What Are Their Vulnerabilities? A SANS Continuous Monitoring Survey
- Wednesday, October 28th, 2015 at 1:00 PM EDT (17:00:00 UTC)
- David Hoelzer, Javvad Malik, Arabella Hallawell, Mark Painter and Ted Gary
You can now attend the webcast using your mobile device!
Continuous monitoring is growing in use, according to the 2014 SANS Survey on the Critical Security Controls. In it, 58% of respondents had partially implemented and 28% had fully implemented Control Number 4: Continuous Vulnerability Assessment and Remediation. In actuality, this control is not the only one that speaks to the need for continuous monitoring: Controls 1 and 2 (inventory of authorized and unauthorized devices and software) also fall under their continuous monitoring programs, as do secure configurations (Control 3), which were the top three controls that had been partially or fully implemented in our 2014 survey.
In this webcast, SANS Fellow Instructor David Hoelzer will examine the most commonly found vulnerabilities and ask how they're being discovered, patched and centrally-managed throughout the system's life cycle. Attend this webcast and learn best practices and advice from peers who've implemented or attempted to implement continuous monitoring, including:
- How far are IT organizations in automating and integrating vulnerability assessment and remediation functions?
- What level of improvements are they gaining from the programs they have in place?
- Do those improvements fall short of their target objectives and if so, what's holding them back?
- What do vendors and IT operators need to do to improve and automate their assessment, monitoring and remediation functions?
Be among the first to receive the associated whitepaper written by David Hoelzer.
View the associated whitepaper here.
David Hoelzer is a high-scoring SANS Fellow instructor and author of more than twenty sections of SANS courseware. He is an expert in a variety of information security fields, having served in most major roles in the IT and security industries over the past twenty-five years. Recently, David was called upon to serve as an expert witness for the Federal Trade Commission for ground-breaking GLBA Privacy Rule litigation. David has been highly involved in governance at SANS Technology Institute, serving as a member of the Curriculum Committee as well as Audit Curriculum Lead. As a SANS instructor, David has trained security professionals from organizations including NSA, DHHS, Fortune 500 security engineers and managers, various Department of Defense sites, national laboratories, and many colleges and universities. David is a research fellow in the Center for Cybermedia Research and also a research fellow for the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC). He also is an adjunct research associate of the UNLV Cybermedia Research Lab and a research fellow with the Internet Forensics Lab. David has written and contributed to more than 15 peer reviewed books, publications, and journal articles. Currently, David serves as the principal examiner and director of research for Enclave Forensics, a New York/Las Vegas based incident response and forensics company. He also serves as the chief information security officer for Cyber-Defense, an open source security software solution provider. In the past, David served as the director of the GIAC Certification program, bringing the GIAC Security Expert certification to life. David holds a BS in IT, Summa Cum Laude, having spent time either attending or consulting for Stony Brook University, Binghamton University, and American Intercontinental University.
Javvad Malik—the man, the myth, the blogger—is a London-based IT security professional. Better known as an active blogger, event speaker and industry commentator, he is possibly best known as one of the industry’s most prolific video bloggers with a signature fresh and light-hearted perspective on security. Prior to joining AlienVault as a security advocate, Javvad was a senior analyst with 451 Research, providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Arabella is responsible for the go-to-market positioning and activation of the company’s Advanced Threat solutions at Arbor. Previously she was VP of Corporate Strategy where she led strategic planning and corporate development activities.
Arabella has over 20 years of experience in IT security and strategy. Prior to joining Arbor, Arabella was VP of Corporate Strategy at Sophos, a global IT security vendor headquartered in Boston and Oxford, UK where she led M&A strategy, market and customer insight, and global corporate communications.
Prior to Sophos, Arabella was Research VP at Gartner, the IT research and advisory services firm. At Gartner, Arabella led coverage of the endpoint, eMail and web security markets and counseled many of the world’s largest corporations, governments and technology providers on technology and market trends and their strategic implications.
Mark Painter currently serves as a security evangelist for HP Enterprise Security Products. In this role, he is responsible for educating customers, security professionals, executives and other groups about the risks of security vulnerabilities and HP ESP security solutions. Mark has played an active role in the security industry since 2002, when he joined SPI Dynamics, a leading provider of web application security assessment software and services. Over the course of his career, he has been involved with product management and marketing, vulnerability research and security blogging. You can follow his writing, security activities, and frequent travel via @secpainter.
Ted Gary is Tenable’s product marketing manager for SecurityCenter™. He is responsible for translating the rich features of SecurityCenter into solutions for compelling problems faced by information security professionals. Ted has nearly 10 years of experience in the information security field in both product management and product marketing roles. As a senior product manager for security solutions at a telecommunications company, he defined SaaS security services, including cloud-based next-generation firewalls and related managed services. Previously, Ted also defined requirements and marketed file integrity management and configuration assessment products for a software vendor.