Vulnerabilities, Controls and Continuous Monitoring: The SANS 2016 Continuous Monitoring Survey

  • Webcast Aired Tuesday, 15 Nov 2016 1:00PM EST (15 Nov 2016 18:00 UTC)
  • Speakers: Scott Gordon, Barbara Filkins, Patrick Vowles, Martin Walker, Dan Lamorena

Building on the results of the 2015 vulnerabilities and continuous monitoring survey, the primary focus of this year's survey is to determine how organizations conduct continuous vulnerability assessment and remediation related to the CIS Critical Security Controls 6.0. This includes inventories of software and hardware, secure configurations for these systems, continuous monitoring assessment and remediation, and limitation and control of network ports, protocols and services.

Attendees at this webcast will learn about:
  • Drivers behind organizational use of continuous monitoring
  • Classes and categories of information assets included in assessments
  • Maturity of continuous monitoring efforts
  • Types of vulnerabilities most commonly discovered
  • Difficulties and best practices in remediation and workflow
  • Impact of continuous monitoring on security posture

You can view the associated whitepaper written by SANS Analyst Program Research Director, Barbara Filkins with input from last year's survey author, SANS Fellow and Dean of Instruction, Dave Hoelzer here: https://www.sans.org/reading-room/whitepapers/analyst/reducing-attack-surface-sans-second-survey-continuous-monitoring-programs-37417