Research Report: What Are Their Vulnerabilities? A SANS Continuous Monitoring Survey
How is continuous monitoring transforming vulnerability management?
To understand how you and the broader IT security community define, utilize and benefit from continuous monitoring, SANS ran a survey on this topic, which gathered responses from over 450 qualified participants.
The results of that survey and its implications for your security practice have been compiled into a report titled, “What Are Their Vulnerabilities? A SANS Continuous Monitoring Survey.” Written by David Hoelzer, SANS Fellow Instructor, courseware author and dean of faculty for the SANS Technology Institute, the report’s key findings include:
- 37% have immature or nonexistent continuous scanning and remediation programs
- 38% conduct active vulnerability scans on a weekly (CSC-recommended minimum frequency) or better basis, and only 13% practice continuous assessment
- 44% improved visibility into enterprise systems and infrastructures by initiating a continuous monitoring program
- 57% lack trained staff, 42% lack sufficient budgets and 41% lack management support for implementing continuous monitoring programs
In addition to an analysis of the survey findings, the report offers recommendations for improving vulnerability management practices, as well as a definition of what a mature continuous program should look like now and in the future.
Tenable encourages all IT professionals responsible for vulnerability management, continuous network monitoring, and overall security program effectiveness to download, read and share this report with your peers.