Bethesda, Md. – Centralized logging and automation solutions are a necessity to detect, defend and respond to modern attacks. These solutions include data analytics tools (such as security information and event management [SIEM] and endpoint detection and response [EDR]), as well as anomaly detection technologies (such as user behavior monitoring and machine learning), according to the SANS 2019 Endpoint Protection and Response Survey to be released by SANS Institute on December 3, 2019.

"Attacks often start on employee workstations, then pivot to critical data sources on servers," says SANS instructor and survey co-author Justin Henderson. "That makes endpoints ground zero for protecting an organization's assets. But defending them from attacks isn't easy."

In fact, 39% of survey respondents have concerns about employee-owned mobile devices and lack processes to cover them in corporate policy. Employer-owned devices fare better, with only 25% being concerned about such endpoints and unable to cover them in organizational security plans. This lack of control may be related to the fact that fewer than 27% of laptops and mobile devices are centrally managed.

"Due to the never-ending nature of cyberattacks, it is vital that organizations collect the data that will enable them to quickly identify the attack, mitigate any damage and remediate the issues," according survey co-author and SANS instructor John Hubbard. "However, due to the complex nature of logging and multitude of data sources, many organizations struggle to gather the proper data they need to conduct efficient incident response and remediation activities."

While 11% of respondents report an inability to identify what data has been breached, and 66% find it difficult, our survey shows a combination of file access auditing, DLP and EDR solutions might help organizations that struggle with these activities.

Full results will be shared during a December 3, 2019 webcast at 1 PM ET, sponsored by Cisco Systems, OpenText Inc., Sophos Inc., and VMware Carbon Black, and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS instructors and endpoint security experts Justin Henderson and John Hubbard.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (