Last Day to Save $200 on Top-Notch Cyber Security Training at SANS Houston 2018!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

The Case for Endpoint Intelligence; A SANS Survey

Perimeter defenses are not enough; organizations need to examine their endpoints better for signs of compromise

  • Bethesda, MD
  • March 5, 2014

Automation and process to monitor endpoints for threats are lacking in organizations, according to a survey completed by 948 IT professionals conducted by the SANS Institute. Full results of the survey, sponsored by Guidance Software, will be discussed during a March 13 Webcast at 1 PM EDT.

More than 47% of 948 respondents to complete the survey say they operate under the assumption that they've been compromised.

The survey also indicates that attackers are evading edge security without the use of advanced technologies. In the survey, 51% indicated that the majority of compromises they experienced were the result of unsophisticated attack technologies.

Compromises directly relate to lack of automation and visibility into endpoints, according to responses. "Survey participants clearly identified the need for automation in their detection and remediation operation," says SANS Analyst Jacob Williams, author of the report. "The good news is that automation is on the rise, and most respondents will be automating some aspects of endpoint intelligence and remediation in the next 24 months."

Respondents would particularly like to be collecting more data from their endpoints and coordinate it with their network information for a clearer view of their threats and vulnerabilities, continues Williams.

"Survey respondents are not collecting as much data from their endpoints as they would like," he says. "This collection gap was most clear when considering network artifacts stored at the endpoint (for example ARP cache entries)."

Just how can organizations improve their visibility into blended threats? Join a live webcast hosted by SANS on Thursday, March 13 at 1 PM EDT, to learn how.

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by SANS. To register for the webcast, follow this link:

The SANS Analyst Program,, is part of the SANS Institute.


SANS Institute 3/13 webcast: how organizations improve their visibility into blended threats, to register

End Point Intelligence survey results reported on 3/13. Register now: for @SANSInstitute webcast & free report

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (