Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

SANS Institute survey highlights the scale of the information security challenge

Almost half of organizations are operating under the assumption that their network has already been compromised, according to a survey conducted by the SANS Institute on behalf of Guidance Software. When the limitations of perimeter security are exposed, endpoints and critical servers rife with sensitive information are rendered vulnerable. With many high profile breaches in 2013 occurring on endpoints, interest in improving endpoint security is top-of-mind for many information security professionals.

In the first-ever SANS Endpoint Security Survey, SANS surveyed 948 IT Security professionals in the United States to determine how they monitor, assess, protect and investigate their endpoints, including servers. The largest group of respondents encompassed security administrators and security analysts. More than one-third of those respondents (34 percent) work in IT management (e.g., CIO or related duties) or security management (e.g., CISO or similar responsibilities).

The overall results of the survey indicate that the topic speaks to the strategic concerns of management while also addressing the technical concerns of those ‘in the trenches’.

The survey results demonstrated that more and more attacks are bypassing perimeter security, despite the fact that the respondents do not consider the attacks to be sophisticated. Survey respondents indicated the desire for more visibility into more types of data and processes across organizational endpoints as intruders evade perimeter defenses. A large majority of respondents want delivery of relevant data collected from endpoints in under an hour.

Finally, while currently post-attack remediation of endpoints is largely manual, more than half of respondents recognize the need for automated incident response and remediation, and plan to implement such within two years.

Key findings from the survey include:

  • Prevention: 47 percent of respondents are operating under the assumption they’ve been compromised; with another 5 percent saying they operate under the assumption that if they have not already been compromised, they eventually will be.
  • Detection: Although 70 percent are collecting data from endpoints, only 16 percent find more than half of their threats through active discovery or hunting. Over 48 percent felt that greater visibility into sensitive information like personally identifiable information or ARP cache entries on unauthorized endpoints would be extremely useful.
  • Response: Delays to breach response times are clearly unacceptable, as 83 percent of the respondents said they needed results from endpoint queries in an hour or less. More than 26 percent indicated that they wanted the data in five minutes or less, underscoring the importance of conducting timely digital investigations.
  • Remediation: The vast majority (77 percent) rely on slow and expensive ‘wiping and reimaging.’ Furthermore, 54 percent of the respondents have automated less than 10 percent of their workflow to manage the remediation process. Recognizing this issue, over 60 percent of those who have not yet automated, indicate that they plan to do so in the next 24 months.

Top challenges to incident recovery

Some of the biggest challenges to incident recovery were connected to lack of visibility and ability to assess damage to endpoints and the network. The top five challenges were:

1. Assessing the impact
2. Determining the scope of a threat across multiple endpoints
3. Determining the scope of compromise on a single endpoint
4. Hunting for compromised endpoints
5. Losing data inadvertently during a wipe / reimage.

The complete survey results will be presented by the SANS Institute on a webcast, March 13 at 1:00 pm Eastern / 10:00 am Pacific. To register for the webcast, please visit: https://www.sans.org/webcasts/97817

•Date: 26th February 2014 • US •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here