Continuous monitoring (CM) begets a process of continuous improvement that works to reduce attack surface and improve security posture, according to the 2016 SANS survey on CM conducted during the months of July to September. In it, 63% of respondents said CM was improving their security posture.

These improvements are occurring even though continuous monitoring capabilities are still maturing, and some capabilities seem to be moving backward. For example, results indicate that a segment of respondents is monitoring less frequently (when they should be monitoring more frequently), and some organizations have drastically reduced their ability to use vulnerability data to help respond to events since our 2015 survey.