Analyst Papers
Featuring 226 Papers as of September 23, 2016
-
Threat Intelligence: What It Is, and How to Use It Effectively by Matt Bromiley - September 19, 2016
- Sponsored By: NSFocus
In todays cyber landscape, decision makers constantly question the value of their security investments, asking whether each dollar is helping secure the business. Meanwhile, cyber attackers are growing smarter and more capable every day. Todays security teams often nd themselves falling behind, left to analyze artifacts from the past to try to determine the future. As organizations work to bridge this gap, threat intelligence (TI) is growing in popularity, usefulness and applicability.
-
Data Breaches: Is Prevention Practical? by Barbara Filkins - September 13, 2016
- Associated Webcasts: Breach Detected! Could It Have Been Prevented?
- Sponsored By: Palo Alto Networks
Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches and what security and IT practitioners actually are, or are not, implementing for prevention.
-
Intelligent Network Defense by Jake Williams - September 8, 2016
- Associated Webcasts: Intelligent Network Security
- Sponsored By: ThreatSTOP
When an army invades a sovereign nation, one of the defenders first goals is to disrupt the invaders command and control (C2) operations. The same is true when cyber attackers invade your network. Network defenders must prevent adversary communication, stopping the attack in its tracks while alerting the incident response (IR) team to the point of compromise and nature of the attack. Read on to learn more.
-
Hunting with Prevention by Dave Shackleford - August 24, 2016
- Associated Webcasts: Using an Attacker Technique-Based Approach for Prevention
- Sponsored By: Endgame
Traditional endpoint protection such as antivirus, while effective in some cases, is no match for the ever-changing techniques that attackers use to get past defenses, according to multiple SANS surveys.
-
Protect the Network from the Endpoint with the Critical Security Controls by G. W. Ray Davidson, PhD - August 22, 2016
- Sponsored By: ForeScout Technologies
The endpoint is rapidly evolving and often the first vector of attack into enterprises, according to the SANS 2016 State of Endpoint Security Survey. As such, all endpoints should be considered potentially hostile.
-
The SANS State of Cyber Threat Intelligence Survey: CTI Important and Maturing by Dave Shackleford - August 15, 2016
- Associated Webcasts: The State of Cyber Threat Intelligence: Part 1: How Cyber Threat Intelligence Is Consumed and Processed The State of Cyber Threat Intelligence: Part 2: The Value of CTI
- Sponsored By: Arbor Networks Hewlett Packard NETSCOUT Systems, Inc. Rapid7 Inc. AlienVault Anomali
Its 2016, and the attacks (and attackers) continue to be more brazen than ever. In this threat landscape, the use of cyber threat intelligence (CTI) is becoming more important to IT security and response teams than ever before. This paper provides survey results along with advice and best practices for getting the most out of CTI.
-
Healthcare Provider Breaches and Risk Management Road Maps: Results of the SANS Survey on Information Security Practices in the Healthcare Industry by Barbara Filkins - July 19, 2016
- Associated Webcasts: Health Care Provider Breaches and Risk Management Roadmaps: Part 2 - Health Care Security from the Top Down
- Sponsored By: ForeScout Technologies WhiteHat Security Carbon Black Trend Micro Inc. Anomali Great Bay Software
The number of attack surfaces continues to rise as the use of mobile medical- and health-related apps grows and as electronic health records (EHR) become ever more embedded in clinical settings. As this survey shows, many attacks stem from insiders with access, whether through simple negligence, malicious intent or just plain curiosity. To get the specifics, read on
-
Decision Criteria and Analysis for Hardware-Based Encryption by Eric Cole, PhD - July 13, 2016
- Associated Webcasts: Decision Criteria and Analysis for Hardware-Based Encryption
- Sponsored By: THALES e-Security
Organizations trying to balance the risk of data breaches against the inconvenience, latency and cost of encrypting every bit of valuable data often balk at the trade-off. But with the volume of digital data growing and computing environments becoming more complex and accessible, the ratio of cost to benefit has improved and encryption is now far more common in organizations that rely heavily on Internet- or cloud-connected applications for significant business functions.
-
The Case for PIM/PAM in Today's Infosec by Barbara Filkins - June 30, 2016
- Associated Webcasts: The Case for PIM/PAM in Today's Infosec
- Sponsored By: CA, Inc.
To see how serious a threat the misuse of privileged credentials represents, look no further than the astonishing scope of the breach discovered in 2015 at the United States Office of Personnel Management (OPM). To realize how often similar threats become real, look no further than the 2016 Verizon Data Breach Incident Report (DBIR), which found that privilege misuse was the second-most frequent cause of security incidents and the fourth-most common cause of breaches.
-
SANS 2016 State of ICS Security Survey by Derek Harp and Bengt Gregory-Brown - June 28, 2016
- Associated Webcasts: Where Are We Now?: The SANS 2016 ICS Survey
- Sponsored By: Arbor Networks Carbon Black Anomali Belden
Analysis of survey data collected between January and April 2016 indicates that security for ICSes has not improved in many areas and that many problems identified as high-priority concerns in our past surveys remain as prevalent as ever. In this report we focus on identifying and prioritizing recommendations to address the greatest concerns.
-
Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey by Barbara Filkins - June 20, 2016
- Associated Webcasts: Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey
- Sponsored By: PivotPoint Risk Analytics
Results of this survey, conducted in conjunction with Advisen, Ltd., make it clear that the effort to achieve a common understanding of cyber insurance and derive value from it will require focused attention from all sides. This study also sets a direction toward a common, achievable goal: reducing the risk of financial loss from a cyber incident. The gaps identified in this survey come together to form the building blocks needed to achieve this goal.
-
Infographic: Financial Apps at Risk by - June 7, 2016
- Sponsored By: Veracode
View the associated whitepaper here: https://www.sans.org/reading-room/whitepapers/analyst/understanding-security-regulations-financial-services-industry-37027
-
Incident Response Capabilities in 2016: The 2016 SANS Incident Response Survey by Matt Bromiley - June 7, 2016
- Associated Webcasts: Incident Response Capabilities in 2016 - Part 1: The Current Threat Landscape and Survey Results Incident Response Capabilities in 2016 - Part 2: Emerging Trends in Incident Response and Survey Results
- Sponsored By: IBM Intel Security Arbor Networks LogRhythm NETSCOUT Systems, Inc. HP Enterprise Security AlienVault Veriato
Results of the 2016 Incident Response Survey indicate that the IR landscape is ever changing. Advanced industries are able to maintain effective IR teams, but as shown in this report, there are still hurdles to jump to increase the efficiency of many IR teams. Read this report to learn more.
-
Understanding Security Regulations in the Financial Services Industry by David Hoelzer - June 3, 2016
- Sponsored By: Veracode
View the associated infographic here: https://www.sans.org/reading-room/whitepapers/analyst/infographic-financial-apps-risk-37042
-
Blueprint for CIS Control Application: Securing the SAP Landscape by Barbara Filkins - May 26, 2016
- Associated Webcasts: A Blueprint to Secure SAP Applications Using CIS Controls As a Guide
- Sponsored By: Onapsis
Any data breach can be expensive, but the potential cost rises with the value or exploitability of the data targeted in an attack.
-
Assessing Application Security: A Buyer's Guide by Barbara Filkins - May 23, 2016
- Sponsored By: Veracode
Organizations realize that application security (AppSec) is key to protecting their data and the IT assets that contain it.
-
2016 State of Application Security: Skills, Configurations and Components by Johannes Ullrich, PhD - April 26, 2016
- Associated Webcasts: Managing Applications Securely: A SANS Survey
- Sponsored By: WhiteHat Security Veracode Checkmarx Inc.
Survey results reveal that it is critical for an overall enterprise security program to coordinate efforts among developers, architects and system administratorsparticularly since many software vulnerabilities are rooted in configuration issues or third-party components, not just in code written by the development team. Read on to learn more.
-
Improving Application and Privilege Management: Critical Security Controls Update by John Pescatore - April 25, 2016
- Associated Webcasts: Overcome Privilege Management Obstacles with CSC v. 6
- Sponsored By: Appsense
-
Threat Hunting: Open Season on the Adversary by Dr. Eric Cole - April 12, 2016
- Associated Webcasts: Open Season on Cyberthreats: Part 2- Threat Hunting Methodologies and Tools Open Season on Cyberthreats: Part I- Threat Hunting 101
- Sponsored By: HPE Carbon Black DomainTools Endgame Sqrrl Data, Inc. Malwarebytes
Nearly 86% of organizations responding to the survey want to be doing the hunting, albeit informally, as more than 40% do not have a formal threat hunting program in place. Results indicate that hunting is providing benefits, including finding previously undetected threats, reducing attack surfaces and enhancing the speed and accuracy of response by using threat hunting. They also suggest that organizations want to improve their threat-hunting programs and realize more benefits from threat hunting.
-
Can We Say Next-Gen Yet? State of Endpoint Security by G. W. Ray Davidson, PhD - March 16, 2016
- Associated Webcasts: SANS 2016 Endpoint Security Survey Part 1: The Evolving Definition of Endpoints SANS 2016 Endpoint Security Survey Part 2: Can We Say Next-Gen Yet?
- Sponsored By: Guidance Software IBM Sophos Inc. Malwarebytes Great Bay Software
The survey results show that although conventional devices such as desktops and servers represent the largest segment of endpoints connected to the network, the variety of endpoints is growing quickly. Read this survey results paper for insight into endpoint management strategies and processes.
-
Using Metrics to Manage Your Application Security Program by Jim Bird - March 14, 2016
- Associated Webcasts: Benchmarking AppSec: A Metrics Pyramid
- Sponsored By: Veracode
In this paper, well look at the first steps in measuring your AppSec program, starting with how to use metrics to understand what is working and where you need to improve, to identify and solve problems, and to build a case for making further investments in your program. Ultimately, the goal is to make AppSec part of the organizations culture, and ensure its relevant to business units and meaningful to executives.
-
Active Breach Detection: The Next-Generation Security Technology? by Dave Shackleford - March 11, 2016
- Associated Webcasts: Is Active Breach Detection the Next-Generation Security Technology?
- Sponsored By: EastWind Networks
A SANS Whitepaper written by Dave Shackleford
-
A DevSecOps Playbook by Dave Shackleford - March 8, 2016
- Associated Webcasts: A DevSecOps Playbook
- Sponsored By: CloudPassage
Enterprise computing is going through a major transformation of infrastructure and IT delivery models, one that is at least as disruptive as the move from mainframe computing to client/server (Internet) architectures. With client/server architectures, the change in hardware was the most obvious difference, but the more meaningful transformation was IT organizations new ability to build custom systems and software much more quickly, with far greater flexibility and at lower cost than had been possible during the mainframe era.
-
The Who, What, Where, When, Why and How of Effective Threat Hunting by Robert M. Lee and Rob Lee - March 1, 2016
- Associated Webcasts: Threat Hunting
- Sponsored By: Sqrrl Data, Inc.
The chances are very high that hidden threats are already in your organizations networks. Organizations cant afford to believe that their security measures are perfect and impenetrable, no matter how thorough their security precautions might be. Having a perimeter and defending it are not enough because the perimeter has faded away as new technologies and interconnected devices have emerged. Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools by, for example, making their attacks look like normal activity.
-
Quantifying Risk: Closing the Chasm Between Cybersecurity and Cyber Insurance by Barbara Filkins - February 25, 2016
- Sponsored By: PivotPoint Risk Analytics
Sponsored by PivotPoint Risk Analytics, in conjunction with Advisen.
-
Getting Started with Web Application Security by Gregory Leonard - February 10, 2016
- Associated Webcasts: Getting Started with Web Application Security
- Sponsored By: Veracode
-
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices by Lee Neely - February 9, 2016
- Associated Webcasts: Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices
- Sponsored By: Skycure
The ubiquitous use of mobile devices results in a mixture of corporate and personal data stored on devices that are online continuously, seamlessly connecting to the closest available network, downloading and uploading data whenever possible, and carried with users continuously. This trend has radically changed the landscape of data protection.
-
Using Analytics to Predict Future Attacks and Breaches by Dave Shackleford - February 9, 2016
- Associated Webcasts: Predicting Future Attacks and Breaches: Analytics in Action
- Sponsored By: SAS INSTITUTE INC
The pace and sophistication of data breaches is growing all the time. Anyone with valuable secrets can be a target, and likely already is. According to the Privacy Rights Clearinghouse, at the time of this writing, 884,903,517 records were breached in 4,621 incidents documented since 2005. This number is just an estimate based on publicly disclosed and well-documented incidents; the real number is likely much higher. According to data available from datalossdb.org, the size of the major breaches over the past several years has grown significantly.
-
Eliminating Blind Spots: A New Paradigm of Monitoring and Response by Dave Shackleford - February 4, 2016
- Associated Webcasts: A New Paradigm of Monitoring and Response
- Sponsored By: Raytheon | Websense
-
IT Security Spending Trends by Barbara Filkins - February 2, 2016
- Associated Webcasts: SANS 2016 IT Security Spending Strategies Survey
- Sponsored By: Arbor Networks Gigamon
This paper assumes security budgeting occurs as part of each organization's yearly cost management cycle. Readers will explore the what, why, where and how of IT security spending and will get advice on how to better meet the challenge of aligning security spending processes with organizational needs.
-
Why You Need an Application Security Program by Johannes B. Ullrich, PhD - January 28, 2016
- Associated Webcasts: Why You Need Application Security
- Sponsored By: Veracode
-
Guarding Beyond the Gateway: Challenges of Email Security by Barbara Filkins - January 6, 2016
- Associated Webcasts: Guarding Beyond the Gateway: Modern Challenges of Email Security
- Sponsored By: Mimecast
Learn how to maximize the trustworthiness of email services through changes to infrastructure and how to use your systems to improve the performance of the human firewall.
-
Cleaning Up After a Breach Post-Breach Impact: A Cost Compendium by Barbara Filkins - December 14, 2015
- Associated Webcasts: Post-Breach Impact: A Cost Compendium
- Sponsored By: Spirion
Read this report to explore the factors that influence the financial impact on the organization in the post-breach environment: forensic analysis, system repair and data recovery, legal and insurance considerations, additional controls, customer support and losses to brand and reputation.
-
LogRhythm 7 Review: Reducing Detection and Response Times by Dave Shackleford - December 10, 2015
- Associated Webcasts: Scaling Big Data Analytics: SANS Review of LogRhythm 7 Analytics and Intelligence Upgrades
- Sponsored By: LogRhythm
Although we have made progress in the use of analytics and intelligence, the latest SANS Security Analytics survey shows 26 percent of respondents feel they still cant understand and baseline normal behavior in their IT environments, with a majority citing a lack of people and dedicated resources as an impediment.
-
Advancing Endpoint Protection and Compliance with Promisec Endpoint Manager by Jake Williams - December 10, 2015
- Associated Webcasts: Ensuring Compliance and Detecting Suspicious Activity with Promisec Endpoint Manager
- Sponsored By: Promisec
A review by SANS analyst and instructor Jake Williams of Promisec Endpoint Manager (PEM). It discusses PEMs effectiveness in detecting and remediating endpoint issues.
-
Intrusion Prevention with HPE TippingPoint by Dave Shackleford - December 7, 2015
- Associated Webcasts: New Frontiers in Intrusion Protection
- Sponsored By: Hewlett Packard
A review by Dave Shackleford of HPEs TippingPoint 2600NX IPS and its management platform. It examines the device's analytic and operational features and discusses the integration of such devices with security information and event management (SIEM) systems as wells as external threat information.
-
Protect Against Advanced Email-Borne Malware, Phishing and Social Media Fraud: A SANS Guide by Jerry Shenk - December 2, 2015
- Sponsored By: ProofPoint
Organizations are constantly under attack. Nearly every week comes a news headline of another breach affecting millions of people. Organizations that experience 'small' breaches spend hundreds of thousands of dollars on forensic examinations, infrastructure upgrades and identity monitoring. Those that get hit by a large breach spend millions.
-
Securing SSH with the CIS Critical Security Controls by Barbara Filkins - November 30, 2015
- Associated Webcasts: Securing SSH Itself with the Critical Security Controls
- Sponsored By: Venafi, Inc
A SANS Analyst Program whitepaper by Barb Filkins. It discusses how the Critical Security Controls—coupled with good configuration management processes—can support the effort required to avoid the risks inherent to SSH.
-
2015 Analytics and Intelligence Survey by Dave Shackleford - November 10, 2015
- Associated Webcasts: Security Analytics Maturation Curve: Part 1 of the 3rd Annual SANS Security Analytics and Intelligence Survey Moving up the Analytics Maturation Curve: Part 2 of the 3rd Annual SANS Security Analytics and Intelligence Survey
- Sponsored By: LogRhythm AlienVault Lookingglass Cyber Solutions, Inc. SAS INSTITUTE INC Anomali DomainTools
Although survey results indicate slow and steady progress in the use of analytics and intelligence, most analytics programs lack maturity. Read this survey to understand what is missing and learn where most organizations plan to invest funds to drive improvement.
-
Security Automation: Security Nirvana or Just a Fad? by Jerry Shenk - November 3, 2015
- Associated Webcasts: Security Automation: Security Nirvana or Just A Fad?
- Sponsored By: Symantec
Security breaches have become so frequent that often, they dont even make news.
-
The Expanding Role of Data Analytics in Threat Detection by Barbara Filkins - October 27, 2015
- Associated Webcasts: The Expanding Role of Data Analytics in Threat Detection
- Sponsored By: Vectra Networks
-
What Are Their Vulnerabilities?: A SANS Survey on Continuous Monitoring by David Hoelzer - October 27, 2015
- Associated Webcasts: What Are Their Vulnerabilities? A SANS Continuous Monitoring Survey
- Sponsored By: Tenable Network Security Arbor Networks HP AlienVault
This report offers an analysis of the survey findings and recommendations for improving practices. It also offers a definition of what a mature program should look like now and in the future. The goal, ultimately, is to provide a metric by which organizations can gauge their own progress in an objective way.
-
Behind the Curve? A Maturity Model for Endpoint Security by G. Mark Hardy - October 22, 2015
- Associated Webcasts: Behind the Curve? Getting Started on Endpoint Security Maturity
-
Detecting a Targeted Data Breach with Ease: A SANS Product Review by Jake Williams - October 21, 2015
- Associated Webcasts: Implementing Active Breach Detection
A product review by Jake Williams. It examines LightCyber Magna, focusing on its effectiveness in detecting reconnaissance, lateral movement, data exfiltration and other threats.
-
Understanding and Preventing Threats to Point of Sale Systems Masters
by Richard Hummel - October 15, 2015Data breaches have become a systemic problem in the retail, financial, and healthcare sectors, resulting in mass exfiltration of sensitive customer and/or patient data. These breaches continue to be a major problem for all sectors, but primarily that of the retail sector. It has seen many different Point-of-Sale systems compromised, databases stolen, and customer data sold in underground forums. Many studies and white papers describe and analyze these breaches in detail, but fail to address all aspects of a single breach in one succinct article. As such, practitioners are only educated in part on the threats and the methods to mitigate these threats. This paper will cover three of the more prominent breaches, how the breaches occurred, how data was stolen, and actions organizations need to take to mitigate or, hopefully, eliminate the threats altogether.
-
The State of Dynamic Data Center and Cloud Security in the Modern Enterprise by Dave Shackleford - October 13, 2015
- Associated Webcasts: Dynamic Data Center Security
- Sponsored By: Illumio
As organizations' data centers become more dynamic and the need to scale quickly in complex architectures grows, security will need to adapt accordingly. Read this survey results paper to learn the challenges hybrid data centers face, along with some of the steps you can take to update current practices to enhance security for the dynamic data centers in use today.
-
Automating the Hunt for Hidden Threats by Eric Cole, PhD - October 1, 2015
- Associated Webcasts: Automating the Hunt for Network Intruders
- Sponsored By: Endgame
An Analyst Program whitepaper by Dr. Eric Cole. It defines the process of automating the hunt for threats, and discusses how to deploy a continuous threat-hunting process while preparing a team to analyze threats to protect critical processes and data.
-
Orchestrating Security in the Cloud by Dave Shackleford - September 22, 2015
- Sponsored By: HP Intel CloudPassage Evident.io
Survey results indicate a strong need to keep security close to the data as it traverses cloud systems. Findings also indicate a need to integrate monitoring capabilities across hybrid environments and partnership with public cloud providers for full-spectrum visibility and response. Learn more by in this survey report focusing on cloud security.
-
Combatting Cyber Risks in the Supply Chain by Dave Shackleford - September 9, 2015
- Associated Webcasts: Combatting Cyber Risks in the Supply Chain
- Sponsored By: Raytheon | Websense
By some estimates, up to 80% of breaches may originate in the supply chain. Read this paper to get some guidance on best practices to protect your organization from vulnerabilities introduced by your vendors and suppliers.
-
Retail Security: Third-Party Interaction by Eric Cole, PhD - September 4, 2015
- Associated Webcasts: Retail Security: PCI DSS and Third Party Interactions
- Sponsored By: Tenable Network Security
-
The Sliding Scale of Cyber Security by Robert M. Lee - September 1, 2015
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security.
-
A Proactive Approach to Incident Response by Jake Williams - August 31, 2015
- Associated Webcasts: A Proactive Approach to Incident Response
- Sponsored By: Blue Coat Systems, Inc.
-
Using Hardware-Enabled Trusted Crypto to Thwart Advanced Threats by John Pescatore - August 28, 2015
- Associated Webcasts: Thwarting Advanced Threats with Trusted Crypto
- Sponsored By: THALES e-Security
-
Protecting Third Party Applications with RASP Infographic by - August 27, 2015
- Associated Webcasts: Protecting Third Party Applications with RASP
-
Detect, Contain and Control Cyberthreats by Eric Cole, PhD - August 20, 2015
- Associated Webcasts: Detect, Contain, and Control Cyberthreats
- Sponsored By: Raytheon | Websense
An Analyst Program whitepaper by Dr. Eric Cole. It discusses the value of prioritizing mitigation efforts based on known risks and high- value targets, and how doing so can reinforce network defenses.
-
The Race to Detection: A Look at Rapidly Changing IR Practices by Alissa Torres - August 19, 2015
- Associated Webcasts: The Race to Detection: IR Trends, Tools and Processes That Close the Gap
- Sponsored By: Carbon Black
With the rapidly changing risk environment, those assigned to protect their organizations must be agile in adapting technology to meet the challenges presented to them. Read this paper to learn what leading incident response practices are doing, and what they plan for the future.
-
Insider-Focused Investigation Made Easier by Dave Shackleford - August 18, 2015
- Associated Webcasts: The Value of Real-Time Pattern Recognition
- Sponsored By: Raytheon | Websense
A review by SANS analyst and instructor Dave Shackleford of Raytheon|Websense SureView Insider Threat. It discusses the product's ability to assist security teams in their efforts to mitigate the threats posed by trusted insiders.
-
Maturing and Specializing: Incident Response Capabilities Needed by Alissa Torres - August 17, 2015
- Associated Webcasts: Part 1: Incident Response - What Is (and Isn't) Working Today Part 2: Incident Response - How Can We Be More Proactive for the Future?
- Sponsored By: Intel Security Arbor Networks Hewlett Packard Rapid7 Inc. Carbon Black AlienVault
Survey results reveal an increasingly complex response landscape and the need for automation of processes and services to provide both visibility across systems and best avenues of remediation. Read this paper for coverage of these issues, along with best practices and sage advice.
-
Observation and Response: An Intelligent Approach by J. Michael Butler - August 7, 2015
- Associated Webcasts: Tracking and Observation-How-To and What To Watch For
- Sponsored By: Anomali
A SANS Analyst Program whitepaper by J. Michael Butler. It discusses how properly focused observation and tracking efforts provide intelligence from inside the enterprise by monitoring for indicators of compromise such as odd point-in-time activities on the network, unusual machine-to-machine communications, outbound transfers, connection requests and many other suspicious activities.
-
Beyond the Point of Sale: Six Steps to Stronger Retail Security by Robert L. Scheier - July 28, 2015
- Associated Webcasts: Analyst Webcast: Securing Retail Beyond the Cash Register--Insider Threats and Targeted Attacks
- Sponsored By: Palo Alto Networks
A whitepaper by Robert Scheier. It addresses the complex nature of IT in the retail environment and outlines a six-step process for enhancing security of small shopkeepers as well as big-box chains.
-
The State of Security in Control Systems Today by Derek Harp and Bengt Gregory-Brown - June 24, 2015
- Associated Webcasts: The State of Security in Control Systems Today: A SANS Survey Webcast
- Sponsored By: Tenable Network Security SurfWatch Labs
By reading this report, ICS professionals will gain insight into the challenges facing peers, as well the approaches being employed to reduce the risk of cyberattack.
-
Security Spending and Preparedness in the Financial Sector: A SANS Survey by Jaikumar Vijayan - June 23, 2015
- Associated Webcasts: SANS 2nd Financial Sector Security Survey
- Sponsored By: Arbor Networks LogRhythm VSS Monitoring, Inc. AlienVault
Financial services organizations are being breached too often. Find out how the threat landscape and the tools to secure data are changing in the 2015 SANS Financial Services Survey.
-
Six Steps to Stronger Security for SMBs by Eric Cole, PhD - June 23, 2015
- Associated Webcasts: Six Steps to Stronger Security for SMBs
- Sponsored By: Qualys
An Analyst Program whitepaper by Dr. Eric Cole. It describes a six-step approach that small and medium-size businesses can use as a template for enhancing their overall security posture.
-
Enabling Big Data by Removing Security and Compliance Barriers by Barbara Filkins - June 17, 2015
- Associated Webcasts: Big Data: Identifying Major Threats and Removing Security and Compliance Barriers
- Sponsored By: Cloudera
The rewards that big data can bring are widely recognized: scientific insight, competitive intelligence and improved fraud detection, as well as the benefits derived from sophisticated analyses of vast sets of transactional and behavioral data.
-
Conquering Network Security Challenges in Distributed Enterprises by John Pescatore - June 11, 2015
- Associated Webcasts: Conquering Network Security Challenges in Distributed Enterprises
- Sponsored By: Palo Alto Networks
Enterprises continue to have difficulties detecting, blocking and responding to threats.
-
New Critical Security Controls Guidelines for SSL/TLS Management by Barbara Filkins - June 4, 2015
- Associated Webcasts: Meeting New CSC Guidelines for SSL Certificate Management
- Sponsored By: Venafi, Inc
Security flaws like Heartbleed, POODLE, BEAST and a series of high-profile certificate thefts and misappropriations have shaken public confidence in "secure" SSL/TLS certificates. It is possible for organizations to safeguard themselves and retain most of the benefits of using the web's most common authentication system, however, as long as they're rigorous about setting and enforcing the right policies on who do trust among many questionable nodes in the global network of trust.
-
Improving Detection, Prevention and Response with Security Maturity Modeling by Byron Acohido - May 29, 2015
- Associated Webcasts: The Value of Adopting and Improving Security Maturity Models
- Sponsored By: HP
An Analyst Program whitepaper written by Byron Acohido. It discusses various security maturity models and how organizations can use them to improve their defense posture while reducing the time needed to respond to incidents and contain the damage.
-
Securing Portable Data and Applications for a Mobile Workforce by Jaikumar Vijayan - May 13, 2015
- Associated Webcasts: Securing Portable Data and Applications on Enterprise Mobile Workspaces: A SANS Survey
- Sponsored By: Ironkey by Imation
Explore the challenges of securing a mobile workforce while enabling a desktop environment for mobile workers.
-
2015 State of Application Security: Closing the Gap by Jim Bird, Eric Johnson, Frank Kim - May 12, 2015
- Associated Webcasts: 2015 Application Security Survey, Part 2: Builder Issues 2015 Application Security Survey, Part 1: Defender Issues
- Sponsored By: Qualys WhiteHat Security Hewlett Packard Veracode Waratek
Explore the current state of application security through the lens of both builders and defenders and find out how much progress has been made in securing applications over the last 12 months.
-
The Case for Visibility: SANS 2nd Annual Survey on the State of Endpoint Risk and Security by Jacob Williams - May 5, 2015
- Associated Webcasts: Assume Compromise and Protect Your Endpoints: SANS 2nd Survey on Endpoint Security
- Sponsored By: Guidance Software
Read the results of the 2015 Endpoint Security Survey to find out whether organizations assume risk, whether their perimeter defenses protect their endpoints, how much progress we are making on automation, how long it takes to remediate each compromised endpoint, and much more.
-
Protection from the Inside: Application Security Methodologies Compared by Jacob Williams - April 27, 2015
- Associated Webcasts: Analyst Webcast: RASP vs. WAF: Comparing Capabilities and Efficiencies
- Sponsored By: HP
A SANS Analyst Program review by Jacob Williams. This webcast will explore the relative capabilities and efficiencies of RASP and WAF technologies, and discuss a blind, vendor-anonymous review of a representative product in each category.
-
Building a World-Class Security Operations Center: A Roadmap by Alissa Torres - April 15, 2015
- Sponsored By: RSA
Explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.
-
Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6 by Dave Shackleford - April 1, 2015
- Associated Webcasts: Analyst Webcast: Simplifying Compliance and Forensic Requirements with HP ArcSight Logger
- Sponsored By: Hewlett Packard
A review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.
