BETHESDA, Md., Nov. 3, 2016 /PRNewswire-USNewswire/ -- Continuous monitoring is improving visibility and response in organizations using this technology, according to results of a new survey to be released by SANS Institute on November 15, 2016. In it, 8% improved visibility into enterprise systems and infrastructures by initiating a continuous monitoring program, and 28% improved their ability to accurately detect and remediate malicious events. However, the news isn't all good. Continuous scanning, for example, is only happening at 5% of organizations surveyed. Another 3% are scanning daily, with the largest group of respondents (29%) scanning monthly or bimonthly. "This year we presented a simple report card comparing results of the 2015 and 2016 CM surveys," explains Barbara Filkins, SANS Analyst Program research director and author of the survey report. "While our respondents get an A+ for increasing the number of programs, the balance of the results show lack luster performance." Respondents to the 2016 showed no improvement in conducting active vulnerability scans on a weekly basis or better since our 2015 survey was conducted. Moreover, slightly fewer practiced continuous monitoring than in 2015. Most disturbing, 16% fewer were able to improve their ability to accurately detect and remediate malicious events than were able to in 2015, although this was still a top use case for CTI in 2016. "Effective security has very simple roots," continues Filkins. "However, just because the starting point is simple doesn't mean that the process to achieving effective security is easy. Continuous monitoring has been around for a while, and it still represents a challenge for most organizations." A clear majority (73%) cited security misconfigurations as the leading threat to their organizations. And, most security misconfigurations should be preventable through proper hygiene. The gap between assessment frequency represents a window of opportunity for attackers to detect vulnerabilities and act on them before security and operations teams are even aware of them.