SANS Survey Reveals Majority of Organizations Dissatisfied with Current Attack Containment and Recovery Times

Survey Reveals that 44% of SANS Community Sharing Breach History Had Sensitive Data Accessed 75 to 96% of Respondents Use Traditional Security Tools Such as Firewalls, IDS, IPS and Anti-Malware TIME Is Biggest Challenge Enterprises Face When Trying to Prevent Breaches and Limit Damage

BETHESDA, MD & SUNNYVALE, Calif. — Oct. 14, 2015 SANS, the global leader in information security training and analysis, today announced the availability of its first State of Dynamic Data Center and Cloud Security in the Modern Enterprise Survey and Research Report. The report reveals challenges organizations face when trying to prevent and contain attacks, and provides expert guidance on how to secure dynamic data centers and cloud environments. Authored by SANS expert analyst Dave Shackleford, it includes results of a survey that polled 430 security and risk professionals from the SANS community, all working in private and public sector organizations ranging in size from 100 to more than 15,000 employees. SANS community members polled in this survey are deeply involved in developing their organizations’ overall security strategies, choosing effective technologies and are on the front lines in the fight against attackers.

Survey findings provide key insights into understanding and improving data center and cloud security. Of note, 55 percent of respondents were dissatisfied with the length of time it takes them to contain and recover from attacks.

“When it comes to limiting damage and preventing data breaches, time continues to be the biggest challenge for security and risk professionals,” said SANS analyst Dave Shackleford. “Most respondents said they use traditional tools to monitor traffic between data centers and internal or external clouds, and are unhappy with the level of visibility and containment speeds they get. If our security stance is going to improve, we need better visibility, the ability to make configuration changes faster and to contain attacks more quickly.”  

According to the survey, 59 percent of organizations are able to contain attacks within 24 hours, leaving many open to prolonged and increased damages as attacks spread laterally through data centers and clouds. Containment times reported by respondents included:

  • 37% — up to 8 hours
  • 21% — up to 24 hours
  • 19% — less than a week
  • 17% — more than a week

The wide range of response times, according to the SANS report, may be the result of the inability of some traditional security tools to assist organizations in detecting and managing attack scenarios. According to the survey, between 75 and 96 percent of organizations are using traditional solutions in data centers, which include everything from firewalls to those that focus on detection and intrusion prevention such as IDS, IPS, IAM and anti-malware.

“Organizations should have controls that keep security in place regardless of where digital assets are located. That means looking beyond network perimeters by adding a focus on enacting policies and controls closer to application workloads and associated data flows distributed across data centers and clouds,” Shackleford said.

“In 2015, 148 million records have been breached in 129 reported incidents—incidents that sometimes go undetected for months at a time. If this teaches us anything, it’s that exclusive reliance on detection overlooks how attacks spread laterally and remain active over extended periods within data centers and clouds,” said Alan Cohen, Chief Commercial Officer of Illumio, the sponsor of the survey. “As this report clearly shows, public and private sector organizations need to prioritize visibility and containment and not just suspicious and anomalous communications to the attack surface across these computing environments.”

Additional Findings
Survey results also show that organizations using legacy tools and strategies need to take steps to improve overall security and compliance. The addition of cloud computing and overall lack of solutions and methods available to address specific security challenges in these environments is also increasing risk.

  • Traditional Tools Not Stopping Breaches — 44 percent of enterprises reporting breach information have had sensitive data accessed by attackers—these same respondents were among those using traditional security tools in their data centers and clouds; 28 percent of organizations have experienced up to six data breaches in the past 24 months. Tools in use by the respondent segment include everything from network firewalls (used by almost 100 percent of respondents) to IDS, IPS, IAM and anti-malware technologies.

  • Security Losing Ground in Cloud, Distributed Computing Game — 37 percent of organizations use distributed cloud and data center computing systems; 44 percent of respondents said their biggest challenge was that cloud providers don’t offer visibility needed to protect users and data; 19 percent say cloud providers don’t give them security support needed; and 49 percent have no formal cloud security strategy in place. Making matters worse is the lack of effective security controls available and in use. While 75–100 percent of respondents are using traditional tools in data centers, that number drops off to less than 35 percent in the cloud.

For more information:

Find out more about Illumio:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions worldwide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 27 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

About Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80 percent of data center and cloud traffic missed by the perimeter. The company’s Adaptive Security Platform™ visualizes application traffic and delivers continuous, scalable, and dynamic policy and enforcement to every bare-metal server, VM, container, and VDI within data centers and public clouds. Using Illumio, enterprises such as Morgan Stanley, Plantronics, Salesforce, King Entertainment, NetSuite, and Creative Artists Agency have achieved secure application and cloud migration, environmental segmentation, compliance, and high-value application protection from breaches and threats with no changes to applications or infrastructure. For more information, visit www.illumio.com or follow us @Illumio.

Media and Analyst Contact

[email protected]

Related news


EY Announces Andrew Rubin of Illumio as an Entrepreneur Of The Year® 2024 Bay Area Award Winner

Celebrating the bold leaders who disrupt markets, revolutionize industries and transform lives.


Houston Eye Sets its Sights on Cyber Resilience with Illumio Zero Trust Segmentation

Houston Eye to protect business-critical applications and patient data with the Illumio ZTS Platform


Illumio and Netskope Announce Zero Trust Partnership to Strengthen Enterprise Resilience Against Cyberattacks

Zero Trust Segmentation combined with Zero Trust Network Access delivers dynamic protection across modern hybrid IT

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?