SANS Institute: Reading Room

Analyst Papers

Featuring 379 Papers as of October 15, 2019

To download the Analyst Papers, you must be a member of the SANS.org Community. Upon joining the community, you will have unlimited access to Analyst Papers and all associated webcasts, including the ondemand version where you can download the slides.

How to Effectively Use Segmentation and Microsegmentation by Dave Shackleford - October 15, 2019
- Associated Webcasts: How to Effectively Use Segmentation and Microsegmentation
- Sponsored By: VMWare, Inc
In recent years, software-defined networking (SDN) has emerged as a significant technology to help improve network visibility, packet analysis and security functions. Unfortunately, not all segmentation models are equal when it comes to security. This whitepaper covers several different models of SDN and microsegmentation, and explores situations where security shortcomings are possible. Learn how to test your SDN platform to determine whether it can provide full coverage in detecting and preventing significant security incidents.
Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome by Chris Dale - October 2, 2019
- Associated Webcasts: Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome
- Sponsored By: Core Security Technologies
- Login
- Join SANS.org
ExtraHop Reveal(x) Expands Attack Investigations to Cover All Vectors by Dave Shackleford - September 30, 2019
- Associated Webcasts: ExtraHop Reveal(x) Expands Attack Investigations to Cover All Vectors
- Sponsored By: ExtraHop
- Login
- Join SANS.org
JumpStart Guide to Application Security in Amazon Web Services by Nathan Getty - September 27, 2019
- Associated Webcasts: Jumpstart Guide to Application Security in the Cloud
- Sponsored By: Fortinet, Inc. AWS Marketplace
This paper seeks to give you a better idea of what your organization needs to successfully plan and execute a secure application transition to, or deployment in, an AWS environment. Learn how security teams can best support application development teams, what options you have as a security professional for this support, and how best to guide your development teams as they transition workflows to AWS.
How to Build a Threat Detection Strategy in Amazon Web Services (AWS) by David Szili - September 10, 2019
- Associated Webcasts: How to Build a Threat Detection Strategy in AWS
- Sponsored By: AWS Marketplace
Threat detection and continuous security monitoring in the cloud must integrate traditional on-premises system monitoring with the cloud network infrastructure and cloud management plane. A successful, cloud-based threat detection strategy will collect data from systems, networks and the cloud environment in a central platform for analysis and alerting. This paper describes how to build a threat detection strategy that automates common tasks like data collection and analysis.
Success Patterns for Supply Chain Security by John Pescatore - September 9, 2019
- Associated Webcasts: Success Patterns for Supply Chain Security
- Sponsored By: Panorays Interos
Many CISOs report that supply chain security is one of their top challenges. Supply chain attacks are on the rise, and the high financial impact of these attacks has increased CEO, board of director, and regulatory/auditor attention to supply chain security. In this whitepaper, John Pescatore, SANS Director of Emerging Security Trends, provides recommendations and guidance in addressing these concerns.
Elevating Enterprise Security with Fidelis Cybersecurity: Endpoint Security Capabilities by Matt Bromiley - September 5, 2019
- Associated Webcasts: Elevating Enterprise Security with Fidelis Cybersecurity: Endpoint Security Capabilities
- Sponsored By: Fidelis Cybersecurity
In this final part of a two-part review, Matt Bromiley continues his review of the Fidelis Elevate platform, shifting focus to endpoint security. He examines how Fidelis Endpoint provides endpoint insight and response, highlighting capabilities such as behavioral monitoring and detections, enterprisewide threat hunting, and response automation, as well as ease of integration with Fidelis Elevate to bring networks and endpoints together. With this kind of holistic visibility, the job of securing modern enterprises becomes significantly easier and more achievable.
Elevating Enterprise Security with Fidelis Cybersecurity: Network and Deception by Matt Bromiley - September 5, 2019
- Associated Webcasts: Elevating Enterprise Security with Fidelis Cybersecurity: Network and Deception
- Sponsored By: Fidelis Cybersecurity
Security teams cannot defend complex networks without holistic, correlative insight into the environment. In this first part of a two-part review, Matt Bromiley reviews the Fidelis Elevate platform, with respect to its ability to provide insight into network traffic, threats and deception. Not only does the Fidelis platform allow for holistic visibility, but it also makes it easy for organizations to move toward threat hunting, shortening their time to detect and uncover intrusions.
JumpStart Guide for SIEM in AWS by J. Michael Butler - August 20, 2019
- Associated Webcasts: JumpStart Guide for Security Information and Event Management (SIEM) in AWS
- Sponsored By: Optiv AWS Marketplace
This paper explores the needs, implementation options, capabilities, and various considerations for organizations looking to implement SIEM/SOAR capabilities in Amazon Web Services (AWS). The paper compares the integration of SIEM and SOAR in the cloud environment to on-premises use. Suggestions for planning SIEM and SOAR integration into an AWS cloud environment also included.
Effectively Addressing Advanced Threats by Matt Bromiley - August 19, 2019
- Sponsored By: IBM Security
As security professionals well know, the wave of advanced threats never stops, and organizations are increasingly challenged in dealing with the onslaught. But not all threats are created equal. How do you identify the most critical and deal with those? In this survey, we asked the security community to share what advanced threats their organizations are facing and how they're allocating resources and technology.
Register now for the associated webcast at 1 p.m. Eastern on Wednesday September 25, 2019: https://register.gotowebinar.com/register/6150616769136423937
Better Security Using the People You Have by Matt Bromiley - August 13, 2019
- Associated Webcasts: Stop Letting Security Fail. Identify the True Problem
- Sponsored By: Endgame
Is your organization making optimal use of technology and processes to support the people you currently have? Because, if not, there is more work to do-and it doesn't involve hiring more people. This paper looks at the people, process and technology trifecta to identify weak points in your security. Compensate for deficiencies, maximize the resources you have, and prepare for future security threats. Get tips on how to empower your employees and help them grow their skills relative to the sophistication of today's security challenges.
Device Visibility and Control: Streamlining IT and OT Security with Forescout by Don Murdoch - August 12, 2019
- Associated Webcasts: Visibility for Incident Response: A Review of Forescout 8.1
- Sponsored By: Forescout Technologies BV
Forescout's latest iteration of its eponymous platform builds on the product's long-standing reputation for handling network admission controls, and adds multifaceted IT/OT network device visibility and control. In this review, SANS analyst and instructor Don Murdoch delves deep into how Forescout can help organizations gain greater visibility into the devices on the network, through device discovery, auto classification, risk assessment and automating security controls.
SANS 2019 Incident Response (IR) Survey: It's Time for a Change by Matt Bromiley - July 31, 2019
- Associated Webcasts: Integrated Incident Response: A SANS Survey Integrated Incident Response: A Panel Discussion about the SANS 2019 IR Survey
- Sponsored By: OpenText Inc. Unisys InfoBlox DomainTools DFLabs Swimlane ExtraHop King & Union
The 2019 SANS Incident Response (IR) survey provides insight into the integration of IR capabilities to identify weak spots and best practices for improving IR functions and capabilities. In this survey paper, senior SANS instructor and IR expert Matt Bromiley explores what types of data, tools and information are key to investigations of an incident; the state of budget and staffing for IR; maturity of IR processes; impediments to IR implementations and plans for improvement; and more. The report also includes actionable advice for improving organizational IR practices.
How to Protect Enterprise Systems with Cloud-Based Firewalls by Kevin Garvey - July 26, 2019
- Associated Webcasts: How to Protect Enterprise Systems with Cloud-Based Firewalls
- Sponsored By: AWS Marketplace
Deploying WAFs and firewalls in the cloud saves security teams valuable time as they rely on the cloud to automate many tasks. This paper identifies key considerations in using cloud-based firewalls to protect your enterprise, including network logging, IDS/IPS, authentication and inspection. This paper also covers advanced firewalls features like behavioral threat detection, next-gen analytics and customized rules. A comprehensive use case serves as an essential how-to for making it all work.
JumpStart Guide for Cloud-Based Firewalls in AWS by Brian Russell - July 24, 2019
- Associated Webcasts: JumpStart Guide to Cloud-Based Firewalls in AWS
- Sponsored By: Optiv AWS Marketplace
This guide examines options for implementing firewalls within the Amazon Web Services (AWS) Cloud. It examines the needs and capabilities associated with today�s firewall and threat prevention services and details general, technical and operational considerations when choosing these products. The guide concludes by examining AWS-specific considerations and recommending a plan of action for organizations considering the purchase of cloud-based firewalls.
Bye Bye Passwords: New Ways to Authenticate by Matt Bromiley - July 23, 2019
- Sponsored By: Microsoft
The "passwordless movement" is upon us! This paper addresses ways to change password handling and implement more secure authentication It examines the problem of passwords and password mismanagement, and provides tips and suggestions for increasing your organization's account security using modern industry standards.
Are Your Security Controls Yesterday�s News? by Matt Bromiley - July 18, 2019
- Sponsored By: Cymulate
This spotlight paper, one of a two-part series, looks at just how successful an organization can expect to be if it's using old news, limited scope or "cookie-cutter" vulnerability scans as a way to assess its environment. SANS believes security control testing needs to improve significantly to emulate actual--not hypothetical--threats to an organization.
The second spotlight (coming in October 2019) will focus on the input SANS received from a recent poll that gathered opinions from the SANS community on this topic.
Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey by Chris Crowley and John Pescatore - July 9, 2019
- Associated Webcasts: Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey Common and Best Practices for Security Operations Centers: Panel Discussion
- Sponsored By: Anomali ThreatConnect CYBERBIT Commercial Solutions Siemplify DFLabs ExtraHop BTB Security cyberproof
In this survey, senior SANS instructor and course author Christopher Crowley, along with advisor and SANS director of emerging technologies John Pescatore, provide objective data to security leaders who are looking to establish a SOC or optimize an existing one. This report captures common and best practices, provides defendable metrics that can be used to justify SOC resources to management, and highlights the key areas that SOC managers should prioritize to increase the effectiveness and efficiency of security operations.
Why Traditional EDR Is Not Working - and What to Do About It by Jake Williams - June 27, 2019
- Associated Webcasts: Why Traditional EDR Is Not Working--and What to Do About It
- Sponsored By: Mcafee LLC
EDR, or endpoint detection and response, promises to revolutionize the way security analysts neutralize attacks. Unfortunately, EDR has not always lived up to the promised hype. This paper examines the challenges of traditional EDR platforms, and suggests what you can do to overcome them for effective EDR implementation. Paper includes a checklist of considerations for selecting and deploying an EDR platform.
How to Build an Endpoint Security Strategy in AWS by Thomas J. Banasik - June 27, 2019
- Associated Webcasts: How to Build an Endpoint Security Strategy in AWS
- Sponsored By: AWS Marketplace
Endpoint security is the cornerstone of any successful cloud migration. This paper details how to build an endpoint security strategy that uses a defense-in-depth architecture to protect cloud assets, as well as implement key endpoint security capabilities such as EDR, UEBA and DLP solutions. It also explains synchronization with AWS services for a comprehensive view that increases visibility when combatting threats.
Building and Maturing Your Threat Hunting Program by David Szili - June 24, 2019
- Associated Webcasts: Building and Maturing Your Threat Hunt Program
- Sponsored By: Cisco Systems
Building an effective threat hunting program can be daunting. This paper addresses how to get started and covers building a team, what a typical hunt might look like and constructing a knowledge base for later use. It also covers how to create a test lab and use effective metrics.
JumpStart Guide for Endpoint Security in AWS by David Hazar - June 19, 2019
- Associated Webcasts: JumpStart Guide for Endpoint Security in AWS
- Sponsored By: Optiv AWS Marketplace
Endpoint security is a key component of any cybersecurity program, but some organizations struggle with extending this program component to cloud workloads. This paper provides guidance on the key issues to consider when choosing an endpoint security solution for integration on the AWS platform and suggests a process for making that important decision.
How to Build a Data Security Strategy in AWS by Dave Shackleford - June 13, 2019
- Associated Webcasts: How to Build a Data Protection Strategy in AWS
- Sponsored By: AWS Marketplace
When organizations move sensitive data to the cloud, they absolutely must choose a provider that can ensure compliance with privacy regulations on a global stage. Data security strategies in the cloud must include encryption and key management, data loss prevention and the capability to classify and track data. By using the AWS Cloud, organizations can protect sensitive data at rest, in transit and in use.
Authentication: It Is All About the User Experience by Matt Bromiley - June 12, 2019
- Associated Webcasts: Authentication: It Is All About the User Experience
- Sponsored By: Yubico
In a world where compromised user credentials can cost an enterprise millions of dollars, the importance of being able to validate user accounts is a crucial enterprise requirement. Yet implementation of modern authentication techniques is lagging, even though it provides better user experiences as well as stronger authentication. This paper examines how these techniques can be applied within your organization for your employees--the other custodians of your data. It also explores the benefits of the new WebAuthn specification.
SANS 2019 State of OT/ICS Cybersecurity Survey by Barbara Filkins and Doug Wylie - June 11, 2019
- Associated Webcasts: SANS 2019 State of OT/ICS Cybersecurity Survey Converging OT and IT Networks: Where and How to Evolve ICS for Security
- Sponsored By: Forescout Technologies BV Cisco Systems Inc. Yokogawa Corporation of America Nozomi Networks Radiflow Owl Cyber Defense
In this survey, SANS experts Doug Wylie and Barb Filkins, with advisor and SANS instructor Jason Dely, examine the current state of known and perceived cybersecurity risks, threats and potential impacts to industrial and automation control systems that are applied within the Operational Technology (OT) domain. The survey explores how adeptly we are safeguarding operations and protecting human and company capital from a range of technical and non-technical cybersecurity risks that stem from threats that include malicious and unintentional insiders and outsiders. View the associated infographic here.
Passive Isn't Good Enough: Moving into Active EDR by Justin Henderson - May 17, 2019
- Associated Webcasts: Passive Isn\'t Good Enough: Moving into Active EDR
- Sponsored By: SentinelOne
Endpoint detection and response (EDR) technologies focus on identifying anomalous activity at scale, but are often constrained by delayed analyses. Endpoint protection platforms (EPP) can manage aspects of endpoint security, but often lack enterprise class detection and reporting capabilities. Which leads us to the most recent addition to the endpoint protection arsenal--active endpoint detection and response, which boasts real-time analysis capabilities as compared to traditional passive EDR.
How to Protect a Modern Web Application in AWS by Shaun McCullough - May 9, 2019
- Sponsored By: AWS Marketplace
In moving assets to the cloud, organizations need to prioritize their security plans based on the risks to which they are exposed. With threat modeling, organizations can identify and prioritize the risks to infrastructure, applications and the services they provide, as well as evaluate how to manage those risks over time. This paper includes use cases for threat modeling web apps and the DevSecOps platform, using a process that is both repeatable and improvable.
SANS 2019 Cloud Security Survey by Dave Shackleford - April 30, 2019
- Associated Webcasts: The State of Cloud Security: Results of the SANS 2019 Cloud Security Survey The State of Cloud Security: Panel Discussion
- Sponsored By: Sophos Inc. ExtraHop Sysdig
This whitepaper delves into the results of the SANS 2019 Cloud Security Survey, conducted in cooperation with the Cloud Security Alliance, concerning organizations' use of the public cloud and provides actionable advice organizations can use to improve their cloud security. It answers questions including, "Are security infrastructures maturing to support the business and improve risk management in the cloud model?" and "How are organizations using the public cloud to meet their business needs?"
Increasing Visibility with Ixia's Vision ONE by Serge Borso - April 23, 2019
- Associated Webcasts: Increasing Visibility with Ixia\'s Vision ONE
- Sponsored By: Ixia
Visibility into network structures and endpoints is vital to security and intelligence operations. Ixia's Vision ONE is a device that enables organizations to gain visibility into threats and manage security operations within a single platform. The SANS review of the Vision ONE platform examines how it provides enhanced, more efficient security through packet brokers and actionable information at the application level. We also consider how Vision ONE can help reduce operational costs. | Visibility into network structures and endpoints is vital to security and intelligence operations. Ixia's Vision ONE is a device that enables organizations to gain visibility into threats and manage security operations within a single platform. The SANS review of the Vision ONE platform examines how it provides enhanced, more efficient security through packet brokers and actionable information at the application level. We also consider how Vision ONE can help reduce operational costs.
Why Your Vulnerability Management Strategy Is Not Working - and What to Do About It by Jake Williams - April 23, 2019
- Associated Webcasts: Why Your Vulnerability Management Strategy Is Not Working � and What to Do About It
- Sponsored By: Lookingglass Cyber Solutions, Inc.
This paper looks at why vulnerability management solutions have not met expectations and how IT and security teams can better implement those solutions to maximize value. It also addresses how to deal with the resourcing constraints that all vulnerability management programs encounter.
Thinking like a Hunter: Implementing a Threat Hunting Program by Matt Bromiley - April 21, 2019
- Sponsored By: IBM
A successful threat hunting program should identify previously unknown or ongoing threats within the environment and facilitate a deeper understanding of the organization's technical landscape. This paper focuses on bridging the gap between those two objectives and discusses the whats, whys and hows of threat hunting. The paper presents techniques that can be immediately applied to your environment to help you either build a new hunt team or hone your existing one.
SANS Top New Attacks and Threat Report by John Pescatore - April 18, 2019
- Associated Webcasts: SANS Top New Attacks and Threat Report
- Sponsored By: Unisys InfoBlox Veracode Anomali DomainTools
Each year, the annual RSA Conference features top SANS instructors presenting their look at the new attack techniques currently in use and their projections for future exploits. This whitepaper captures highlights from this year's fast-paced and informative panel discussion, including insight into overall cybersecurity trends on both the offensive and defensive sides as well as advice from SANS on the steps enterprises must take to meet future risks.
How to Build a Security Visibility Strategy in the Cloud by Dave Shackleford - April 17, 2019
- Associated Webcasts: How to Build a Security Visibility Strategy in the Cloud
- Sponsored By: AWS Marketplace
The security of cloud-based assets requires visibility into the events and behaviors that move into and through the cloud environment, a strategy that differs from traditional security visibility. This paper describes controls that can be used to ensure network, application, instance/container, database/storage and control plane visibility, and explains how to create a strategy that ties event monitoring, vulnerability scanning and control planes together to enhance visibility.
SANS Vulnerability Management Survey by Andrew Laman - April 8, 2019
- Associated Webcasts: Current State of Vulnerability Management: Part 1 of the SANS Vulnerability Management Survey Results Vulnerability Practices of Tomorrow: Part 2 of the SANS Vulnerability Management Survey Results
- Sponsored By: Tenable Veracode Bromium Balbix
More and more organizations are finding that they need more than scanning results to manage their vulnerabilities effectively. This SANS survey investigates how organizations are managing vulnerabilities across their endpoints, applications, cloud services and business partners, while providing insights about survey results related to risk-based vulnerability management practices, management of cloud-based vulnerabilities and more.
The Foundation of Continuous Host Monitoring by Matt Bromiley - April 2, 2019
- Associated Webcasts: The Foundation of Continuous Host Monitoring
- Sponsored By: OpenText Inc.
