Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

The Case for Endpoint Intelligence; A SANS Survey

Perimeter defenses are not enough; organizations need to examine their endpoints better for signs of compromise

  • Bethesda, MD
  • March 5, 2014

Automation and process to monitor endpoints for threats are lacking in organizations, according to a survey completed by 948 IT professionals conducted by the SANS Institute. Full results of the survey, sponsored by Guidance Software, will be discussed during a March 13 Webcast at 1 PM EDT.

More than 47% of 948 respondents to complete the survey say they operate under the assumption that they've been compromised.

The survey also indicates that attackers are evading edge security without the use of advanced technologies. In the survey, 51% indicated that the majority of compromises they experienced were the result of unsophisticated attack technologies.

Compromises directly relate to lack of automation and visibility into endpoints, according to responses. "Survey participants clearly identified the need for automation in their detection and remediation operation," says SANS Analyst Jacob Williams, author of the report. "The good news is that automation is on the rise, and most respondents will be automating some aspects of endpoint intelligence and remediation in the next 24 months."

Respondents would particularly like to be collecting more data from their endpoints and coordinate it with their network information for a clearer view of their threats and vulnerabilities, continues Williams.

"Survey respondents are not collecting as much data from their endpoints as they would like," he says. "This collection gap was most clear when considering network artifacts stored at the endpoint (for example ARP cache entries)."

Just how can organizations improve their visibility into blended threats? Join a live webcast hosted by SANS on Thursday, March 13 at 1 PM EDT, to learn how.

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by SANS. To register for the webcast, follow this link:

The SANS Analyst Program,, is part of the SANS Institute.


SANS Institute 3/13 webcast: how organizations improve their visibility into blended threats, to register

End Point Intelligence survey results reported on 3/13. Register now: for @SANSInstitute webcast & free report

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (