Bethesda, Md. – Continuous monitoring is improving visibility and response in organizations using this technology, according to results of a new survey to be released by SANS Institute on November 15, 2016.
In it, 8% improved visibility into enterprise systems and infrastructures by initiating a continuous monitoring program, and 28% improved their ability to accurately detect and remediate malicious events.
However, the news isn't all good. Continuous scanning, for example, is only happening at 5% of organizations surveyed. Another 3% are scanning daily, with the largest group of respondents (29%) scanning monthly or bimonthly.
"This year we presented a simple report card comparing results of the 2015 and 2016 CM surveys," explains Barbara Filkins, SANS Analyst Program research director and author of the survey report. "While our respondents get an A+ for increasing the number of programs, the balance of the results show lack luster performance."
Respondents to the 2016 showed no improvement in conducting active vulnerability scans on a weekly basis or better since our 2015 survey was conducted. Moreover, slightly fewer practiced continuous monitoring than in 2015. Most disturbing, 16% fewer were able to improve their ability to accurately detect and remediate malicious events than were able to in 2015, although this was still a top use case for CTI in 2016.
"Effective security has very simple roots," continues Filkins. "However, just because the starting point is simple doesn't mean that the process to achieving effective security is easy. Continuous monitoring has been around for a while, and it still represents a challenge for most organizations."
A clear majority (73%) cited security misconfigurations as the leading threat to their organizations. And, most security misconfigurations should be preventable through proper hygiene. The gap between assessment frequency represents a window of opportunity for attackers to detect vulnerabilities and act on them before security and operations teams are even aware of them.
Filkins concludes, "CM has to be a business commitment--a serious part of an organization's IT strategy--reaching well beyond security to dependencies on change and configuration management best practices. Organizations, especially larger enterprises, need to commit to recognizing change management, configuration management and continuous monitoring as key business practices, just as they do accounting and customer support."
Full results will be shared during a webcast on November 15, 2016 at 1 PM EDT, sponsored by ForeScout Technologies, IBM Security, Qualys, and RiskIQ, and hosted by SANS. Register to attend the webcast at www.sans.org/webcasts/102572
Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and security expert, Barbara Filkins.
"Security Misconfigurations Cited as Top Vulnerability..." Catch the full report in this webcast | 11/15 @ 1PM EST | www.sans.org/u/mWs
Vulnerabilities, Controls and Continuous Monitoring: The SANS 2016 Continuous Monitoring Survey | 11/15 @ 1PM EST | www.sans.org/u/mWs
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)