SANS Institute survey highlights the scale of the information security challenge
Almost half of organizations are operating under the assumption that their network has already been compromised, according to a survey conducted by the SANS Institute on behalf of Guidance Software. When the limitations of perimeter security are exposed, endpoints and critical servers rife with sensitive information are rendered vulnerable. With many high profile breaches in 2013 occurring on endpoints, interest in improving endpoint security is top-of-mind for many information security professionals.
In the first-ever SANS Endpoint Security Survey, SANS surveyed 948 IT Security professionals in the United States to determine how they monitor, assess, protect and investigate their endpoints, including servers. The largest group of respondents encompassed security administrators and security analysts. More than one-third of those respondents (34 percent) work in IT management (e.g., CIO or related duties) or security management (e.g., CISO or similar responsibilities).
The overall results of the survey indicate that the topic speaks to the strategic concerns of management while also addressing the technical concerns of those ‘in the trenches’.
The survey results demonstrated that more and more attacks are bypassing perimeter security, despite the fact that the respondents do not consider the attacks to be sophisticated. Survey respondents indicated the desire for more visibility into more types of data and processes across organizational endpoints as intruders evade perimeter defenses. A large majority of respondents want delivery of relevant data collected from endpoints in under an hour.
Finally, while currently post-attack remediation of endpoints is largely manual, more than half of respondents recognize the need for automated incident response and remediation, and plan to implement such within two years.
Key findings from the survey include:
Top challenges to incident recovery
Some of the biggest challenges to incident recovery were connected to lack of visibility and ability to assess damage to endpoints and the network. The top five challenges were:
1. Assessing the impact
The complete survey results will be presented by the SANS Institute on a webcast, March 13 at 1:00 pm Eastern / 10:00 am Pacific. To register for the webcast, please visit: https://www.sans.org/webcasts/97817
•Date: 26th February 2014 • US •Type: Article • Topic: ISM