Two Days Left to get a GIAC Cert Attempt Included with Online Training through February 20!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Know Your Vulnerabilities: A SANS Continuous Monitoring Survey

Continuous Monitoring Slow to Mature; Improvements Associated with Continuous Monitoring

  • Bethesda, MD
  • October 19, 2015

The majority of IT professionals believe their continuous monitoring programs are mature or maturing (by maturing, we mean they are improving their continuous monitoring programs). Yet how often and how comprehensively they scan--and follow through with remediation--reveals a different picture, according to results of a new survey to be released by SANS Institute on October 28, 2015.

The results of the survey seem positive at first glance: 62% of respondents consider their asset identification and classification capabilities to be "mature" or "maturing" (meaning they are improving). But only 19% perform scans weekly, and 19% scan more frequently, resulting in only 38% of respondents meeting the current recommendations included in the CIS Critical Security Controls.

"Organizations institute scanning programs for a variety of reasons, including to comply with various regulations, reduce risk by reducing the attack surface, improve their abilities to identify assets and enhance visibility into their systems, to name a few," says David Hoelzer, SANS instructor and author of the survey. "But those results only arise from continuous monitoring programs that include all of an organization's assets."

Only 88% of public-facing systems and 64% of public-facing web apps are included in respondents' assessment and remediation programs.

Hoelzer continues, "In addition to not scanning the right assets frequently enough, organizations face the challenges of lack of trained staff, budgets and management support."

Results show that continuous monitoring does improve risk posture. Those who could measure improvements from their continuous monitoring programs point to improvements in their overall risk posture as a result of their continuous monitoring programs. Top improvements include increased visibility into enterprise systems and infrastructure, improved ability to accurately detect and remediate malicious events, and reduced attack surface enabling fewer incidents or breaches.

Full results will be shared during a Wednesday, October 28, 2015 webcast at 1 PM EDT, sponsored by AlienVault, Arbor Networks, HP, and Tenable Network Security, and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS instructor and vulnerability expert, David Hoelzer.

Tweet This

The SANS Continuous Monitoring Survey Results Presented Oct. 28, 1 PM EDT. Register: #infosec

Continuous Monitoring Survey Results: Are you doing as well as you think? 10/28, #infosec #CMS

#CMS Survey shows many challenges to implementing successful programs. Learn more on 10/28. #infosec

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (