The Case for Endpoint Intelligence; A SANS Survey

Perimeter defenses are not enough; organizations need to examine their endpoints better for signs of compromise

Mar 05, 2014, 13:16 ET from SANS Institute

BETHESDA, Md., March 5, 2014 /PRNewswire-USNewswire/ -- Automation and process to monitor endpoints for threats are lacking in organizations, according to a survey completed by 948 IT professionals conducted by the SANS Institute. Full results of the survey, sponsored by Guidance Software, will be discussed during a March 13 Webcast at 1 PM EDT.

More than 47% of 948 respondents to complete the survey say they operate under the assumption that they've been compromised. 

The survey also indicates that attackers are evading edge security without the use of advanced technologies. In the survey, 51% indicated that the majority of compromises they experienced were the result of unsophisticated attack technologies.

Compromises directly relate to lack of automation and visibility into endpoints, according to responses. "Survey participants clearly identified the need for automation in their detection and remediation operation," says SANS Analyst Jacob Williams, author of the report.  "The good news is that automation is on the rise, and most respondents will be automating some aspects of endpoint intelligence and remediation in the next 24 months."

Respondents would particularly like to be collecting more data from their endpoints and coordinate it with their network information for a clearer view of their threats and vulnerabilities, continues Williams.

"Survey respondents are not collecting as much data from their endpoints as they would like," he says. "This collection gap was most clear when considering network artifacts stored at the endpoint (for example ARP cache entries)."

Just how can organizations improve their visibility into blended threats? Join a live webcast hosted by SANS on Thursday, March 13 at 1 PM EDT, to learn how.

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by SANS. To register for the webcast, follow this link:

The SANS Analyst Program,, is part of the SANS Institute.

SANS Institute 3/13 webcast: how organizations improve their visibility into blended threats, to register

End Point Intelligence survey results reported on 3/13. Register now: for @SANSInstitute webcast & free report

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (