According to a recent SANS survey a large percentage of security professionals said that they plan to adopt the new SANS security controls that were conceived by the government to limit data theft at organizations.
The respondents of the survey ranged from 700 CIOs, senior security professionals, system administrators, and compliance auditors. Of those IT professionals, 73 percent of respondents said they have, or have plans to, adopt the security recommendations outlined by the SANS 2013 Critical Security Controls. The respondents’ primary driver for Controls adoption is the desire to improve enterprise visibility and reduce security incidents. Only 10 percent of respondents feel they’ve done a complete job of implementing all of the Controls that apply to their organizations.
The guidance includes 20 critical security controls, which help organizations prioritize efforts to secure software and devices, and defend themselves against malware outbreaks and data theft or loss, among other threats.
The National Security Agency (NSA) initiated development of the guidance in 2008 in response to attacks experienced by companies that worked with the U.S. Department of Defense and other federal agencies.
We here at EiQ Networks just recently announced a ThreatVue™, the first out-of-the-box security monitoring solution that automates the implementation, analysis and remediation guidance of essential security controls as recommended by the Center for Strategic and International Studies (CSIS) and The SANS Institute for effective cyber defenses.
We took an innovative approach with the critical security controls implementation and security monitoring of ThreatVue by proactively detecting critical security control failures and providing actionable guidance and answers to improve an organization’s cyber defenses and overall security posture. The new solution combines traditional Security Information and Event Monitoring (SIEM) data with other critical security data including network awareness, asset and configuration data. ThreatVue’s new closed-box design provides behind-the-scenes automation enabling organizations to proactively detect and remediate potential security problems.
As senior principal analyst at Enterprise Strategy Group Jon Oltsik pointed out in our recent announcement of ThreatVue, “SANS Critical Security Controls is an extremely focused, metrics-based strategy for addressing the most common security vulnerabilities. Reliance on manual assessment, response, and mitigation has contributed to the poor state of cybersecurity. With the incidents of cybercrimes on the rise, organizations should use guidelines like the SANS Critical Security Controls to help them automate processes and address IT risk.”
We agree with Jon’s assessment and also agree with the study’s findings that more IT departments should see the need to begin adopting the SANS Critical Security Controls in order to better protect their IT infrastructure.