-
Creating an SOC by Alissa Torres - March 31, 2015
- Associated Webcasts: Creating a Roadmap for Dramatically Improving Your Strategic Security Operations
- Sponsored By: RSA
Graphically explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.
-
Enabling Large-Scale Mobility with Security from the Ground Up by Jaikumar Vijayan - March 30, 2015
- Associated Webcasts: Analyst Webcast: Enabling Enterprise Mobility With Security From The Ground Up
- Sponsored By: Symantec
A SANS Analyst Program whitepaper written by Jaikumar Vijayan and advised by SANS Analyst G. Mark Hardy. It discusses the state of enterprise mobility and the challenges posed to information technology groups by the massive influx of personal and corporate-owned mobile devices in the workplace in recent years.
-
Enabling Large-Scale Mobility with Security from the Ground Up Infographic by Jaikumar Vijayan - March 30, 2015
- Associated Webcasts: Analyst Webcast: Enabling Enterprise Mobility With Security From The Ground Up
- Sponsored By: Symantec
A SANS Analyst Program infographic based on the whitepaper, Enabling Large-Scale Mobility with Security from the Ground Up. It offers a graphical interpretation of the paper's keytakeaways and supplemental data.
-
Automation in the Incident Response Process: Creating an Effective Long-Term Plan by Alissa Torres - March 4, 2015
- Associated Webcasts: Automating the Incident Response Process
- Sponsored By: Carbon Black
With the right resources in place, attackers can be detected more accurately and efficiently, mitigating damage and data loss from inevitable network attacks. This paper presents a proper process and procedure for incident response that includes the use of automation tools.
-
Who's Using Cyberthreat Intelligence and How? by Dave Shackleford - February 16, 2015
- Associated Webcasts: Who's Using Cyberthreat Intelligence and How? Part 1: Definitions, Tools and Standards Who's Using Cyberthreat Intelligence and How? Part 2: Best Practices to Improve Incident Detection and Response
- Sponsored By: Arbor Networks Carbon Black BeyondTrust AlienVault SurfWatch Labs Anomali
In the last several years, we've seen a disturbing trend-attackers are innovating much faster than defenders are. We've seen the "commercialization" of malware, with attack kits available on underground forums for anyone who wants to perpetrate a variety of attacks.
-
The Critical Security Controls: What's NAC Got to Do with IT? by Deb Radcliff, Editor - February 4, 2015
- Associated Webcasts: Mapping Next-Generation NAC to the Critical Security Controls
- Sponsored By: ForeScout Technologies
-
Protecting Access to Data and Privilege with Oracle Database Vault by Pete Finnigan - January 29, 2015
- Associated Webcasts: Analyst Webcast: Securing Oracle Databases Made Easy
- Sponsored By: Oracle
A review of Oracle Database Vault 12c by security expert Pete Finnigan. Oracle Database Vault takes advantage of built-in features of the Oracle ecosystem, and provides a holistic approach to data security management.
-
New Threats Drive Improved Practices: State of Cybersecurity in Health Care Organizations by Barbara Filkins - December 9, 2014
- Associated Webcasts: SANS 2nd Survey on the State of Information Security in Health Care Institutions: Part 2 SANS 2nd Survey on the State of Information Security in Health Care Institutions: Part 1
- Sponsored By: Qualys Tenable Network Security Cigital, Inc. FireEye CloudPassage Trend Micro Inc. RiskIQ
See the results of the 2014 SANS Health Care Cybersecurity survey.
-
Securing Personal and Mobile Device Use with Next-Gen Network Access Controls by Deb Radcliff, executive editor - November 24, 2014
- Associated Webcasts: Securing Personal and Mobile Device Use with Next-Gen Network Access Controls
- Sponsored By: ForeScout Technologies
An updated SANS Analyst Program whitepaper. It covers the essentials of applying NAC to secure guest networking, as well as leveraging NAC for BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device) situations and ensuring endpoint compliance with network policy.
-
Point of Sale Systems and Security: Executive Summary by Wes Whitteker - November 20, 2014
- Sponsored By: Carbon Black
The last year has seen scores of point of sale (POS) systems compromised by bad actors. In many cases, these environments were PCI-DSS compliant at the time of compromise. Executives seeking to protect their organizations and POS systems from compromise need to look beyond PCI-DSS and adopt a proactive "offense must inform defense" approach to POS security.
-
Securing DNS to Thwart Advanced Targeted Attacks and Reduce Data Breaches by John Pescatore - November 12, 2014
- Associated Webcasts: Protecting DNS: Securing Your Internet Address Book
Internet traffic is severely affected when critical DNS services are not reliable or are compromised by cyber attacks. However, DNS services can be secured with the right configuration and deployment of appropriate solutions.
-
Be Ready for a Breach with Intelligent Response by James Tarala - November 5, 2014
- Associated Webcasts: Be Ready for a Breach with Intelligent Response
- Sponsored By: Intel Security
By preparing a careful plan and resilient response infrastructure before an attack, organizations can limit both data loss and the reactive, post-incident expenses. The result: greatly reduced impact and costs associated with events.
-
Data Center Server Security Survey 2014 by Jacob Williams - October 29, 2014
- Associated Webcasts: Data Center Server Security: A SANS Survey
- Sponsored By: IBM Intel Security
Learn how organizations are tackling the difficult problem of data center security, explore their best practices and consider improvements needed for data centers to meet compliance demands while reducing overall risk and management complexity.
-
Detect, Investigate, Scrutinize and Contain with Rapid7 UserInsight by Jerry Shenk - October 23, 2014
- Associated Webcasts: Detecting Risky Activity "Wherever" Before It Becomes A Problem
- Sponsored By: Rapid7 Inc.
A review of Rapid7 UserInsight by SANS senior analyst Jerry Shenk. It discusses a tool that highlights user credential misuse while tracking endpoint system details that would be valuable to an incident response team.
-
Breaches Happen: Be Prepared by Stephen Northcutt - October 14, 2014
- Associated Webcasts: Breaches Happen: Be Prepared
- Sponsored By: Symantec
A whitepaper by SANS Analyst and Senior Instructor Stephen Northcutt. It describes how improved malware reporting and gateway monitoring, combined with security intelligence from both internal and external resources, helps organizations meet the requirements of frameworks such as the Critical Security Controls.
-
Hardening Retail Security by John Pescatore - October 10, 2014
- Associated Webcasts: Hardening Retail Security: Why and How to Prevent Breaches and Attacks
- Sponsored By: LogRhythm
Read this article and learn what IT security staff in the retail industry say about their security budgets, behavioral baselining, and endpoint forensics practices.
-
Analytics and Intelligence Survey 2014 by Dave Shackleford - October 8, 2014
- Associated Webcasts: 2nd Annual Analytics and Intelligence Survey 2nd Annual Analytics and Intelligence Survey - Pt 2. Future State: Improving Intelligence and Threat Protection
- Sponsored By: Intel Security HP LogRhythm Rapid7 Inc. AlienVault Anomali
This paper explores the use of analytics and intelligence today and exposes the impediments to successful implementation.
-
Ninth Log Management Survey Report by Jerry Shenk - October 3, 2014
- Associated Webcasts: Log and Event Management Survey
- Sponsored By: VMWare, Inc
Using the results of the 2014 Log Management Survey, this paper identifies strengths and weaknesses in log management systems and practices, and provides advice for improving visibility across systems with proper log collection, normalization and analysis.
-
Critical Security Controls: From Adoption to Implementation by James Tarala - September 18, 2014
- Associated Webcasts: The Critical Security Controls: From Adoption to Implementation A SANS Survey
- Sponsored By: Qualys Tripwire, Inc. Intel Security EiQnetworks
This SANS survey report explores how widely the CSCs are being adopted, as well as what challenges adopters are facing in terms of implementation of the controls and what they are looking for to improve their implementation practices.
-
Data Encryption and Redaction: A Review of Oracle Advanced Security by Dave Shackleford - September 15, 2014
- Associated Webcasts: Simplifying Data Encryption and Redaction Without Touching the Code
- Sponsored By: Oracle
A review of Oracle Advanced Security for Oracle Database 12c by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including transparent data encryption (TDE) and effortless redaction of sensitive data, that seamlessly protect data without any developer effort from unauthorized access.
-
Insider Threats in Law Enforcement by Dr. Eric Cole - September 4, 2014
- Associated Webcasts: Solving Insider Threats in Law Enforcement
- Sponsored By: Raytheon | Websense
Based on the valuable information they have at their disposal, law enforcement agencies are among those that are prime targets for advanced attacks. While network protection can be extensive and sophisticated, the exploitation of insiders poses a serious threat for illegal access to these agencies.
-
Under Threat or Compromise - Every Detail Counts by Jake Williams - August 20, 2014
- Associated Webcasts: Under Threat or Compromise: Every Detail Counts
- Sponsored By: Blue Coat Systems, Inc.
This paper outlines five major components of a life-cycle approach to defense and how companies can adopt this model to maximize security in the current threat landscape.
-
Incident Response: How to Fight Back by Alissa Torres - August 13, 2014
- Associated Webcasts: Incident Response Part 1: Incident Response Techniques and Processes: Where We Are in the Six-Step Process Incident Response Part 2: Growing and Maturing An IR Capability
- Sponsored By: Intel Security AccessData Corp. Arbor Networks HP Carbon Black AlienVault
A spate of high-profile security breaches and attacks means that security practitioners find themselves thinking a lot about incident response. A new SANS incident response survey explores how practitioners are dealing with these numerous incidents and provides insight into incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.
-
Continuous Diagnostics and Mitigation : Making it Work by John Pescatore - August 6, 2014
- Associated Webcasts: Continuous Diagnostics and Mitigation for Government Agencies: Is It Working? A SANS Survey
- Sponsored By: ForeScout Technologies IBM Symantec Firemon
Security professionals in federal, state and local agencies face many unique challenges in protecting critical systems and information. The CDM program has tremendous potential for both increasing the security levels at those agencies and reducing the cost of demonstrating compliance. However, to be successful, the program must address the following: lack of awareness, low inspector general awareness and lack of information on how to use the program. For use of the program to result in better security, additional staffing and skills are needed, as are success stories to guide organizations attempting to implement CDM.
