New Report Shows Dramatic Increase in Uptake of Continuous Monitoring
SANTA CLARA, CA, Jul 30, 2012 (MARKETWIRE via COMTEX) --
RedSeal Networks, the world's leading proactive enterprise security
management provider, today highlighted results of the recent ESG
Research Report, "Security Management and Operations," which found
that a growing number of organizations are adopting continuous
monitoring to improve protection of their electronic assets and
validate compliance with required security policies.
Based on its survey of 315 U.S.-based IT security professionals
working at enterprise-class organizations (1,000 employees or more),
ESG found that more frequent assessment of infrastructure security is
gaining momentum as a best practice and is used by a majority of
advanced practitioners. Moreover, it was found that truly continuous,
day-to-day monitoring of defensive effectiveness has emerged as a
primary security management process among those organizations it
classifies as IT security leaders.
Overall, three-quarters of enterprises have a formal risk management
program in place that includes continual measurement of changing
conditions that could somehow represent an increase in risk to the
organization (including the addition of new assets, changes to
existing assets, as well as the discovery of new threats and new
vulnerabilities), ESG said. The findings were based on such drivers
as the alignment of security process with corporate culture, and
level of executive involvement with information security management.
Over 40 percent of the organizations cited as IT security leaders
within the report were already performing some form of proactive
analysis every day.
ESG views continuous monitoring as such a strategic element of
today's security management process that it already considers the
process as one of the differentiators it uses to distinguish leaders
from those it considers laggards. While the practice is taking off
among advanced practitioners, as many as 45 percent of all
organizations are still only testing their defensive standing as
often as twice per month, ESG said.
"Driven by the increasingly dangerous threat landscape, many
organizations are now willing to be much more diligent with their
testing" and many more will likely soon be doing so constantly rather
than on an "as-needed basis," ESG noted in the report. Meanwhile,
only one percent of security practitioners surveyed reported that
they have no strategy in place whatsoever to monitor defensive
Adopting the mindset that it's "critically important" to proactively
identify weaknesses within their own networks in order to gain
"measurable experience of just how vulnerable they really are" is
fast becoming a hallmark of the very best practitioners, said the
"It makes a lot of sense to constantly examine how well your
defensive infrastructure is actually performing, as the complexity of
layered security, combined with the effect of daily change, makes it
hard to assume any level of protection if you do not," said Jon
Oltsik, senior principal analyst at ESG and primary author of the
report. "For many years people have done sporadic testing for
compliance purposes, but what they've found is that by testing far
more often and aggressively, they can reduce risk faster and get more
out of their available resources."
"We've been hearing from practitioners that manual and partially
automated security management, the only available option until now,
has become impractical because layered security has become so
complex. There's so much ongoing change to keep up with, they very
often don't even know where exposures exist," said Parveen Jain,
president and CEO at RedSeal. "Continuous monitoring makes sense
because for so long we had no idea how to measure success within
security management, other than avoiding a breach. It's a lot smarter
to prove you're addressing these challenges all the time rather than
wait for someone else to show your shortcomings at some point when
it's already too late."
Parallel to the uptick in continuous monitoring, ESG found that most
organizations are planning to leverage greater numbers of automated
solutions to improve their visibility into risk and performance of
their IT security infrastructure, with 56 percent doing so to
automate remediation work, including management of firewall-based
The full results of the ESG Research Report, "Security Management and
Operations" can be found at:
The report is available for free to ESG subscribers and available for
purchase by others.
About RedSeal Networks, Inc.
RedSeal Networks is the leading
provider of proactive enterprise security management solutions that
enable organizations to continually monitor, assess and fortify their
cyber-defenses while automating compliance. The RedSeal platform
enables businesses and government agencies to visualize, model and
analyze complex network and security control interactions across
their entire network of firewalls, routers, load balancers and hosts.
With RedSeal, organizations can better understand their security
state and regulatory compliance, identify the inherent risk to their
operations and critical assets, and drive actions that reduce the
risks associated with cybertheft and cyberespionage.
For more information, visit RedSeal Networks at
[ InfoTech Spotlight's Homepage ]