an ongoing basis. SOC 2 CC7.1 requires monitoring system components for anomalies and vulnerabilities. Both frameworks expect evidence of a continuous security programme, not a one-time assessment. Continuous monitoring provides the dated, structured evidence these frameworks require.

See: Continuous Monitoring feature · What Is Continuous Vulnerability Monitoring? · Compliance Mapping

What are common questions about Continuous Monitoring?

What does Continuous Monitoring mean in cybersecurity?

Continuous Monitoring describes a security concept that affects how teams understand, monitor, and reduce external exposure across internet-facing assets.

Why does Continuous Monitoring matter for external attack surface monitoring?

It matters because attackers continuously inspect public assets. Tracking this concept helps teams reduce exploitable exposure before it becomes a breach path.

How does VeilScan help with Continuous Monitoring?

VeilScan discovers public assets, validates findings with proof, prioritises issues by business impact, and explains remediation in reports built for engineering and leadership.

What related terms should you read next?

Start monitoring your attack surface continuously. Paid plans include automatic weekly or monthly scanning. View plans → · Back to glossary