Continuous monitoring is a complex set of processes and practices that involves presenting a true representation of an organization’s exposure to cyber risk. According to results of a new SANS survey, the majority of IT professionals believe their continuous monitoring programs are mature or maturing (by maturing, we mean they are improving these programs). Yet how often and how comprehensively they scan—and follow through with remediation—reveal a different picture. The results raise several questions: What should a mature continuous monitoring program look like? How can you measure the maturity of your organization’s program today? And, what elements of a successful program are you missing?
The results of the survey seem positive at first glance: 62% of respondents consider their asset identification and classification capabilities to be “mature” or “maturing” (meaning they are improving). And 58% have identified 50% or more of their critical assets and incorporated them into their assessment programs and processes.
Results also reveal some very disturbing realities about the overall effectiveness of information security scanning and monitoring programs. For example, 19% perform scans weekly, and 19% scan more frequently, resulting in only 38% of respondents meeting the recommendations of CIS Critical Security Control (CSC) 4.
The good news is that continuous monitoring has improved organizational visibility and detection for more than 40% of respondents, with respondents reporting improvements in the accuracy of detection for malicious events, reductions in the attack surface and faster patch deployment.
This report offers an analysis of the survey findings and recommendations for improving practices. It also offers a definition of what a mature program should look like now and in the future. The goal, ultimately, is to provide a metric by which organizations can gauge their own progress in an objective way.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program