Without the right architecture, continuous monitoring can cause more headaches than it cures. This paper examines some of the difficulties organizations face when trying to improperly scale forensic tools and/or concepts, and provides guidance on architectural decisions to help improve continuous monitoring implementations.
How to Automate Compliance and Risk Management for Cloud Workloads by Matt Bromiley - March 27, 2019
- Associated Webcasts: How to Automate Compliance and Risk Management for Cloud Workloads
- Sponsored By: AWS Marketplace
As organizations experience growth and network expansion, their decisions impact the safety and integrity of their data. Organizations that are moving to the cloud must balance the benefits of cloud services with compliance, while also managing risk. Because migrating data to the cloud does not remove the need for compliance, organizations need to focus on compliance from the start and create a strategy that automates compliance and risk management using native and cloud security controls.
Taming the Endpoint Chaos Within: A Review of Panda Security Adaptive Defense 360 by Justin Henderson - March 26, 2019
- Associated Webcasts: Taming the Endpoint Chaos Within: A Review of Panda Security Adaptive Defense 360
- Sponsored By: Panda Security
Endpoint security requires a solution that scales, is easy to maintain and provides a comprehensive integration into the endpoint itself. This review of Panda Security Adaptive Defense 360 details how the endpoint platform prevents malicious executables, automates complex tasks and provides scalability. Panda Security's EDR approach applies prevention controls in combination with detective controls, and allows security teams to deploy preventive technologies while retaining insight into environments.
Security Gets Smart with AI by G.W. Ray Davidson and Barbara Filkins - March 23, 2019
- Associated Webcasts: Security Gets Smart with AI: A SANS Survey
- Sponsored By: Cylance
This SANS survey, directed at cybersecurity professionals who use or are interested in AI, examines perceptions about AI's basic capabilities for security and what technologies--including deep learning, various recognition techniques, machine learning and others--are considered part of AI for security. The survey also examines whether, how and when security experts will begin implementing AI for security and how they intend to use it.
Empowering Incident Response via Automation by Matt Bromiley - March 20, 2019
- Associated Webcasts: Empowering Incident Response via Automation
- Sponsored By: Cisco Systems
This paper examines where incident response automation can be used to empower your teams and bring their level of productivity and investigations to never-before-seen heights. Your analysts should be focused on solving the problems that require human intervention, not tripped up by technical hurdles that a computer could easily solve.
2019 SANS Automation and Integration Survey by Barbara Filkins - March 15, 2019
- Associated Webcasts: The State of Automation/Integration Practice: Part 1 of the SANS Automation and Integration Survey What\'s Next in Automation Support: Part 2 of the SANS Automation and Integration Survey
- Sponsored By: Mcafee LLC LogRhythm ThreatConnect D3 Security Swimlane
With an ever-evolving threat landscape, security and risk management leaders must consider what security automation and integration can do to improve the efficiency, quality and efficacy of security operations. Our 2019 survey explores how respondents characterize their efforts and challenges with security automation, integration and workflow orchestration, and includes actionable advice for achieving the benefits of security automation.
Securing Your Endpoints with Carbon Black: A SANS Review of the CB Predictive Security Cloud Platform by Dave Shackleford - March 14, 2019
- Associated Webcasts: Securing Your Endpoints with Carbon Black: A SANS Review of the CB Predictive Security Cloud Platform
- Sponsored By: Carbon Black
Endpoint security remains a top security priority for most organizations. SANS reviews the CB Predictive Security Cloud (PSC), which focuses on securing endpoints by using a single lightweight agent that provides security professionals with actionable insights about cyberattacks. It uses behavioral analytics and big data in the cloud to prevent emerging threats; helps with vulnerability assessment and compliance reporting; and assists in threat hunting and incident response.
Maximizing SOC Effectiveness and Efficiency with Integrated Operations and Defense by John Pescatore - March 12, 2019
- Associated Webcasts: Maximizing SOC Effectiveness and Efficiency with Integrated Operations and Defense
- Sponsored By: NETSCOUT Systems, Inc.
John Pescatore of the SANS Institute leads a discussion on how to overcome the most commonly cited barriers to improving security operations. Gain perspective on integrating processes and controls used by networks operations with those used for security operations; using timely, accurate threat intelligence to proactively tune detection and protection controls; and assuring that defenses can withstand complex, multi-pronged attacks both today and in the future.
Taking SIEM to the Cloud: A SANS Review of Securonix Next-Gen SIEM v6.1 by Dave Shackleford - March 1, 2019
- Associated Webcasts: Taking SIEM to the Cloud: A SANS Review of Securonix Next-Gen SIEM
- Sponsored By: Securonix
The SANS Analyst team reviewed Securonix Next-Gen SIEM, which includes many advanced features for reducing detection and response time for security operations and investigations, and processing large quantities of data from numerous sources in real time.
Understanding the Adversary with Deception Technology by Matt Bromiley - February 26, 2019
- Associated Webcasts: Improving Detection and Understanding the Adversary with Deception Technology
- Sponsored By: TrapX Security
Organizations are having great difficulties properly remediating incidents and eradicating attackers from their environment. This paper examines some of the challenges facing organizations in understanding the adversary, and presents some of the latest deception techniques that can be used to identify attacker activity (both known and unknown).
How to Optimize Security Operations in the Cloud Through the Lens of the NIST Framework by John Pescatore - February 25, 2019
- Associated Webcasts: Prioritizing Security Operations in the Cloud through the Lens of the NIST Framework
- Sponsored By: AWS Marketplace
Security teams today face the mandate of moving production workloads from on-premises to the cloud. By using the NIST Cybersecurity Framework (CSF), teams can effectively and efficiently build in security as part of the migration of operations activities to IaaS services and hybrid cloud implementations. This paper shares proven best practices for evaluating and implementing security architectures, processes and controls while developing an approach to migration that is repeatable.
The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey by Rebekah Brown and Robert M. Lee - February 4, 2019
- Associated Webcasts: CTI Requirements and Inhibitors: Part 1 of the 2019 SANS Cyber Threat Intelligence Survey CTI Tools, Usage and a Look Ahead: Part 2 of the 2019 SANS Cyber Threat Intelligence Survey
- Sponsored By: Anomali DomainTools RecordedFuture ThreatQuotient IntSights
In order to use cyber threat intelligence (CTI) effectively, organizations must know what intelligence to apply and where to get that intelligence. This paper delves into the results of the SANS 2019 Cyber Threat Intelligence Survey and explores the value of CTI, CTI requirements, how respondents are currently using CTI--and what the future holds.
