Part of being a member of the cybersecurity community is helping out with research efforts to identify trends in information security. If you are involved in continuous monitoring please complete this survey.
Continuous Monitoring for vulnerabilities and exposures is providing benefits for 40% of those who took the SANS 2015 survey on continuous monitoring. Yet, with only 6% scanning for vulnerabilities daily (as recommended by the Critical Security Controls and other important guidelines), there is plenty of room for improvement. (Link to 2015 survey: https://www.sans.org/reading-room/whitepapers/analyst/vulnerabilities-survey-continuous-monitoring-36377)
In this new survey, publishing November 15, 2016 during a 1 PM ET webcast (https://www.sans.org/webcasts/vulnerabilities-controls-continuous-monitoring-2016-continuous-monitoring-survey-102572), SANS will uncover what improvements organizations have made in their programs since our last survey, along with what practices and tools are making the most positive impact. For example:
- Have they assessed more of their critical assets that need scanning? (In 2015, the majority had identified only 50% of their critical assets.)
- Once they’ve identified critical vulnerabilities, can they repair them faster than the 2-3 weeks that the majority of respondents indicated they needed in 2015? If so, how?
- Are their CM programs improving organizations’ visibility into existing, known assets as well as new assets coming online?
- Have they achieved more integration and workflow management for the asset lifecycle, which was top of their wish list in last year’s survey? If so, how?