From: SANS Institute
Continuous Monitoring Slow to Mature; Improvements Associated with Continuous Monitoring
BETHESDA, Md., Oct. 19, 2015 /PRNewswire-USNewswire/ — The majority of IT professionals believe their continuous monitoring programs are mature or maturing (by maturing, we mean they are improving their continuous monitoring programs). Yet how often and how comprehensively they scan—and follow through with remediation—reveals a different picture, according to results of a new survey to be released by SANS Institute on October 28, 2015.
The results of the survey seem positive at first glance: 62% of respondents consider their asset identification and classification capabilities to be “mature” or “maturing” (meaning they are improving). But only 19% perform scans weekly, and 19% scan more frequently, resulting in only 38% of respondents meeting the current recommendations included in the CIS Critical Security Controls.
***
Results show that continuous monitoring does improve risk posture. Those who could measure improvements from their continuous monitoring programs point to improvements in their overall risk posture as a result of their continuous monitoring programs. Top improvements include increased visibility into enterprise systems and infrastructure, improved ability to accurately detect and remediate malicious events, and reduced attack surface enabling fewer incidents or breaches.
Leave a Reply