The online survey of 101 security professionals was conducted between July 27 and August 2, 2010, and focused on continuous monitoring for vulnerabilities as well as configuration compliance.
Key findings include:
* 43% of respondents are only scanning their networks for vulnerabilities periodically, resulting in an incomplete assessment of their organization’s risk * 60% of respondents are not scanning their networks for configuration compliance on a continuous basis * 31% are not able to resolve all significant security risks uncovered by their monitoring processes and 44% report the top reason for this is lack of adequate resources
“The dramatic growth in the number and type of IT devices -- and the possibility of mis-configuration of these devices -- can expose enterprise networks to significant risk. Configuration compliance represents one of the best opportunities for risk reduction to the enterprise,” according to Elizabeth Ireland, Vice President of Strategy for nCircle. Ireland recommends organizations continue their drive toward continuous monitoring, and add configuration auditing to their agenda. To be effective, she notes that these actions must be coupled with effective corrective efforts. Resources are always challenging, but she also points out “The visibility of security risk with senior management is the single largest factor in resourcing required to improve an organizations security posture.”
About nCircle nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,500 enterprises, government agencies and service providers around the world rely on nCircle's proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at www.ncircle.com.
nCircle is a registered trademark of nCircle Network Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners.