SANS Survey: The State of Endpoint Risk and Security
More Assume Breach; Perimeter Detection Doesn't Protect Endpoints; Automation of Endpoint Security Remains Unchanged
BETHESDA, Md., April 28, 2015 /PRNewswire-USNewswire/ -- "More than half of the respondents to this second endpoint security survey are operating under the assumption that at least some of their systems are compromised," says SANS Analyst Jacob Williams. "Admitting that adversaries may already be in the network is a critical first step to properly evaluating your protection and detection strategies."
It is a step that is essential, given that 55% indicated that up to 30% of the incidents they experienced should have been detected by perimeter security measures, but they weren't. Because perimeter security technologies alone are not working, organizations need to shift their focus to endpoint management and monitoring.
This shift highlights the need visibility into systems and establishing baselines "Baselining your systems is a critical component of proactively hunting threats in your environment," according to Williams. "You can't possibly hope to find an adversary in the network unless you know what the network was supposed to look like in the first place."
Automating the collection and analysis of compromise data is key to limiting the time from exposure of a breach to remediating its affects. But respondents are making little progress in increasing automation. Most respondents (68%) indicated that they spend four hours or less on each endpoint during remediation efforts, but 13% spend more than eight hours per endpoint. The message is clear: It is easy to plan to increase automation, but much more difficult to turn those plans into reality.
Full results will be shared during a May 6, 2015 webcast at 1 PM EDT, sponsored by Guidance Software, and hosted by SANS. Register to attend the webcast at www.sans.org/u/3Ui. Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and endpoint security expert Jacob Williams.
Tweets:
#EndpointSecurity Survey Results: Which activities are most in need of automation? 5/6, 1 pm EDT bit.ly/EndpointSurvResults #infosec
What you need to know about #EndpointSecurity today-Survey Results Webcast 5/6 @ 1 pm EDT bit.ly/EndpointSurvResults #cyberthreat
May 6 Webcast-Learn best practices for managing & integrating #EndpointSecurity. Survey Results: bit.ly/EndpointSurvResults #infosec
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 27 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)
SOURCE SANS Institute
Share this article