Enterprise Security with a Fluid Perimeter by Matt Bromiley - January 22, 2019
- Associated Webcasts: Enterprise Security with a Fluid Perimeter
- Sponsored By: Aruba Networks
Between BYOD, the cloud, third-party providers and a fluctuating mobile workforce, it is growing more difficult to maintain a rigid security policy. This paper examines critical techniques to addressing this issue, including the role of baselining, integrating and automating response, and defending against attacks more quickly--as well as specific action items for better protection.
Evolving Micro-Segmentation for Preventive Security: Adaptive Protection in a DevOps World by Dave Shackleford - January 7, 2019
- Associated Webcasts: Defeating Attackers with Preventive Security
- Sponsored By: VMWare, Inc
This paper looks at micro-segmentation as a new way to approach network security. The paper proposes ways to implement effective cyber hygiene, examines the role of automation, and explores ways to add security to workflows.
Defend Your Business Against Phishing by Matt Bromiley - January 4, 2019
- Sponsored By: Microsoft
Phishing is an ever-evolving and pervasive method of attack against small- and medium-sized businesses (SMBs). Don't let your business be an easy target! After walking you through the phishing techniques that attackers commonly use, Matt Bromiley shares proven strategies and specific, actionable steps you can take today to reduce your risk. No matter your budget or level of expertise, you can defend against phishing attacks.
Defend Your Business Against Insider Threats by Matt Bromiley - January 4, 2019
- Sponsored By: Microsoft
Your business faces a security risk that may not even be on your radar. Looming from within are insider threats, which pose a significant risk to small- and medium-sized businesses (SMBs). Matt Bromiley breaks down the two types of insider threats and provides specific, actionable steps and user education tips you can implement today to protect and defend your business against threats from the inside.
Protecting Data To, From and In the Cloud by Dave Shackleford - December 11, 2018
- Sponsored By: Symantec
Attackers have adapted their strategies to the cloud and will likely continue to focus on this threat surface. In this spotlight paper, SANS offers some guidance and recommendations for improving cloud service visibility, data protection, threat protection, access control and reporting.
Automating Detection and Response: A SANS Review of Swimlane by Alissa Torres - December 11, 2018
- Associated Webcasts: Efficient Alert Processing and Response: A SANS Review of Swimlane
- Sponsored By: Swimlane
This paper highlights the best-in-breed features of Swimlane: its ease of use, customizability, role-based access control and current technology integrations. We put Swimlane through its paces in a triage of a typical phishing email, applying the concept of componential workflow automation.
An Evaluator's Guide to NextGen SIEM by Barbara Filkins - December 6, 2018
- Associated Webcasts: An Evaluator\'s Guide to Next-Generation SIEM
- Sponsored By: LogRhythm
A traditional SIEM often lacks the capability to produce actionable information and has a limited shelf life. To be effective, a SIEM must stay relevant in the face of new threats and changes in an organizations technical and support infrastructures. Learn about the key questions to ask as you research adding a next-generation SIEM, one that captures data and generates information that security teams can use as intelligence to detect potentially malicious activity.
Integrating Threat Intelligence into Endpoint Security: A Review of CrowdStrike Falcon X by Dave Shackleford - November 26, 2018
- Associated Webcasts: Threat Intelligence and Protecting Your Endpoints: A SANS Review of the CrowdStrike Falcon X Platform
- Sponsored By: CrowdStrike, Inc.
While threat intelligence can transform an organization's security posture, it can be complex and costly for organizations to adopt and operationalize. With that in mind, SANS Analyst Dave Shackleford tested CrowdStrike Falcon X, which purportedly enables cybersecurity teams to automatically analyze malware found on endpoints, find related threats and enrich the results with customized threat intelligence. This review encapsulates his findings, and details how the solution can help SOC teams.
2018 Secure DevOps: Fact or Fiction? by Jim Bird and Barbara Filkins - November 5, 2018
- Associated Webcasts: Secure DevOps: Fact or Fiction? SANS Survey Looks at Reality, Part I Secure DevOps: Fact or Fiction? SANS Survey Looks at Reality, Part II
- Sponsored By: Qualys WhiteHat Security Rapid7 Inc. Veracode Aqua Security Inc. Signal Sciences
A new SANS survey indicates that fewer than half (46%) of survey respondents are confronting security risks up front in requirements and service design in 2018--and only half of respondents are fixing major vulnerabilities. This report chronicles how security practitioners are managing the collaborative, agile nature of DevOps and weave it seamlessly into the development process.
Network Architecture with Security in Mind by Matt Bromiley - November 2, 2018
- Associated Webcasts: Network Architecture with Security in Mind
- Sponsored By: Gigamon
This paper looks at how efficient and security-minded network routing and security tool utilization can shorten detection and response times.
It's Awfully Noisy Out There: Results of the 2018 SANS Incident Response Survey by Matt Bromiley - October 30, 2018
- Associated Webcasts: Improving the Incident Response Function: SANS 2018 Incident Response Survey Results Part II How Are You Responding to Threats? SANS 2018 Incident Response Survey Results Part I
- Sponsored By: Forescout Technologies BV Coalfire Systems OpenText Inc. Fidelis Security Systems, Inc. ThreatQuotient 1E
A new SANS survey finds that incident response (IR) teams are stanching serious data breaches faster in 2018--but they haven't managed to improve on a major hurdle that they reported in 2017: visibility into incidents. This report explores how organizations have structured their incident response functions, what systems they are conducting investigations on, and how they're uncovering threats.
The Algorithm of You: Defeating Attackers by Being Yourself by Matt Bromiley - October 17, 2018
- Associated Webcasts: The Algorithm of You: Defeating Attackers by Being Yourself
- Sponsored By: BehavioSec
Yesterday's defense mechanisms--such as tokens, one-time passwords and even fingerprint readers--are not adequately protecting our devices, data and networks. SANS author and DFIR expert Matt Bromiley examined a relatively new authentication method, behavioral biometrics, as implemented in a product from BehavioSec. This SANS Product Review chronicles Matts experience as he put BehavioSec's product through the paces, and it explores what behavioral biometrics is, how it works and the role it plays in authentication.
Investigate East-West Attacks on Critical Assets with Network Traffic Analysis by Dave Shackleford - October 3, 2018
- Associated Webcasts: Investigate East-West Attack Activities to Defend Critical Assets: A SANS Review of ExtraHop Reveal(x)
- Sponsored By: ExtraHop
Once attackers compromise a network, they attempt to maintain a persistent presence in the network and focus on data access and exfiltration. Such east-west attacks can be challenging to detect and remediate. SANS reviewed ExtraHop Networks Reveal(x) network traffic analysis platform, which aims to address the east-west challenge. Read on to learn more.
Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged - Discover and Defend Your Assets by Doug Wylie and Dean Parsons - September 26, 2018
- Associated Webcasts: Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged--Discover and Defend Your Assets
- Sponsored By: Tenable
The benefits derived from information technology (IT) and operational technology (OT) convergence are enabling more effective management of contemporary control systems. However, the unique challenges of IT/OT convergence make managing and securing an industrial control system (ICS) more difficult. This paper explores how industrial and information system administrators can build stronger cybersecurity programs to protect IT/OT systems.
Automating Open Source Security: A SANS Review of WhiteSource by Serge Borso - September 25, 2018
- Associated Webcasts: Automating Open Source Security: A SANS Review of WhiteSource
- Sponsored By: WhiteSource
This paper takes a close look at how the WhiteSource solution can handle the myriad of open source vulnerabilities through real-time detection and remediation.
SANS 2018 Threat Hunting Survey Results by Robert M. Lee and Rob T. Lee - September 18, 2018
- Associated Webcasts: Threat Hunting Is a Process, Not a Thing: SANS 2018 Survey Results, Part I Threat Hunting in Action: SANS 2018 Survey Results, Part II
- Sponsored By: Qualys IBM RiskIQ Anomali DomainTools Malwarebytes
Our third survey on threat hunting looks at the maturity of hunting programs and where they are going, along with best practices being used in organizations to detect and remediate threats that would otherwise remain hidden. Read this report to learn how survey respondents answered questions that are immediately important to organizations conducting threat hunting.
Essential Requirements for Cloud-Based Endpoint Security by Barbara Filkins - September 11, 2018
- Sponsored By: Carbon Black
Next-generation endpoint security (NGES) strives to combine prevention, detection, response and IT operations into a single platform, allowing for the consolidation of the endpoint footprint while substantially increasing endpoint protection. For those ready to replace their traditional antivirus with NGES, SANS has developed this evaluation guide for assessing NGES tools against your organization's requirements before making capital investments in NGES.
Breach Avoidance: It Can Be Done, It Needs to Be Done by John Pescatore - September 10, 2018
- Associated Webcasts: Breach Avoidance: Yes, You Can!
- Sponsored By: Balbix
Almost every day it seems like the press is reporting on yet another security breach. Some breaches expose sensitive business and customer information, while others bring down business operations. But breaches are not inevitable. By implementing security processes and controls to proactively identify and remove or mitigate vulnerabilities, today�s companies, even those with limited staff and budgets, can avoid or limit business damage by prioritizing security efforts.
The Need for Speed: Integrated Threat Response A SANS Whitepaper by Matt Bromiley - September 10, 2018
- Associated Webcasts: The Need for Speed: Integrated Threat Response
- Sponsored By: Lookingglass Cyber Solutions, Inc.
This paper addresses the concepts of security automation and integration and provides recommendations on how to use technology to make your team faster and more efficient. It not only emphasizes the need for security automation and integration, but also shows how they are enhancements to, rather than replacements for, a security program.
Stronger Security with Global IT Asset Inventory by Matt Bromiley - August 29, 2018
- Associated Webcasts: Stronger Security with Global IT Asset Inventory Stronger Security with Global IT Asset Inventory
- Sponsored By: Qualys
You must secure what you cannot see. But how? Take the first step: Recognize the various pieces. Then you'll see how IT asset inventory can, and should be, one of the most useful tools for the security team in identifying and addressing security concerns.
The Definition of SOC-cess? SANS 2018 Security Operations Center Survey by Christopher Crowley and John Pescatore - August 13, 2018
- Associated Webcasts: No Single Definition of a SOC: Part I of the SANS 2018 SOC Survey Results Webcast SOC Capabilities and Usefulness: Part II of the SANS SOC Survey Results Webcast SOC Capabilities and Usefulness: Part II of the SANS SOC Survey Results Webcast No Single Definition of a SOC: Part I of the SANS 2018 SOC Survey Results Webcast
- Sponsored By: LogRhythm CYBERBIT Commercial Solutions Authentic8 DFLabs Awake Security ExtraHop
Although SOCs are maturing, staffing and retention issues continue to vex critical SOC support functions. In this paper, learn how respondents to our 2018 SOC survey are staffing their SOCs, the value of cloud-based services to augment staff and technology, and respondents' level of satisfaction with the architectures they've deployed.
Understanding the (True) Cost of Endpoint Management by Matt Bromiley - July 30, 2018
- Associated Webcasts: Understanding the True Cost of Endpoint Management
- Sponsored By: IBM
In this paper, we review the challenges in dealing with complex, ever-changing environments and offer suggestions and recommendations in effective endpoint management. Additionally, we discuss enterprise security as it relates to endpoint management and examine the benefits of integrating endpoint management into your security posture.
How Visibility of the Attack Surface Minimizes Risk by Dave Shackleford - July 30, 2018
- Associated Webcasts: How Visibility of the Attack Surface Minimizes Risk
- Sponsored By: Skybox Security, Inc.
To understand risks and control the attack surface, you need visibility. But what is visibility and why is it critical? And how do you get it? This paper will help you define visibility for effective security and understand why visibility it is key to determining your exposure and potential vulnerabilities.
A Guide to Managing Cloud Security by Dave Shackleford - July 25, 2018
- Associated Webcasts: Managing Cloud Security
- Sponsored By: Tenable
While many of the core concepts of vulnerability and threat management remain the same in the world of cloud deployments, we need to adapt our thinking to operate in a hybrid or public cloud deployment model. This paper will help you evaluate cloud vulnerabilities and threat management, and protect your data and assets in a dynamic cloud infrastructure.
AI Hunting with the Cybereason Platform: A SANS Review by Dave Shackleford - July 23, 2018
- Associated Webcasts: Single-Agent Cyber Security Analytics: A SANS Review of the Cybereason Platform
SANS reviewed Cybereason's AI hunting platform, which offers a lightweight, behavior-focused model of host-based protection that can help intrusion analysis and investigations teams more rapidly and efficiently prevent, detect and analyze malicious behavior in their environments.
The 2018 SANS Industrial IoT Security Survey: Shaping IIoT Security Concerns by Barbara Filkins - July 18, 2018
- Associated Webcasts: The State of Industrial IoT
- Sponsored By: Forescout Technologies BV Accenture Indegy
IIoT endpoint security is the leading concern of respondents to the 2018 SANS IIoT Security Survey, with network security controls and countermeasures being the main enablers of IIoT security. Most of the growth in connected devices is expected to be for those used for monitoring, status, alarms and alerting, as well as predictive maintenance, but over 50% of respondents are still using their devices controlling operations and processes. Read on to learn more.
One-Click Forensic Analysis: A SANS Review of EnCase Forensic by Jake Williams - June 27, 2018
- Associated Webcasts: EnCase Forensic 8: A SANS Analyst Program Review
- Sponsored By: OpenText Inc.
When security incidents occur, law enforcement needs forensic information in hours, not days. The new features in EnCase Forensic 8 purport to assist investigators in gathering and analyzing key data in a more efficient manner. Learn more in this product review of EnCase Forensic 8.
Cloud Security: Are You Ready? by Dave Shackleford - June 18, 2018
- Sponsored By: Symantec
As more midsize organizations move into the cloud, security professionals may wonder why cloud security seems difficult. More than likely, the real security challenge is the perceived loss of control. Numerous security best practices plus improved security products and services now exist. This short paper takes a look at some of the key elements and best practices for midsize enterprises looking to ensure security in their cloud implementations.
Stopping IoT-based Attacks on Enterprise Networks by G. W. Ray Davidson - June 14, 2018
- Associated Webcasts: Stopping IoT-based Attacks on Enterprise Networks
- Sponsored By: Hewlett Packard
The increased use of IoT devices on business networks presents an growing challenge to security, and printers are an especially overlooked device from a security perspective. This paper examines specific attack areas for IoT devices, particularly printers, including data, management, monitoring and reporting, and make recommendations for protecting against various attacks.
Endpoint Protection and Response: A SANS Survey by Lee Neely - June 12, 2018
- Associated Webcasts: It Starts With The Endpoint: Part 1 of the SANS 2018 Endpoint Security Survey Results Endpoint Detection and Response: Part 2 of the SANS 2018 Endpoint Security Survey Results
- Sponsored By: Forescout Technologies BV Mcafee LLC OpenText Inc. CrowdStrike, Inc. CarbonBlack Endgame Malwarebytes
Respondents have a vested interest in improving visibility, detection and response through more automated, integrated endpoint protection, detection and response technologies. In this survey, 84% of endpoint breaches included more than one endpoint. Desktops, laptops, server endpoints, endpoints in the cloud, SCADA and other IIoT devices are being caught in the dragnet of multi-endpoint breaches. Read on for more detail, best practices and advice.
Back to Basics: Building a Foundation for Cyber Integrity by Barbara Filkins - June 6, 2018
- Sponsored By: Tripwire, Inc.
File integrity is at the heart of maintaining a secure cyber profile. But cyber security must also protect system integrity--the state of the infrastructure (encompassing applications, endpoints and networks) where intended functions must not be degraded or impaired by other changes or disruptions to its environments. This SANS Spotlight explores how cyber integrity weaves people, processes and technology together into a holistic framework that guards the modern enterprise against changes, whether authorized or unauthorized, that weaken security and destabilize operations.
Automate Threat Detection and Incident Response: SANS Review of RSA NetWitness Platform by Ahmed Tantawy - May 10, 2018
- Associated Webcasts: Automate Threat Detection and Incident Response: SANS Review of RSA NetWitness
- Sponsored By: RSA
In a recent SANS survey, approximately 35 percent of respondents said their greatest impediment is a skills gap in their IT environments. With that in mind, we reviewed RSA NetWitness Platform, a solution that aims to bridge the human skills gap via machine learning and analytics. This review focuses on RSA NetWitness Platform and examines different views, from responding to an incident to performing an investigation and drilling down to see an activity in real time.
10 Endpoint Security Problems Solved by the Cloud by Deb Radcliff - May 4, 2018
- Sponsored By: Carbon Black
SANS surveys and testimonials from IT and security professionals indicate that endpoint security is a challenge. There is too much complexity and cost, defenses aren't keeping up, and security staff is stretched thin. This infographic explores how cloud can help address these issues.
Tailoring Intelligence for Automated Response by Sonny Sarai - May 2, 2018
- Associated Webcasts: Tailored Intelligence for Automated Remediation: SANS Review of IntSights\' Enterprise Intelligence and Mitigation Platform
- Sponsored By: IntSights
Overworked and understaffed IT security teams are trying to integrate threat intelligence into their detection, response, and protection processes -- but not very successfully. IT teams need fewer intelligence alerts and more visibility into external threats that matter to their enterprises. SANS Analyst Sonny Sarai discusses his experience reviewing IntSights' Enterprise Threat Intelligence and Mitigation Platform under simulated attack, detection, and remediation scenarios.
Back to Basics: Focus on the First Six CIS Critical Security Controls by John Pescatore - May 1, 2018
- Sponsored By: Tripwire, Inc.
Post-breach investigations reveal that the majority of security incidents occur because well-known security controls and practices were not implemented or were not working as organizations had assumed. This paper explores how Version 7.0 of the Center for Internet Security (CIS) Critical Security Controls addresses the current threat landscape, emerging technologies and tools, and changing mission and business requirements around security.
Security Testing and Vendor Selection with BreakingPoint by Serge Borso - April 30, 2018
- Associated Webcasts: BreakingPoint: A Multi-Function Tool for Application and Security Testing
- Sponsored By: Ixia
In this product review conducted by SANS instructor Serge Borso, we learned that BreakingPoint is more than just a network testing tool. BreakingPoint provides a unique solution that enables security assessment, vendor selection and change management. It integrates well and is easy to use. We believe the tool has great value to the security community and specifically larger enterprises in the midst of infrastructure updates and those optimizing information security programs.
Securing the Hybrid Cloud: Traditional vs. New Tools and Strategies A SANS Whitepaper by Dave Shackleford - April 2, 2018
- Associated Webcasts: Securing the Hybrid Cloud: A Guide to Using Security Controls, Tools and Automation
- Sponsored By: Qualys
This paper takes a look at the current state of cloud security and offers specific recommendations for security best practices, including how to use some traditional security tools and emerging solutions, while taking into account typical staffing, technology and other resource issues.