-
Killing Advanced Threats in Their Tracks: An Intelligent Approach to Attack Prevention by Tony Sager - July 29, 2014
- Associated Webcasts: Need to defeat APTs? Tony Sager Explains Where We're At With Live Threat Detection Automation
- Sponsored By: Palo Alto Networks
All attacks follow certain stages. By observing those stages during an attack progression and then creating immediate protections to block those attack methods, organizations can achieve a level of closed-loop intelligence that can block and protect across this attack kill chain. This paper explains the many steps in the kill chain, along with how to detect unknown attacks by integrating intelligence into sensors and management consoles.
-
Advanced Network Protection with McAfee Next Generation Firewall by Dave Shackleford - June 19, 2014
- Associated Webcasts: Analyst Webcast: Advanced Network Protection with McAfee Next Generation Firewall
- Sponsored By: Intel Security
A review of McAfee Next Generation Firewall by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including clustering and redundancy, numerous varieties of VPN access, policy options and features such as end-user identification and advanced anti-evasion tools
-
Higher Education: Open and Secure? by Randy Marchany - June 16, 2014
- Associated Webcasts: Higher Education: Open and Secure? A SANS Survey
- Sponsored By: Tenable Network Security Trend Micro Inc. AlienVault
-
Practical Threat Management and Incident Response for the Small- to Medium-Sized Enterprises by Jacob Williams - June 12, 2014
- Associated Webcasts: Practical Threat Management and Incident Response for the Small- to Medium-Sized Enterprise
- Sponsored By: AlienVault
If you work in a small- to medium-sized enterprise (SME),1 you know how challenging securing your technology assets can be.
-
Cybersecurity Professional Trends: A SANS Survey Advisors: John Pescatore, Barb Filkins, Tracy Lenzner and SANS GIAC - May 8, 2014
- Associated Webcasts: SANS 2014 Salary Survey: The State of Security Professionals Today
- Sponsored By: Arbor Networks
Survey results on evolving roles of security professionals worldwide, including new roles, titles, managerial functions, and existing and planned certifications broken out by industry and geography.
-
Combining Security Intelligence and the Critical Security Controls: A Review of LogRhythm's SIEM Platform by Dave Shackleford - April 23, 2014
- Associated Webcasts: SIEM, Security Intelligence and the Critical Security Controls
- Sponsored By: LogRhythm
Review of LogRhythms security information and event management (SIEM) platform with new security intelligence features built in for compliance.
-
2014 Trends That Will Reshape Organizational Security by John Pescatore - April 22, 2014
- Associated Webcasts: The 2014 Security Trends Forecast: What Does 2014 Hold for Security and Its Impact on Business Professionals?
- Sponsored By: Cisco Systems Inc.
Information for security managers to facilitate focusing their investments on the areas that are mostly likely to impact their organizations and customers over the next several years.
-
Improving Security Management with Real-Time Queries by Dave Shackleford - April 2, 2014
- Associated Webcasts: The Value of On-Demand Endpoint Visibility
- Sponsored By: Intel Security
Product review McAfee Real Time Command with a focus on features and ease of use. Examination of its security-related features found the product to be surprisingly intuitive.
-
Breaches on the Rise in Control Systems: A SANS Survey by Matthew Luallen - April 1, 2014
- Associated Webcasts: SANS Survey on Control Systems Security
- Sponsored By: Qualys Cisco Systems Inc. Tenable Network Security Raytheon | Websense
Survey shows SCADA breaches on rise from 2013, and more targeted.
-
Risk, Loss and Security Spending in the Financial Sector: A SANS Survey by Mark Hardy - March 26, 2014
- Associated Webcasts: Risks, Threats and Preparedness: Part I of the SANS Financial Services Survey
- Sponsored By: ForeScout Technologies Cisco Systems Inc. Tenable Network Security Blue Coat Systems, Inc. Raytheon | Websense FireEye
Survey identified key areas in which financial service employees and endpoints were most at risk, with direct losses resulting from internal abuse, spearphishing and botnet infections.
-
DDoS Attacks Advancing and Enduring: A SANS Survey by John Pescatore - March 20, 2014
- Associated Webcasts: SANS Survey on Distributed Denial of Service
- Sponsored By: Corero
Survey on the state of DDoS readiness reveals more frequent and sophisticated DDoS attacks as well as lack of preparedness in many enterprises.
-
Finding Advanced Threats Before They Strike: A Review of Damballa Failsafe Advanced Threat Protection and Containment by Jerry Shenk - March 18, 2014
- Associated Webcasts: Finding Advanced Threats Before They Strike: Advanced Threat Protection and Containment
- Sponsored By: Damballa, Inc.
Review of Damballa Failsafe's ability to collect and analyze evidence and presents precise information about infected devices.
-
The Case for Endpoint Visibility by Jacob Williams - March 13, 2014
- Associated Webcasts: Visibility at the Endpoint: The SANS 2014 Survey of Endpoint Intelligence
- Sponsored By: Guidance Software
Information to help security professionals track trends in endpoint protection and identify how their organizations capabilities compare with the survey base.
-
Champagne SIEM on a Beer Budget by Jerry Shenk - March 12, 2014
- Associated Webcasts: Making Log and Event Management Easy for SMBs
- Sponsored By: SolarWinds
Review of SolarWinds' Log & Event Manager (LEM) ability to provide small-to-medium-size businesses the forensic intelligence, compliance and security information necessary to manage operations.
-
Server Security: A Reality Check by Jake Williams - March 11, 2014
- Associated Webcasts: Server Security: A Reality Check
- Sponsored By: Carbon Black
Why servers are still vulnerable despite layers of security in place today.
-
Health Care Cyberthreat Report: Widespread Compromises Detected, Compliance Nightmare on Horizon by Barbara Filkins - March 6, 2014
- Associated Webcasts: Exposing Malicious Threats to Health Care IT
- Sponsored By: Norse
The use of threat intelligence to improve the security of information systems in the health care industry.
-
Calculating Total Cost of Ownership on Intrusion Prevention Technology by J. Michael Butler, Dave Shackleford - February 17, 2014
- Sponsored By: Cisco Systems Inc.
Calculate the value of specific automation features in NGIPSes with which organizations can achieve savings in total cost of ownership TCO
-
Protecting Virtual Endpoints with McAfee Server Security Suite Essentials by Dave Shackleford - February 14, 2014
- Associated Webcasts: Security Without Scanning for Today's Hybrid Datacenter
- Sponsored By: Intel Security
A review of McAfees Server Security Suite Essentials that address some of the emerging challenges of securing virtual platforms and cloud environments.
-
Survey on Application Security Programs and Practices by Jim Bird, Frank Kim - February 12, 2014
- Associated Webcasts: Application Security Programs On the Rise, Skills Lacking: A SANS Survey
- Sponsored By: Qualys Hewlett Packard Veracode
Survey shows application security programs on the rise but skill are lacking.
-
Securing the Internet of Things Survey by John Pescatore - January 15, 2014
- Associated Webcasts: SANS Analyst Webcast: SANS Survey on Securing The Internet of Things
- Sponsored By: Codenomicon Norse
Survey reveals the risks introduced by an increasing array of "smart" things with wireless or Internet connections.
-
Database Activity Monitoring and Audit: A Review of Oracle Audit Vault and Database Firewall by Tanya Baccam - January 14, 2014
- Sponsored By: Oracle
Review of Oracle Audit Vault and Database Firewall (AVDF). A platform for organizations looking to increase security with enterprise wide database activity monitoring, auditing and reporting.
-
Industrial Control System (ICS) Cybersecurity Response to Physical Breaches of Unmanned Critical Infrastructure Sites by Scott D. Swartz and Michael J. Assante - January 1, 2014
- Sponsored By: Alert Enterprise
Physical break-ins and other unauthorized entries into unmanned critical infrastructure locations have historically been viewed only as traditional property crimes.
-
Fear and Loathing in BYOD by Joshua Wright - December 10, 2013
- Associated Webcasts: SANS Survey Results on BYOD Security Policies and Practices
- Sponsored By: Trusted Computing Group
Survey on mobile device security trends and techniques organizations are adopting to mitigate threats associated with mobile devices and BYOD.
-
Layered Security: Why It Works by Jerry Shenk - December 9, 2013
- Associated Webcasts: Layered Security: Why It Works
- Sponsored By: Symantec
How a layered approach to security provides better protection of your organizations IT assets.
-
Managing Threats and Compliance While Automating the CSCs: EiQ SecureVue Review by Jerry Shenk - November 11, 2013
- Associated Webcasts: Managing Threats and Compliance While Automating the CSCs: EiQ SecureVue Review
- Sponsored By: EiQnetworks
Product review of EiQ SecureVue - a solution to provide advanced log management and security information and event management (SIEM) capabilities for the SMB-sized organizations.
-
Finding Hidden Threats by Decrypting SSL by Michael Butler - November 8, 2013
- Associated Webcasts: Finding Hidden Threats by Decrypting SSL/TLS
- Sponsored By: Blue Coat Systems, Inc.
Paper describes the role of SSL, the role SSL decryption/inspection tools play in security, options for deploying inspection tools, and how the information generated by such inspection can be shared with other security monitoring systems.
-
Inaugural Health Care Survey by Barbara Filkins - October 30, 2013
- Associated Webcasts: The SANS Survey of IT Security in Health Care
- Sponsored By: Tenable Network Security Oracle Trend Micro Inc. Redspin
This survey reveals aspects of security in the health care arena from the perspective of IT security staffmanagers, analysts, and executives.
-
Not Your Father's IPS:SANS Survey on Network Security Results by Rob VandenBrink - October 29, 2013
- Associated Webcasts: Analyst Webcast: Not your Father's IPS: SANS Survey on Network Security Results
- Sponsored By: Hewlett Packard
Survey of security professionals on network security practices today, use of IPS, technical and management capacities, and how IPS will be integrated into overall security strategy for the future.
-
Securing Web Applications Made Simple and Scalable by Gregory Leonard - October 10, 2013
- Associated Webcasts: Securing Web Applications Made Simple and Scalable
- Sponsored By: Hewlett Packard
Evaluation of HP Fortify WebInspect 10.10, an application security testing (DAST) tool.
-
Correlating Event Data for Vulnerability Detection and Remediation by Jacob Williams - October 8, 2013
- Associated Webcasts: Correlating Real-Time Event Data with SIEM for Forensics and Incident Handling
- Sponsored By: Intel Security
Examination of how 2012 Saudi Aramco spearphishing attacks could have been thwarted with the help of a SIEM platform that combines the power of historical data with real-time data from network data sources and security policies.
-
Application Security: Tools for Getting Management Support and Funding by John Pescatore - October 4, 2013
- Associated Webcasts: John Pescatore Analyst Webcast - Actionable Tools for Convincing Management to Fund Application Security
- Sponsored By: WhiteHat Security
This paper provide tools and techniques that demonstrate the need for better application security and the appropriate level of investment.
-
SANS Security Analytics Survey by Dave Shackleford - October 1, 2013
- Associated Webcasts: SANS Analytics and Intelligence Survey Results Part I: The Risk Landscape
- Sponsored By: Guidance Software LogRhythm Hewlett Packard SolarWinds Hexis Cyber Solutions
Survey on next generation of security tools shows that market is in need of analytics and intelligence wrapped around the data that is being/can be collected in organizations.
-
Real-World Testing of Next-Generation Firewalls by Dr. Eric Cole - September 13, 2013
- Associated Webcasts: Testing Next Gen Firewalls
- Sponsored By: Fortinet, Inc. Ixia
Advice on what to expect from a next-generation firewall, features and business needs to consider, and a test methodology for IT and business professionals to use to enhance their investments in security through enhanced firewall capabilities.
-
Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm's Security Analytics Platform by Dave Shackleford - September 10, 2013
- Associated Webcasts: Under Pressure: Scaling Analytics to Meet Real-Time Threats
- Sponsored By: LogRhythm
Evaluation of LogRhythms real-time analytics capabilities.
-
How DDoS Detection and Mitigation Can Fight Advanced Targeted Attacks by John Pescatore - September 5, 2013
- Associated Webcasts: How to Fight the Real DDoS Threat
- Sponsored By: Arbor Networks
Exploration of how DDoS is used as part of advanced targeted attacks (ATAs) and description of how DDoS detection and prevention tools and techniques can also be used against ATAs.
-
Simplifying Cloud Access Without Sacrificing Corporate Control: A Review of McAfees Integrated Web and Identity Solutions by Dave Shackleford - August 21, 2013
- Associated Webcasts: Managing Identities in the Cloud Without Sacrificing Corporate Control: A Review of McAfee
- Sponsored By: Intel Security
Review of McAfee Web Gateway version 7.3, McAfee Cloud Single Sign On (CSSO) version 4.0 and McAfee One Time Password version 4.0, with Pledge Software Token (Pledge) version 2.0.
-
The SANS Survey of Digital Forensics and Incident Response by Paul Henry, Jacob Williams, and Benjamin Wright - July 18, 2013
- Associated Webcasts: Digital Forensics in Modern Times: A SANS Survey
- Sponsored By: Guidance Software FireEye Carbon Black Cellebrite
2013 Digital Forensics Survey to identify the nontraditional areas where digital forensics techniques are used.
-
The SANS 2013 Help Desk Security and Privacy Survey by Barbara Filkins - July 16, 2013
- Sponsored By: RSA
Survey/report will serve as a starting point to promote awareness and help bridge the educational gap between what a help desk is and what a secure help desk should be.
-
Network and Endpoint Security "Get Hitched" for Better Visibility and Response by Jerry Shenk - July 10, 2013
- Associated Webcasts: Network and Endpoint Security "Get Hitched" for Better Visibility and Response
- Sponsored By: Carbon Black
How endpoint visibility, coordinated with network intelligence, can help identify threats not discovered by other means, determine the level of threat, recognize previously unknown threats and follow up with more accurate information for regulators and investigators.
-
SANS 2013 Critical Security Controls Survey: Moving From Awareness to Action by John Pescatore - June 25, 2013
- Sponsored By: Tenable Network Security Symantec EiQnetworks FireEye IBM
Survey to determine how well the CSCs are known in government and private industry, how they are being used and what can we learn from CSC implementations to date.
-
Implementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age by Gal Shpantzer - June 18, 2013
- Associated Webcasts: Implementing Hardware Roots of Trust
- Sponsored By: Trusted Computing Group
Discussion of trends that are driving adoption of TPM, with advice on how to take advantage of this increasingly commonplace technology without disrupting your security infrastructure.
-
Reducing Risk Through Prevention: Implementing Critical Security Controls 1-4 by James Tarala - June 12, 2013
- Associated Webcasts: Leveraging the First Four Critical Security Controls for Holistic Improvements
- Sponsored By: Tripwire, Inc.
Examination of actual threats facing organizations today, methods dedicated attackers use to compromise systems using the intrusion kill chain as a model and specific defenses organizations can use to mitigate threat.
-
Need for Speed: Streamlining Response and Reaction to Attacks by Michael Butler - June 7, 2013
- Sponsored By: Intel Security
Exploration of how to correlate information from disparately managed systems and bring visibility to their behavior with accurate, actionable reporting in as near-real time as possible.
-
2013 SANS Mobile Application Security Survey by Kevin Johnson, James Jardine - June 6, 2013
- Sponsored By: SAP Global Marketing Veracode Box
Survey to assess organizational awareness and the procedures around mobile application risk.
-
Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2 by Dave Shackleford - May 22, 2013
- Associated Webcasts: Advanced Intelligence in Action: Review of McAfee Enterprise Security Manager 9.2
Review of McAfees Enterprise Security Manager (ESM) 9.2 with focus on fundamental SIEM features and capabilities to meet business demand for security and threat intelligence.
-
Your Pad or Mine? Enabling Secure Personal and Mobile Device Use On Your Network by Mark Kadrich - May 7, 2013
- Sponsored By: ForeScout Technologies
This paper discusses policies and approaches for using NAC to support guest networking and BYOD to complement and enable other mobile security controls such as Mobile Device Management (MDM).
-
The Critical Security Controls: What's NAC Got to Do with IT? by Mark Hardy - May 3, 2013
- Associated Webcasts: NAC Applied to the Critical Security Controls
- Sponsored By: ForeScout Technologies
This paper reveals what NAC can do today, how it stacks up to many of the CSCs and what strategies are needed for successfully leveraging NAC to reduce risk, improve compliance and meet the key automation and integration requisites cited in the controls.
-
Next-Generation Datacenters = Next-Generation Security by Dave Shackleford - May 1, 2013
- Associated Webcasts: Datacenter Virtualization from a Security Perspective
- Sponsored By: Intel Security
Whitepaper breaks down the foundations of a virtual infrastructure, examines pros and cons of security tools and controls available for risk layers, present the pros and cons of different approaches, and looks at new technology to implement protection models in virtual and cloud-based data centers.
-
Implementing the Critical Security Controls by Jim Hietala - March 26, 2013
- Associated Webcasts: Secure Configuration in Action (and How to Apply It)
- Sponsored By: Tripwire, Inc.
This paper serves as a how-to for organizations in various stages of implementing the controls with real-world examples of CSC adoption.
-
Results of the SANS SCADA Security Survey by Matthew Luallen - February 20, 2013
- Associated Webcasts: Results of the SANS SCADA Security Survey
- Sponsored By: Splunk ABB Industrial Defender
In-depth survey of SCADA system operators to determine their risk awareness and security practices.
-
Security Intelligence in Action: A Review of LogRhythm's SIEM 2.0 Big Data Security Analytics Platform by Dave Shackleford - December 12, 2012
- Sponsored By: LogRhythm
Review of LogRhythm's SIEM 2.0 Big Data Security Analytics Platform -- the fundamental capabilities and the innovative new features.
-
SANS Survey on Application Security Programs and Practices by Jim Bird, Frank Kim - December 6, 2012
- Sponsored By: Qualys WhiteHat Security NT Objectives, Inc Veracode
Application security survey to understanding what works in appsec and why.
-
What Is Your Mobile Content Policy? A Checklist for Content Risk Mitigation by Barbara Filkins - November 3, 2012
- Sponsored By: SAP Global Marketing
Content management policies must adapt to the mobile user and the cloud, provide protection to information being accessed and processed, look at the context in which it is used and validate compliance.
-
SANS Institute Product Review: Self-Service Provisioning Made Simple: A Review of Oracle Identity Manager 11g R2 by Dave Shackleford - October 22, 2012
- Sponsored By: Oracle
Review of Oracle Identity Manager (OIM) 11g R2, an enterprise IAM product that offers end users a personalized experience through a friendly interface, while managing workflow approvals and executing changes at both the user and administrator levels.
-
SANS Survey on Mobility/BYOD Security Policies and Practices by Kevin Johnson, Tony DeLaGrange - October 15, 2012
- Sponsored By: Intel Security F5 Networks, Inc. Oracle RSA MobileIron Box
Survey to determine the level of policy and controls around emerging threats against mobile devices.
-
Beyond Continuous Monitoring: Threat Modeling for Real-time Response by Mark Hardy - October 13, 2012
- Sponsored By: SecurityCoverage
Threat modeling, through timely and accurate inputs, can be used by enterprises to mitigate and defeat attack scenarios before they fully unfold.
-
Own Your Network with Continuous Monitoring by Jerry Shenk - September 10, 2012
- Sponsored By: Tripwire, Inc.
A look at what continuous monitoring is and how organizations can devise a solution that works for them.
-
Securing Data Center Servers: A Review of McAfee Data Center Security Suite Products by Jim Hietala - August 18, 2012
- Sponsored By: Intel Security
This paper explores threats to data center servers, along with key security controls required to electively protect them, and reviews how the McAfee portfolio of server products aligns with these controls.
-
Secure Configuration Management Demystified by Dave Shackleford - August 2, 2012
- Sponsored By: Tripwire, Inc.
Paper shows how to use secure configuration concepts to reduce the overall attack surface, bring better coordination among groups within IT and elsewhere, and ultimately reduce the risk to your business by continuously improving the IT environment.
-
When Breaches Happen: Top Five Questions to Prepare For by Dave Shackleford - June 17, 2012
- Sponsored By: Solera Networks
This paper explores how to create processes to sort through data in the event of a breach that enable IT security and operations teams to respond immediately with actionable information.
-
Streamline Risk Management by Automating the SANS 20 Critical Security Controls by James Tarala - June 12, 2012
- Sponsored By: FireEye
Practical considerations for automating the 20 Critical Security Controls to create a more defensible network against these increasingly automated, persistent attacks.
-
SANS Eighth Annual 2012 Log and Event Management Survey Results: Sorting Through the Noise by Jerry Shenk - May 9, 2012
- Sponsored By: HPE Tripwire, Inc. LogLogic, Inc. LogRhythm TrustWave Corporation Splunk
SANS Eighth Annual Log and Event Management Survey highlights inability of many organizations to separate normal log data from actionable events
-
Reducing Federal Systems Risk with the SANS 20 Critical Controls by G. Mark Hardy - April 22, 2012
- Sponsored By: Tripwire, Inc. Patriot Technologies
The 20CSCs: are they a better approach than the ten-year-old FISMA? And how will adoption ultimately enhance security and operations overall?
-
SANS Institute Product Review: Demystifying External Authorization: Oracle Entitlements Server Product Review by Tanya Baccam - April 20, 2012
- Sponsored By: Oracle
Product review of Oracle Entitlements Server (OES) -- a solution that provides flexibility in access control allowing for dynamic changes, understands multiple systems and applies complex rules in a flexible manner.
-
SANS Mobility/BYOD Security Survey by Kevin Johnson - March 5, 2012
- Sponsored By: Bradford Networks HP Enterprise Security MobileIron
Survey determines the type of mobile device usage allowed for enterprise applications and the level of policies and controls applied to this type of usage.
-
Oracle Audit Vault by Tanya Baccam - March 4, 2012
- Sponsored By: Oracle
Review of Oracle Audit Vault, which provides database log centralization, management, alerting and reporting across multiple databases.
-
Privileged Password Sharing: "root" of All Evil by J. Michael Butler - February 12, 2012
- Sponsored By: Quest Software
This paper addresses the issue of managing privileged accounts and offers advice on how to move toward better centralization of privileged account management.
-
NetIQ Sentinel 7 Review by Jerry Shenk - January 28, 2012
- Sponsored By: NetIQ
A functional review of the latest NetIQ offering in the SEIM space that effectively addresses issues organizations are having with log collection and management.
-
Needle in a Haystack? Getting to Attribution in Control Systems by Matthew E. Luallen - January 17, 2012
- Sponsored By: Tripwire, Inc. LogRhythm Splunk
In control system protection, mechanisms for achieving attack attribution must be implemented across physical, cyber and operational controls using additional tools.
-
Oracle Data Masking by Tanya Baccam - January 4, 2012
- Sponsored By: Oracle
This review of Oracle Data Masking, investigates the process of implementing and using data masking to mask specific confidential data types within Oracle Database 11g.
-
Oracle Advanced Security by Tanya Baccam - December 9, 2011
- Sponsored By: Oracle
Review of Oracle Advanced Security encryption covers important product capabilities including network encryption for data in flight and Transparent Data Encryption (TDE) for data at rest.
-
Critical Control System Vulnerabilities Demonstrated - And What to Do About Them by Matthew E. Luallen - November 29, 2011
- Sponsored By: NitroSecurity
A study of four common infrastructures (agriculture and food, transportation, water and wastewater, and physical facilities) demonstrates what vulnerabilities could be found in specific control systems and how they might be exploited and protected.
-
APT Dot Gov: Protecting Federal Systems from Advanced Threats by G. Mark Hardy - October 31, 2011
- Sponsored By: F5 Networks, Inc.
This paper describes advanced threats against federal and other governmental systems and provides advice on how to identify and protect the data at risk.
-
Adding Enterprise Access Management to Identity Management by J. Michael Butler - October 4, 2011
- Sponsored By: FoxT
This paper discusses the difference between IDM and EAM and explains how these two enterprise functions can work together for better control of access to operating systems, applications and related data.
-
Integrating Security into Development, No Pain Required by Dave Shackleford - September 20, 2011
- Sponsored By: IBM
This paper looks at software development from both the security and development perspectives, and then evaluates what tools and techniques can help integrate security into development cycles without slowing down the process or creating too much overhead.
-
Cloudy with a Chance of Better Health Care: Security and Compliance Fundamentals for Protecting e-Health Data by Barbara Filkins - September 6, 2011
- Sponsored By: ArcSight, an HP Company Ping Identity, Inc.
This paper explores challenges and considerations for the use of cloud computing in health care, paying particular attention to security and compliance issues related to cloud computing.
-
SANS Institute Review: Oracle Database Vault by Tanya Baccam - August 27, 2011
- Sponsored By: Oracle
Review of Oracle Database Vault with Oracle Database Enterprise Edition 11g Release 2demonstrates strong performance, while making it easy to add, change and modify rules and groups. as well as gain visibility into user activity through a variety of audit and compliance reports available through the Oracle Database Vault application.
-
Optimized Network Monitoring for Real-World Threats by Dave Shackleford - July 1, 2011
- Sponsored By: VSS Monitoring, Inc.
This paper explores current threats todays networks face that impact monitoring capabilities, the types of gaps that exist in many current monitoring architectures, and ways that network and security monitoring can be improved through advances in traffic capture and delivery technologies such as intelligent distributed taps.
-
Security of Applications: It Takes a Village by Dave Shackleford - June 20, 2011
- Sponsored By: Adobe Systems Inc.
This paper discusses the role of vendors and consumers in protecting against client-side application attacks.
-
Continuous Monitoring: What It Is, Why It Is Needed, and How to Use It by E. Eugene Schultz, Ph.D. - June 17, 2011
- Sponsored By: Tripwire, Inc.
A review of continuous monitoring as defined by the NIST 800-137 guidelines.
-
Network Security: Theory Versus Practice by James Tarala - May 6, 2011
- Sponsored By: BreakingPoint
Survey makes it clear that network security personnel are not consistent about validating the resiliency performance, security, and stability of the devices and systems that go into their network and data center infrastructures.
-
SANS Seventh Annual Log Management Survey Report by Jerry Shenk - April 30, 2011
- Sponsored By: LogLogic, Inc. ArcSight, an HP Company LogRhythm Splunk Trustwave
This annual survey has consistently identified areas in which organizations are focusing their log management initiatives and continues to provide a roadmap to the industry for future improvement.
-
Extending Role Based Access Control by J. Michael Butler - April 29, 2011
- Sponsored By: FoxT
This paper discusses advantages and disadvantages of RBAC, along with options to consider when planning to extend RBAC to allow for centralization and standardization in a heterogeneous environment of multiple, diverse operating systems.
-
Implementing the 20 Critical Controls with Security Information and Event Management (SIEM) Systems by James Tarala - April 5, 2011
- Sponsored By: ArcSight, an HP Company
This paper examines the top 20 controls, with advice on how to get started and an explanation of how SIEM systems can provide a central role in implementing the 20 critical controls effectively.
-
Managing Insiders in Utility Control Environments by Matthew E. Luallen - March 17, 2011
- Sponsored By: ArcSight, an HP Company Waterfall Security Industrial Defender
This paper discusses techniques attackers use to exploit missing insider controls and offers a cohesive set of cyber, operational and physical controls to manage a range of user access types for better security and compliance in utility control environments.
-
A Real-Time Approach to Continuous Monitoring by James Tarala - February 12, 2011
- Sponsored By: Splunk NetWitness
The paper identifies the components of a comprehensive CM program and how organizations can use this approach to decrease risk and improve efficiency.
-
Compliance and Security Challenges with Remote Administration by Dave Shackleford - January 3, 2011
- Sponsored By: Netop
This paper focuses on remote administration of systems with regulated data falling under the Payment Card Industry Data Security Standard (PCI DSS).
-
Building a Better Bunker: Securing Energy Control Systems Against Terrorists and Cyberwarriors by Jonathan Pollet - December 9, 2010
- Sponsored By: Intel Security NitroSecurity
This paper, the second in the series, explains the advanced persistent threats being aimed at SCADA and utility control systems, followed by advanced measures to take against these threats.
-
Enabling Social Networking Applications for Enterprise Usage by Eric Cole, PhD - December 1, 2010
- Sponsored By: Palo Alto Networks
Businesses must define a secure social networking policy and educate employees about the risks associated with using social networking sites.
-
PCI 2.0: What's New? What Matters? What's Left? by Dave Hoelzer - November 12, 2010
- Sponsored By: Dell SecureWorks
This paper discusses whats new and what still needs more attention in the PCI DSS 2.0 standard, including gaps in storage encryption, wireless networking, and physical security that carry over from version 1.2.
-
How to Choose a Qualified Security Assessor by Dave Shackleford - November 9, 2010
- Sponsored By: Dell SecureWorks
An overview of new guidance for Qualified Security Assessors as a result of the new Payment Card Industry Data Security Standard (PCI DSS v2.0).
-
Cloud Security and Compliance: A Primer by Dave Shackleford - August 6, 2010
- Sponsored By: Intel Security Catbird
A quick guide to cloud computing that address areas of mobility and multi-tenancy, identity and access management, data protection and incident response and assessment.
