Get unparalleled cyber security training from real-world practitioners in Boston. Save $200 thru 6/26.


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Negative Impacts of Disjointed Security and Response Functions: Results of SANS' Survey on Security Optimization

Centralization of functions, workflow and data needed to improve visibility and risk profile

  • Bethesda, MD
  • April 10, 2017

Organizations are asking for more centralized visibility and workflow across the prevention, detection and response functions, according to results of a new survey to be released by SANS Institute on April 20, 2017.

Survey results confirm what those in the field have known for a long time: There is a lack of centralization of information and visibility that affects organizational security. Shortages in reporting capabilities, either because of limitations in automation or centralization, are cited by 91% of the survey respondents. In addition, 87% report lack of visibility in risk posture, and 84% lack visibility into live threats under investigation.

Despite low rates of integration, the value of pooling security resources and functions is not lost on these respondents. In this survey, 63% of respondents see great value in integrating prevention, detection, response and remediation to improve visibility and accuracy and to reduce time investment, while 23% see at least some value.

"Although there is no obvious best practice, it seems clear that optimized security affects the entire organization and cannot be accomplished by multiple separate groups that don't interact with each other," says G.W. Ray Davidson, SANS Analyst and author of the survey results paper. "Organizations need to move toward a more unified security strategy that leverages centralized data through a documented system and shared knowledge and processes across teams and tools."

Full results of the survey will be shared during an April 20 webcast at 1 PM EDT, sponsored by ThreatConnect and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and security expert, G.W. Ray Davidson.

Tweet This:

How coordinated or disparate are your security and IR functions? | Register for April 20 webcast |

What risks are associated with lack of continuity between security and response? | Register for April 20 webcast |

April 20 webcast explores integration of security and IR functions and the effect on security | Register at

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (