Negative Impacts of Disjointed Security and Response Functions: Results of SANS' Survey on Security Optimization

Bethesda, Md. – Organizations are asking for more centralized visibility and workflow across the prevention, detection and response functions, according to results of a new survey to be released by SANS Institute on April 20, 2017.

Survey results confirm what those in the field have known for a long time: There is a lack of centralization of information and visibility that affects organizational security. Shortages in reporting capabilities, either because of limitations in automation or centralization, are cited by 91% of the survey respondents. In addition, 87% report lack of visibility in risk posture, and 84% lack visibility into live threats under investigation.

Despite low rates of integration, the value of pooling security resources and functions is not lost on these respondents. In this survey, 63% of respondents see great value in integrating prevention, detection, response and remediation to improve visibility and accuracy and to reduce time investment, while 23% see at least some value.

"Although there is no obvious best practice, it seems clear that optimized security affects the entire organization and cannot be accomplished by multiple separate groups that don't interact with each other," says G.W. Ray Davidson, SANS Analyst and author of the survey results paper. "Organizations need to move toward a more unified security strategy that leverages centralized data through a documented system and shared knowledge and processes across teams and tools."

Full results of the survey will be shared during an April 20 webcast at 1 PM EDT, sponsored by ThreatConnect and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and security expert, G.W. Ray Davidson.

Tweet This:

How coordinated or disparate are your security and IR functions? | Register for April 20 webcast |

What risks are associated with lack of continuity between security and response? | Register for April 20 webcast |

April 20 webcast explores integration of security and IR functions and the effect on security | Register at

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (