More than 75,000 unique visitors read papers in the Reading Room every month and it has become the starting point for exploration of topics ranging from SCADA to wireless security, from firewalls to intrusion detection. The SANS Reading Room features over 2,490 original computer security white papers in 96 different categories.
Latest 25 Papers Added to the Reading Room
-
The Automotive Top 5: Applying the Critical Controls to the Modern Automobile
Masters
by Roderick Currie - April 4, 2016 in Critical ControlsThe car of today is an inherently vulnerable platform. At its core is a computing architecture from the 1980s which was designed to be lightweight and efficient, with very little thought given to security. As the modern automobile becomes increasingly connected, its attack surface only continues to grow. In the wake of several recent high- profile car hacking demonstrations, automakers face the daunting task of trying to lock down this insecure platform with bolt-on security fixes. This paper proposes a plausible strategy for securing modern automotive systems which takes into account some of the key limitations of the automobile industry, in addition to presenting a methodology for applying the Critical Controls to the modern automobile platform.
-
Threat Intelligence: Planning and Direction
Masters
by Brian Kime - March 29, 2016 in Threats/VulnerabilitiesMany celebrated leaders like Ben Franklin and Winston Churchill have said, in various forms, Failing to plan is planning to fail.
-
OPM vs. APT: How Proper Implementation of Key Controls Could Have Prevented a Disaster
Masters
by David Kennel - March 29, 2016 in BreachesOn June 4th, 2015 U. S. Government officials announced a breach of data at the Office of Personnel Management (OPM).
-
The Role of Static Analysis in Hardening Open Source Intrusion Detection Systems
Masters
by Jeff Sass - March 29, 2016 in Securing CodeIntrusion analysts use the principles of network security monitoring (NSM) to help secure computer systems.
-
Filesystem Timestamps: What Makes Them Tick?
by Tony Knutson - March 29, 2016 in Forensics
One of the most critical aspects of a forensic investigation is what and where a file has been.
-
Balancing Security and Innovation With Event Driven Automation
Masters
by Teri Radichel - March 22, 2016 in Incident HandlingOrganizations seek innovation via use of new technology. In order to save money and deliver new products and features quickly, software development teams want to use open source software (Black Duck Software, 2015), public cloud platforms and continuous deployment strategies (Right Scale, 2016).
-
Tech Refresh for the Forensic Analysis Toolkit
by Derek Edwards - March 16, 2016 in Forensics
Many have written about the digital forensics crisis caused by growing caseloads and storage device sizes.
-
Can We Say Next-Gen Yet? State of Endpoint Security
Analyst Paper
by G. W. Ray Davidson, PhD - March 16, 2016 in Firewalls & Perimeter Protection- Associated Webcasts: SANS 2016 Endpoint Security Survey Part 1: The Evolving Definition of Endpoints SANS 2016 Endpoint Security Survey Part 2: Can We Say Next-Gen Yet?
- Sponsored By: Guidance Software IBM Sophos Inc. MalwareBytes Great Bay Software
The survey results show that although conventional devices such as desktops and servers represent the largest segment of endpoints connected to the network, the variety of endpoints is growing quickly. Read this survey results paper for insight into endpoint management strategies and processes.
-
Using Metrics to Manage Your Application Security Program
Analyst Paper
by Jim Bird - March 14, 2016- Associated Webcasts: Benchmarking AppSec: A Metrics Pyramid
- Sponsored By: Veracode
In this paper, well look at the first steps in measuring your AppSec program, starting with how to use metrics to understand what is working and where you need to improve, to identify and solve problems, and to build a case for making further investments in your program. Ultimately, the goal is to make AppSec part of the organizations culture, and ensure its relevant to business units and meaningful to executives.
-
Constructing a Measurable Tabletop Exercise for a SCADA Environment
Masters
by Matthew Hosburgh - March 14, 2016 in SCADAIt was the start of the evening shift. Because daylight savings just fell back it was already dark outsideat six oclock PM central time.
-
Active Breach Detection: The Next-Generation Security Technology?
Analyst Paper
by Dave Shackleford - March 11, 2016- Associated Webcasts: Is Active Breach Detection the Next-Generation Security Technology?
- Sponsored By: EastWind Networks
A SANS Whitepaper written by Dave Shackleford
-
Finding the Fine Line Taking an Active Defense Posture in Cyberspace without Breaking the Law or Ruining an Enterprises Reputation
Masters
by Christopher Jarko - March 10, 2016 in Legal IssuesThe issues discussed in this paper will include the legal and ethical questions raised by the use of active defense to protect computer networks.
-
E-Discovery Operations: Tactical considerations for defensible eDiscovery
by Thomas Vines - March 8, 2016 in Best Practices, Legal Issues
The tactical processes necessary to comply with an increasingly demanding US Federal court introduce a new level of complexity to the modern business.
-
Leading Effective Cybersecurity with the Critical Security Controls
Masters
by Wes Whitteker - March 8, 2016 in Critical ControlsCybersecurity is a domain where organizations need to be right all the time and a bad actor needs to be right once.
-
A DevSecOps Playbook
Analyst Paper
by Dave Shackleford - March 8, 2016- Associated Webcasts: A DevSecOps Playbook
- Sponsored By: CloudPassage
Enterprise computing is going through a major transformation of infrastructure and IT delivery models, one that is at least as disruptive as the move from mainframe computing to client/server (Internet) architectures. With client/server architectures, the change in hardware was the most obvious difference, but the more meaningful transformation was IT organizations new ability to build custom systems and software much more quickly, with far greater flexibility and at lower cost than had been possible during the mainframe era.
-
Tracing the Lineage of DarkSeoul
Masters
by David Martin - March 4, 2016 in Critical Controls, Information WarfareThe highly publicized 2014 cyber-attack on Sony brought the threat of cyberwarfare, broadly defined as destructive cyber-attacks launched by one nation state against another, to the attention of the American public.
-
The Who, What, Where, When, Why and How of Effective Threat Hunting
Analyst Paper
by Robert M. Lee and Rob Lee - March 1, 2016- Associated Webcasts: Threat Hunting
- Sponsored By: Sqrrl Data, Inc.
The chances are very high that hidden threats are already in your organizations networks. Organizations cant afford to believe that their security measures are perfect and impenetrable, no matter how thorough their security precautions might be. Having a perimeter and defending it are not enough because the perimeter has faded away as new technologies and interconnected devices have emerged. Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools by, for example, making their attacks look like normal activity.
-
Mimikatz Overview, Defenses and Detection
Masters
by James Mulder - February 29, 2016 in Intrusion Detection, Forensics, Intrusion Prevention, ToolsOver the past decade or so, we have seen hacker tools mature from tedious bit flipping to robust attack frameworks.
-
Secure Network Design: Micro Segmentation
Masters
by Brandon Peterson - February 29, 2016 in Best PracticesSecure network design or architecture begins with the understanding that most business processes require network communication to traverse untrustworthy networks.
-
Quantifying Risk: Closing the Chasm Between Cybersecurity and Cyber Insurance
Analyst Paper
by Barbara Filkins - February 25, 2016 in Management & Leadership, Risk Management- Sponsored By: PivotPoint Risk Analytics
Sponsored by PivotPoint Risk Analytics, in conjunction with Advisen.
-
Breach Control: Best Practices in Health Care Application Security
Masters
by Brian Quick - February 25, 2016 in HIPAAData breaches in the health care industry have surged in the past few years. The health care industry is currently the largest attack surface of the critical infrastructure.
-
Crossing the line: Joining forces with your customers
by Jules Vandalon - February 24, 2016 in Risk Management
Anyone who starts in the field of information security quickly gets familiar with setting up a secure architecture, setting up defense mechanisms and much more.
-
Password Management Applications and Practices
Masters
by Scott Standridge - February 23, 2016 in Best PracticesPassword compromise is still the root cause behind many cyber breaches. In 2014 two out of three breaches involved attackers using stolen or misused credentials (Higgins 2014).
-
Selling Your Information Security Strategy
Masters
by David Todd - February 18, 2016 in Management & Leadership -
Dont Always Judge a Packet by Its Cover
Masters
by Gabriel Sanchez - February 16, 2016 in Network Access ControlDistinguishing between friend and foe as millions of packets traverse a network at any given moment can be a very tedious and trying objective.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
Masters - This paper was created by a SANS Technology Institute student as part of their Master's curriculum.
