Vulnerabilities, Controls and Continuous Monitoring: The SANS 2016 Continuous Monitoring Survey
- Tuesday, November 15th, 2016 at 1:00 PM EST (18:00:00 UTC)
- Barbara Filkins, Scott Gordon, Dan Lamorena, Patrick Vowles and Martin Walker
You can now attend the webcast using your mobile device!
Building on the results of the 2015 vulnerabilities and continuous monitoring survey, the primary focus of this year's survey is to determine how organizations conduct continuous vulnerability assessment and remediation related to the CIS Critical Security Controls 6.0. This includes inventories of software and hardware, secure configurations for these systems, continuous monitoring assessment and remediation, and limitation and control of network ports, protocols and services.
Attendees at this webcast will learn about:
- Drivers behind organizational use of continuous monitoring
- Classes and categories of information assets included in assessments
- Maturity of continuous monitoring efforts
- Types of vulnerabilities most commonly discovered
- Difficulties and best practices in remediation and workflow
- Impact of continuous monitoring on security posture
You can view the associated whitepaper written by SANS Analyst Program Research Director, Barbara Filkins with input from last year's survey author, SANS Fellow and Dean of Instruction, Dave Hoelzer here: https://www.sans.org/reading-room/whitepapers/analyst/reducing-attack-surface-sans-second-survey-continuous-monitoring-programs-37417
Barbara Filkins, a senior SANS analyst who holds the CISSP and SANS GSEC (Gold), GCIH (Gold), GSLC (Gold), GCCC (Gold), GCPM (Silver) and GLEG (Gold) certifications, has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. She is deeply involved with HIPAA security issues in the health and human services industry, with clients ranging from federal agencies (Department of Defense and Department of Veterans Affairs) to municipalities and commercial businesses. Barbara focuses on issues related to automation--privacy, identity theft and exposure to fraud, as well as the legal aspects of enforcing information security in today's mobile and cloud environments.
Scott Gordon is the chief marketing officer at RiskIQ, responsible for global market strategy, operations and sales enablement. He has 20 years' experience contributing to security management, network, endpoint and data security, and risk assessment technologies at innovative startups and large organizations. Prior to RiskIQ, Scott held management positions at ForeScout, Protego Networks (acq. Cisco), Axent and McAfee. Scott is CISSP certified and has authored "Operationalizing Security" and co-authored the "Definitive Guide to NAC."
Dan Lamorena, CISSP and Vice President, Global Marketing for ForeScout Technologies, puts his more than 15 yearsí of industry experience into action leading ForeScoutís global marketing team. Prior to joining ForeScout, Dan led product and services marketing for HPís Enterprise Security products group and held product marketing, business development and strategy management roles with Symantec, Cisco Systems, Electronic Arts, and Ernst and Young.†Dan holds a bachelorís degree from the Ohio State University and an MBA from the Haas School of Business at the University of California, Berkeley.
Patrick Vowles, Endpoint Protection Marketing Manager at IBM Security, has many years of hands-on technical, product and marketing management experience, creating enterprise class networking, security and compliance solutions. After supporting LAN/WAN deployments in Europe, he moved to support large network infrastructure sales in New York City. As a product manager at Global Crossing, Patrick created an entire suite of managed security and VPN services. At RSA/VCE he created cloud, virtualization, compliance and security offerings while contributing to the Cloud Security Alliance Consensus Assessment Initiative. Patrick then directed the content for a series of international Cyber Attack and Fraud summits before moving to IBM.
Martin Walker, Solution Architect and Vulnerability Management SME at Qualys, has 30 years of experience in IT, with 25 years of experience in InfoSec-focused roles. For the past decade he has been providing professional services focused on incident response and forensics and vulnerability management. Martin is the Qualys SME for vulnerability management and cloud agents. In his spare time he is an avid SCUBA diver, Arduino hacker, and airshow pilot.