-
McAfee Total Protection for Server Review by Dave Shackleford - June 17, 2010
- Sponsored By: Intel Security
This paper is a review of the type of security and compliance coverage McAfee Total Protection for Server provides for server endpoints.
-
SANS Log Management Survey: Mid-Sized Businesses Respond by Jerry Shenk - June 5, 2010
- Sponsored By: RSA
Annual log management survey on how organizations collect and use their logs; what they arent currently using their log for but would like to; what they see as the biggest problems; and the impact Log Management issues have on small- and mid-sized businesses.
-
A Guide to Virtualization Hardening Guides by Dave Shackleford - May 20, 2010
- Sponsored By: VMWare, Inc
A guide to the virtualization hardening guides that includes key configuration and system security settings for VMware ESX and vSphere/Virtual Infrastructure with key control areas organizations need to consider.
-
Keys to the Kingdom: Monitoring Privileged User Actions for Security and Compliance by Dave Shackleford - May 2, 2010
- Sponsored By: LogRhythm
This paper explores some of the types of insider threat organizations face today and discusses monitoring and managing privileged user actions and the role this level of monitoring plays in today's compliance reporting efforts.
-
Oracle Database Security: What to Look for and Where to Secure by Tanya Baccam - April 10, 2010
- Sponsored By: Oracle
This paper discusses four risk management basics that must be addressed to protect databases and their sensitive data.
-
Transparent Data Encryption: New Technologies and Best Practices for Database Encryption by Tanya Baccam - April 7, 2010
- Sponsored By: Oracle
A look at the basics of encryption with a discussion the pros and cons of leading encryption architectures available today.
-
SANS Sixth Annual Log Management Survey Report by Jerry Shenk - April 1, 2010
- Sponsored By: LogLogic, Inc. netForensics, Inc. ArcSight, an HP Company RSA TrustWave Corporation Novell
Results of the annual log management survey.
-
Managing Operating System (OS) Lock Down by Dave Shackleford - March 17, 2010
- Sponsored By: Trusted Computing Group
Review of a tool specific to OS lock down from Trusted Computer Solutions (TCS) called Security Blanket, which automates OS configuration for a wide variety of UNIX and Linux platforms.
-
Calculating TCO on Intrusion Prevention Technology by Eugene E. Schultz, Ph.D. - March 7, 2010
- Sponsored By: Cisco Systems Inc.
This paper attempts to calculate the value of specific automation features in advanced IPSs with which organizations can achieve savings in total cost of ownership (TCO).
-
Smart Strategies for Securing Extranet Access by Dave Shackleford - March 1, 2010
- Sponsored By: Oracle
This paper discusses how to use risk-based authentication and entitlement management to enforce authentication security and achieve granular authorization using centralized role-based policies.
-
Sentinel Log Manager Review by Jerry Shenk - January 5, 2010
- Sponsored By: Novell
This paper is a review of the stand-alone Sentinel Log Manager and how it stands up to key concerns that survey respondents raised about log managers, including collection, storage and searching/reporting capabilities.
-
New Tools on the Bot War Front by Jerry Shenk - December 12, 2009
- Sponsored By: FireEye
This paper discusses the bot problem and its impact on enterprises, followed by a review of how FireEye's 4200 appliance catches bot installers and bot traffic on the network.
-
Making Database Security an IT Security Priority by Tanya Baccam - November 11, 2009
- Sponsored By: Oracle
A discussion of security strategy and the key controls that should be considered to database security and protection of an organizations information assets.
-
Securing a Smarter Grid: Risk Management in Power Utility Networks by Matthew E. Luallen - October 17, 2009
- Sponsored By: NitroSecurity
This paper will address the security issues facing smarter grid operators and will provide policy advice points.
-
Application Whitelisting: Enhancing Host Security by Dave Shackleford - October 7, 2009
- Sponsored By: Intel Security
Whitelisting provides a lighter means to protect end points, is useful for securing legacy applications and systems, as well as embedded systems and kiosks, and a helpful addition for any robust end point security plan.
-
IT Audit for the Virtual Environment by J. Michael Butler, Rob Vandenbrink - September 6, 2009
- Sponsored By: VMWare, Inc
This paper will help IT managers and auditors come together and understand the virtualization process and the new risk and audit areas this technology presents.
-
Top Virtualization Security Mistakes (and How to Avoid Them) by Jim D. Hietala - August 9, 2009
- Sponsored By: Intel Security Catbird
This paper explores practical security issues that can arise when virtualization technologies are deployed without proper planning and controls and offers advice on how to avoid making mistakes in critical areas of deployment and management.
-
Data Protection Requirements by Barbara Filkins - July 20, 2009
- Sponsored By: Intel Security
An interactive Data Protection Requirements Worksheet to map business needs against technological challenges.
-
Data Protection Requirements Checklist by Barbara Filkins - July 10, 2009
- Sponsored By: Intel Security
A Prospective Vendor Checklist will help organizations map business needs and procure technical solutions.
-
SANS Review: McAfee's Total Protection for Data by Dave Shackleford - June 2, 2009
- Sponsored By: Intel Security
McAfees Data Protection suite, Total Protection for Data, allows several data protection tools to work in tandem.
-
SANS Annual 2009 Log Management Survey by Jerry Shenk - April 17, 2009
- Sponsored By: LogLogic, Inc. ArcSight, an HP Company Intellitactics, Inc.
Annual log management survey shows companies far more successful collecting log data, but indicate concerns around normalization, indexing and access, creating reports and log management lifecycle.
-
Benchmarking Security Information Event Management (SIEM) by J. Michael Butler - February 12, 2009
- Sponsored By: NitroSecurity
SIEM is benchmarked by setting one baseline environment with equations for organizations to extrapolate benchmark requirements.
-
ArcSight Logger Review by Jerry Shenk - January 1, 2009
- Sponsored By: ArcSight, an HP Company
ArcSight Logger 7100 v.3.0 can help organizations get valuable usage from log collection.
-
Real-Time Adaptive Security by Dave Shackleford - December 17, 2008
- Sponsored By: Cisco Systems Inc.
With security actions based on context, intrusion systems can adapt to real-time threats like these while giving visibility into what to investigate, where to investigate, and even take or recommend action based on preset rules.
-
Log Management in the Cloud: A Comparison of In-House versus Cloud-Based Management of Log Data by Jerry Shenk - October 28, 2008
- Sponsored By: Alert Logic, Inc.
Organizations have many questions to consider regarding business needs before switching to log management in-the-cloud (otherwise known as Software as a Service or SaaS.
-
Monitoring Security and Performance on Converged Traffic Networks by Dave Shackleford - April 23, 2008
- Sponsored By: NIKSUN
For security teams to be effective within todays converged networks, network performance and security monitoring need to converge as well.
-
Leveraging Event and Log Data for Security and Compliance by Dave Shackleford - April 20, 2008
- Sponsored By: Intellitactics, Inc.
This paper explores steps for using compliance to improve security incrementally over time, giving auditors and security teams alike more current and relevant event data to assess and act upon.
-
Data Leakage Landscape: Where Data Leaks and How Next Generation Tools Apply by Barbara Filkins, Deb Radcliff - April 19, 2008
- Sponsored By: Trend Micro Inc. Utimaco
This paper maps data leakage points with regulations and best practices and tools to protect critical data.
-
The SANS Database Audit and Compliance Survey by Barbara Filkins - February 9, 2008
- Sponsored By: Lumigent Technologies
The 2007 Database Audit and Compliance survey demonstrates need for methods and tools to monitor compliance with regulations and protect sensitive information in databases.
-
Regulations and Standards: Where Encryption Applies by Dave Shackleford - November 17, 2007
- Sponsored By: Utimaco
This paper describes the types of data under protection regulation and basic best practices for implementing appropriate encryption technologies.
-
Hardware Versus Software: A Usability Comparison of Software-Based Encryption with Seagate Secure Hardware-Based Encryption by Jim D. Hietala - September 10, 2007
- Sponsored By: Seagate Technology
This paper explores the factors driving adoption of encryption in laptop and desktop systems and then compares two different approaches to providing encryption, software-based and hardware-based.
-
NetDetector/NetVCR 2005 Traffic Analyzer by Jerry Shenk - August 5, 2007
- Sponsored By: NIKSUN
NIKSUN NetDetector/NetVCR 2005 collects all types of data and offers a different approach to storing and making event and traffic data accessible.
-
Encryption Procurement: Setting a Standard by Stephen Northcutt, Barbara Filkins - June 6, 2007
- Sponsored By: Utimaco
Information and checklist to help organizations develop an RFP for enterprise encryption.
-
The SANS 2007 Log Management Market Report by Jerry Shenk - June 5, 2007
- Sponsored By: LogLogic, Inc.
An analysis of survey data to unlock how log data is being used successfully, key problems holding enterprises back from log management, what is needed from vendor community and how vendors are working to resolve issues.
-
Penetration Testing: Assessing Your Overall Security Before Attackers Do by Stephen Northcutt, Jerry Shenk, Dave Shackleford, Tim Rosenberg, Raul Sile, Steve Mancini - November 17, 2006
- Sponsored By: Core Security Technologies
CORE IMPACT provides a stable, quality-assured testing tool that can be used to accurately assess systems by penetrating existing vulnerabilities.
-
Building the Business Case for Log Management Intelligence (LMI) - November 2006 by Steve Mancini, Jerry Shenk - November 6, 2006
- Sponsored By: LogLogic, Inc.
An outline of key business drivers for deploying an Log Management Intelligence (LMI) solution.
-
The Log Management Industry: An Untapped Market by Stephen Northcutt, Jerry Shenk, Dave Shackleford - June 1, 2006
- Sponsored By: LogLogic, Inc.
The Log Management market has increased dramatically because advantages of log management extend well beyond security to health monitoring forensics, regulatory compliance and marketing.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
Masters - This paper was created by a SANS Technology Institute student as part of their Master's curriculum.
