Choose from Eight InfoSec Courses at SANS Las Vegas 2018. Save $200 thru 12/27.

Press


Report Card on Continuous Monitoring

Security Misconfigurations Cited as Top Vulnerability; Yet Scanning Not Occurring Regularly Enough

  • Bethesda, MD
  • November 3, 2016

Continuous monitoring is improving visibility and response in organizations using this technology, according to results of a new survey to be released by SANS Institute on November 15, 2016.

In it, 8% improved visibility into enterprise systems and infrastructures by initiating a continuous monitoring program, and 28% improved their ability to accurately detect and remediate malicious events.

However, the news isn't all good. Continuous scanning, for example, is only happening at 5% of organizations surveyed. Another 3% are scanning daily, with the largest group of respondents (29%) scanning monthly or bimonthly.

"This year we presented a simple report card comparing results of the 2015 and 2016 CM surveys," explains Barbara Filkins, SANS Analyst Program research director and author of the survey report. "While our respondents get an A+ for increasing the number of programs, the balance of the results show lack luster performance."

Respondents to the 2016 showed no improvement in conducting active vulnerability scans on a weekly basis or better since our 2015 survey was conducted. Moreover, slightly fewer practiced continuous monitoring than in 2015. Most disturbing, 16% fewer were able to improve their ability to accurately detect and remediate malicious events than were able to in 2015, although this was still a top use case for CTI in 2016.

"Effective security has very simple roots," continues Filkins. "However, just because the starting point is simple doesn't mean that the process to achieving effective security is easy. Continuous monitoring has been around for a while, and it still represents a challenge for most organizations."

A clear majority (73%) cited security misconfigurations as the leading threat to their organizations. And, most security misconfigurations should be preventable through proper hygiene. The gap between assessment frequency represents a window of opportunity for attackers to detect vulnerabilities and act on them before security and operations teams are even aware of them.

Filkins concludes, "CM has to be a business commitment--a serious part of an organization's IT strategy--reaching well beyond security to dependencies on change and configuration management best practices. Organizations, especially larger enterprises, need to commit to recognizing change management, configuration management and continuous monitoring as key business practices, just as they do accounting and customer support."

Full results will be shared during a webcast on November 15, 2016 at 1 PM EDT, sponsored by ForeScout Technologies, IBM Security, Qualys, and RiskIQ, and hosted by SANS. Register to attend the webcast at www.sans.org/webcasts/102572

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and security expert, Barbara Filkins.

Tweet This:
"Security Misconfigurations Cited as Top Vulnerability..." Catch the full report in this webcast | 11/15 @ 1PM EST | www.sans.org/u/mWs
Vulnerabilities, Controls and Continuous Monitoring: The SANS 2016 Continuous Monitoring Survey | 11/15 @ 1PM EST | www.sans.org/u/mWs

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)