Ending Soon: Get a MacBook Air or Surface Pro 7 with 5 or 6 Day Training - Best Offers of the Year!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

What Are Their Vulnerabilities? A SANS Continuous Monitoring Survey

  • Wednesday, October 28, 2015 at 1:00 PM EDT (2015-10-28 17:00:00 UTC)
  • Ted Gary, Mark Painter, Arabella Hallawell, Javvad Malik, David Hoelzer


  • AlienVault
  • Arbor Networks
  • HP
  • Tenable

You can now attend the webcast using your mobile device!



Continuous monitoring is growing in use, according to the 2014 SANS Survey on the Critical Security Controls. In it, 58% of respondents had partially implemented and 28% had fully implemented Control Number 4: Continuous Vulnerability Assessment and Remediation. In actuality, this control is not the only one that speaks to the need for continuous monitoring: Controls 1 and 2 (inventory of authorized and unauthorized devices and software) also fall under their continuous monitoring programs, as do secure configurations (Control 3), which were the top three controls that had been partially or fully implemented in our 2014 survey.

In this webcast, SANS Fellow Instructor David Hoelzer will examine the most commonly found vulnerabilities and ask how they're being discovered, patched and centrally-managed throughout the system's life cycle. Attend this webcast and learn best practices and advice from peers who've implemented or attempted to implement continuous monitoring, including:

  • How far are IT organizations in automating and integrating vulnerability assessment and remediation functions?
  • What level of improvements are they gaining from the programs they have in place?
  • Do those improvements fall short of their target objectives and if so, what's holding them back?
  • What do vendors and IT operators need to do to improve and automate their assessment, monitoring and remediation functions?

Be among the first to receive the associated whitepaper written by David Hoelzer.

View the associated whitepaper here.

Speaker Bios

David Hoelzer

David Hoelzer is a high-scoring SANS Fellow instructor and author of more than twenty sections of SANS courseware. He is an expert in a variety of information security fields, having served in most major roles in the IT and security industries over the past twenty-five years. Recently, David was called upon to serve as an expert witness for the Federal Trade Commission for ground-breaking GLBA Privacy Rule litigation. David has been highly involved in governance at SANS Technology Institute, serving as a member of the Curriculum Committee as well as Audit Curriculum Lead. As a SANS instructor, David has trained security professionals from organizations including NSA, DHHS, Fortune 500 security engineers and managers, various Department of Defense sites, national laboratories, and many colleges and universities. David is a research fellow in the Center for Cybermedia Research and also a research fellow for the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC). He also is an adjunct research associate of the UNLV Cybermedia Research Lab and a research fellow with the Internet Forensics Lab. David has written and contributed to more than 15 peer reviewed books, publications, and journal articles. Currently, David serves as the principal examiner and director of research for Enclave Forensics, a New York/Las Vegas based incident response and forensics company. He also serves as the chief information security officer for Cyber-Defense, an open source security software solution provider. In the past, David served as the director of the GIAC Certification program, bringing the GIAC Security Expert certification to life. David holds a BS in IT, Summa Cum Laude, having spent time either attending or consulting for Stony Brook University, Binghamton University, and American Intercontinental University.

Javvad Malik

Javvad Malik—the man, the myth, the blogger—is a London-based IT security professional. Better known as an active blogger, event speaker and industry commentator, he is possibly best known as one of the industry’s most prolific video bloggers with a signature fresh and light-hearted perspective on security. Prior to joining AlienVault as a security advocate, Javvad was a senior analyst with 451 Research, providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.

Arabella Hallawell

Arabella Hallawell, senior director of product marketing at Arbor Networks, the security division of Netscout, is responsible for the go-to-market positioning and activation of the company's Advanced Threat solutions. Previously, she led strategic planning at Arbor. Arabella has more than 20 years of experience in IT security and strategy. Prior to joining Arbor, she was VP of corporate strategy at Sophos, a global IT security vendor headquartered in Boston and Oxford, UK, where she led M&A strategy, market and customer insight, and global corporate communications. Prior to Sophos, Arabella was research VP at Gartner, the IT research and advisory services firm.

Mark Painter

Mark Painter currently serves as a security evangelist for HP Enterprise Security Products. In this role, he is responsible for educating customers, security professionals, executives and other groups about the risks of security vulnerabilities and HP ESP security solutions. Mark has played an active role in the security industry since 2002, when he joined SPI Dynamics, a leading provider of web application security assessment software and services. Over the course of his career, he has been involved with product management and marketing, vulnerability research and security blogging. You can follow his writing, security activities, and frequent travel via @secpainter.

Ted Gary

Ted Gary is Tenable's senior product marketing manager focusing on industrial control system security and security frameworks, compliance. Ted has more than ten years of information security experience in both product management and product marketing roles. He is a frequent speaker at security conferences, such as the ICSJWG Spring Meeting, New York Healthcare Summit and San Jose Cybersecurity Forum. He was also a contributor to the CIS Controls Implementation Guide for Industrial Control Systems.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.