Core Netwars Continuous Hones New Skills - FREE with OnDemand Training for One Week Only!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Endpoint Security Automation Top Priority: Results of the 2018 SANS Endpoint Security Survey

Automation Top Priority; Next-gen Capabilities Often Not Implemented

  • Bethesda, MD
  • June 4, 2018

Automating endpoint detection and response processes is the top priority for IT professionals trying to put actionable controls around their endpoints, according to the SANS 2018 Survey on Endpoint Protection.

"The diversity and quantity of endpoints in the modern enterprise are driving the need for more automation and predictive capabilities," says survey author and SANS Analyst Lee Neely.

Neely continues that more automation enables the SOC to stay abreast of endpoint-related threats, while addressing a major issue cited by respondents: Lack of staffing and resources to manage and monitor their many endpoint-related toolsets.

Yet, respondents are relying on the capabilities they currently have--and often those technologies are not fully implemented.

"While organization are purchasing solutions to keep ahead of the emerging cyber threats, they appear to fall short on implementing key purchased capabilities needed to protect and monitor the endpoint," Neely continues.

For example, 50% have acquired next-gen antivirus, but the majority (37%) have not implemented the capabilities. Additionally, 49% have malware-less attack detection capabilities, but 38% have not implemented them. In some cases, it appears that while respondent organizations were able to procure these types of newer technologies, they lacked the resources to implement them.

Full results will be shared during a two-part webcast at 1 PM EDT on June 13 and 14, sponsored by Carbon Black, CrowdStrike, Endgame, ForeScout, Malwarebytes, McAfee and OpenText, and hosted by SANS. Register to attend the June 13 webcast at and the June 14 webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and endpoint security expert, Lee Neely, with advice from fellow SANS Analyst and forensics and incident response expert Alissa Torres.

Tweet This:

Learn the results of the 2018 SANS Endpoint Security Survey in a two-part webcast | Part 1, 6/13: | Part 2, 6/14:

Explore the threats, protections and response capabilities impacting endpoints. | SANS Endpoint Survey Pt. 1, 6/13 |

Discover the enablers/barriers to improving endpoint protection and best practices | SANS Endpoint Survey Pt. 2, 6/14 |

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner’s qualifications via over 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (