SANS InfoSec Reading Room - SANS Industry Analysts Program

SANS Institute

The most trusted source for computer security training, certification and research.

About SANS Industry Analysts Program

SANS Industry Analysts perform research to identify trends in the IT, IT Security, Operations and IT Audit markets, with access to resources unparalleled anywhere else: The Internet Storm Center for latest in threat information; the GIAC Advisory board of more than 2000 experts with scores of 90 or above on certification exams; and the MGT 512 Alumni on issues and concerns that impact management. If you are interested in learning more, please contact vendor@sans.org.

Featuring 33 Papers as of January 19th, 2010

Sentinel Log Manager Review: by Jerry Shenk; Sponsored by: Novell; View PDF; Webcast - Novell Sentinel Log Manager Review
New Tools on the Bot War Front: by Jerry Shenk; Sponsored by: FireEye; View PDF; Webcast - New Tools on the Bot War Front Webcast Sponsored by FireEye
Making Database Security an IT Security Priority: by Tanya Baccam; Sponsored by: Oracle; View PDF; Webcast - Making Database Security an IT Security Priority Webcast Sponsored by Oracle
Securing a Smarter Grid: Risk Management in Power Utility Networks: by Matthew E. Luallen; Sponsored by: NitroSecurity; View PDF
Application Whitelisting: Enhancing Host Security: by Dave Shackleford; Sponsored by: McAfee; View PDF; Webcast - Application Whitelisting Webcast Sponsored by McAfee
IT Audit for the Virtual Environment: by J. Michael Butler and Rob Vandenbrink; Sponsored by: VMWare; View PDF; Webcast - IT Audit for the Virtual Environment Webcast
Top Virtualization Security Mistakes (and How to Avoid Them): by Jim D. Hietala; Sponsored by: Catbird and McAfee; View PDF; Webcast - Catbird and McAfee Virtualization Webcast
Data Protection Requirements: by Barbara Filkins; Sponsored by: McAfee; View PDF
Data Protection Requirements Checklist: by Barbara Filkins; Sponsored by: McAfee; View PDF
SANS Review: McAfee's Total Protection for Data: by Dave Shackleford; Sponsored by: McAfee; View PDF
SANS Annual 2009 Log Management Survey: by Jerry Shenk; Sponsored by: ArcSight, Intellitactics, and Loglogic; View PDF
Benchmarking Security Information Event Management (SIEM): by J. Michael Butler; Sponsored by: NitroSecurity; View PDF
ArcSight Logger Review: by Jerry Shenk; Sponsored by: ArcSight; View PDF; Spanish Translation: EspañolView PDF
Real-Time Adaptive Security: by Dave Shackleford; Sponsored by: Sourcefire; View PDF
Log Management in the Cloud: A Comparison of In-House versus Cloud-Based Management of Log Data: by Jerry Shenk; Sponsored by: Alert Logic; View PDF
Demanding More from Log Management Systems: by Jerry Shenk; Sponsored by: LogLogic; View PDF
Monitoring Security and Performance on Converged Traffic Networks: by SANS Analyst, Dave Shackleford; Sponsored by: NIKSUN; View PDF
Leveraging Event and Log Data for Security and Compliance: by SANS Analyst, Dave Shackleford; Sponsored by: Intellitactics; View PDF
Data Leakage Landscape: Where Data Leaks and How Next Generation Tools Apply: by SANS Analyst, Barbara Filkins and Deb Radcliff; Sponsored by: Utimaco and Trend Micro; View PDF
The SANS Database Audit and Compliance Survey: by SANS Analyst, Barbara Filkins; Sponsored by: Lumigent; View PDF
NetDetector/NetVCR 2005 Traffic Analyzer: By Jerry Shenk; Sponsored by: NIKSUN; View PDF
Regulations and Standards: Where Encryption Applies: By Dave Shackleford; Sponsored by: Utimaco Safeware; View PDF
Building Brick Houses: Applying Secure Lifecycle Practices to Web Applications: By Gary W. Longsine and Jonathan Ham; Sponsored by: Watchfire; View PDF
Hardware Versus Software: A Usability Comparison of Software-Based Encryption with Seagate Secure™ Hardware-Based Encryption: By J.D. Hietala; Sponsored by: Seagate; Edited May, 2008; View PDF
Correlating SIM information to Detect Insider Threats: By Dr. Eric Cole; Sponsored by: SenSage; View PDF
Using Security Information Management Systems for PCI Compliance: By Dave Shackleford; Sponsored by: SenSage; View PDF
Encryption Procurement: Setting a Standard: By Stephen Northcutt and Barbara Filkins; Sponsored by: Utimaco; View PDF
NetDetector/NetVCR 2005 Traffic Analyzer - August 2007: By Jerry Shenk; Sponsored by: NIKSUN; View PDF
The SANS 2007 Log Management Market Report: By Jerry Shenk; Sponsored by: LogLogic; View PDF
Building the Business Case for Log Management Intelligence (LMI) - November 2006: By Steve Mancini and Jerry Shenk; Sponsored by: LogLogic; View PDF
Penetration testing: Assessing Your Overall Security Before Attackers Do - June 2006: By Stephen Northcutt, Jerry Shenk, Dave Shackleford, Tim Rosenberg, Raul Siles and Steve Mancini; Sponsored by: CORE Impact; View PDF
The Log Management Industry: An Untapped Market - June 2006: By Stephen Northcutt, Jerry Shenk & Dave Shackleford; Sponsored by: LogLogic; View PDF
PowerBroker vs. Sudo - February 2006: By Jerry Shenk & Steve Mancini; Sponsored by: Symark; View PDF

Check Them Out!

There are many places to get Security Training, but SANS is premium training.
-Carl Ness, University of Iowa