Sadly, many organizations find themselves in the majority of those surveyed in this article. Resources are simply not dedicated to monitoring systems and detecting anomalous behavior. If logs are being collected and correlated, the exceptions are not reviewed. Web application firewalls are either not in place or are not monitored appropriately. It is still a very slow process for the progression of proper security in most organizations.