An Evaluator�s Guide to Cloud-Based NGAV: The SANS Guide to Evaluating Next-Generation Antivirus by Barbara Filkins - March 26, 2018
- Associated Webcasts: Moving Endpoint Security to the Cloud: Replacing Traditional Antivirus
- Sponsored By: CarbonBlack
The coupling between NGAV and cloud-based analytics is here. The dynamics of cloud-based analytics, which allow for near-real-time operations, bring an essential dimension to NGAV, disrupting the traditional attack model by processing endpoint activity as it happens, algorithmically looking for any kind of bad or threatening behavior, not just for malicious files. This paper covers how cloud support for NGAVs is changing the game and how to evaluate such solutions.
Stopping Advanced Malware, Pre- and Post-Execution: A SANS Review of enSilo's Comprehensive Endpoint Security Platform by Dave Shackleford - March 20, 2018
- Associated Webcasts: Stop Really Nasty Malware, Pre- and Post-Execution: A SANS Review of the enSilo Endpoint Security Platform
- Sponsored By: Ensilo
Sophisticated malware is the new weapon of choice for criminals and nation states. A multilayered self-defending security solution--agnostic to operating systems, mitigating malware in real-time, enabling pre- and post-execution--is needed to defend against cyber attacks. In this review, SANS Instructor and Analyst Dave Shackleford tests enSilo's response against advanced malware and ransomware threats and explores how enSilo's features can alleviate burden on security staff.
Pinpoint and Remediate Unknown Threats: SANS Review of EnCase Endpoint Security by Jake Williams - March 15, 2018
- Associated Webcasts: Pinpoint and Remediate Unknown Threats: SANS Review of EnCase Endpoint Security 6
- Sponsored By: OpenText Inc.
With the increasing prevalence of security incidents, security teams are learning quickly that the endpoint is involved in almost every targeted attack. EnCase Endpoint Security aims to help security teams focus on the most critical incidents and avoid costly data breaches. In this review, SANS analyst Jake Williams shares his tests of EnCase Endpoint Security version 6.02 and how it performs.
VMRay Analyzer: Rapid Malware Analysis for Incident Response (IR) Teams by Matt Bromiley - March 12, 2018
- Associated Webcasts: VMRay Analyzer, agentless malware analysis and rapid incident response: A SANS Product Review
- Sponsored By: VMRay
In our hands-on testing, we found that VMRay Analyzer's agentless approach to malware analysis is an effective way to provide rapid incident response. VMRay bridges the gap between an easy-to-use interface and back-end technology that provides a novel platform for analyzing advanced threats.
Managing User Risk: A Review of LogRhythm CloudAI for User and Entity Behavior Analytics by Dave Shackleford - February 26, 2018
- Associated Webcasts: Why Insider Actions Matter: SANS Review of LogRhythm CloudAI for User and Entity Behavior Analytics
- Sponsored By: LogRhythm
In this product review, we explored the recently released LogRhythm CloudAI, which applies user and entity behaviour analytics (UEBA) capabilities to enhance traditional event management and security analytics toolsets to monitor behaviors tracked over time, alerting analysts to unusual events or patterns of events.
Immutability Disrupts the Linux Kill Chain by Hal Pomeranz - February 20, 2018
- Sponsored By: Immutable Systems
New exploits aimed at Linux systems are able to succeed by achieving root access to the OS. But what if you could lock down the OS and enforce security policies from outside of it? This Spotlight Paper explores the concept of �immutability� as a way of interdicting the Linux kill chain.
CTI in Security Operations: SANS 2018 Cyber Threat Intelligence Survey by Dave Shackleford - February 5, 2018
- Associated Webcasts: Cyber Threat Intelligence Today: SANS CTI Survey Results, Part 1 Cyber Threat Intelligence Skills and Usefulness: SANS CTI Survey Results, Part 2
- Sponsored By: Rapid7 Inc. Anomali DomainTools ThreatConnect IntSights
The survey focuses on how organizations could collect security intelligence data from a variety of sources, and then recognize and act upon indicators of attack and compromise scenarios in a timely manner. Although some CTI trends continued this year, we definitely saw several differences in a number of areas, which are noted in the research. From this year's results, it is obvious that CTI collection, integration and use within security teams are maturing.
DNS: An Asset, Not a Liability by Matt Bromiley - January 30, 2018
- Associated Webcasts: DNS: An Asset, Not a Liability
- Sponsored By: InfoBlox
The Domain Name System, or DNS, is crucial to billions of Internet users daily, but it comes with issues that organizations must be aware of. Attackers are abusing DNS to conduct attacks that bring businesses to their knees. Fortunately, with the right detection and analysis mechanisms in place, security teams can turn DNS vulnerabilities into enterprise assets.
Building the New Network Security Architecture for the Future by Sonny Sarai - January 22, 2018
- Associated Webcasts: In a Perfect World...Building the Network Security Architecture for the Future
- Sponsored By: NETSCOUT Systems, Inc.
With the move to cloud services, software-defined networks and IoT devices, the game has changed in terms of defining an organization's network. Current network security architecture doesn't offer the visibility required for modern-day networks, much less guard against threats roaming within them. This white paper examines key elements of the network of the future and their optimal implementation.
SOC Automation-Deliverance or Disaster by Eric Cole, PhD - December 11, 2017
- Sponsored By: DFLabs
Learn how to strike a balance between security alerts that can be automated with minimal impact and the higher-risk alerts that need to be handled by analysts.
Security and Operations - An Overlooked But Necessary Partnership by Sonny Sarai - December 4, 2017
- Associated Webcasts: Security and Ops Hacks
- Sponsored By: Rapid7 Inc.
This paper explores ways to foster cooperation between Security and Operations groups for better visibility into threats and threat pathways, while improving overall protection and network hygiene.
Minerva Labs: Using Anti-Evasion to Block the Stealth Attacks Other Defenses Miss by Eric Cole, PhD - December 4, 2017
- Associated Webcasts: Using Anti-Evasion to Block Stealth Attacks with Minerva Labs
- Sponsored By: Minerva Labs
Attackers routinely use evasion to evade baseline anti-malware tools and ultimately compromise endpoints. How can enterprises prevent such intrusions without relying on after-the-fact detection? This paper explores a unique approach to preventing evasive malware from infecting endpoints, using Minerva's Anti-Evasion Platform to automatically block threats without ever scanning files or processes. SANS Reviewer Eric Cole, PhD, shares his findings regarding the ability of Minerva's Anti-Evasion Platform to block such evasive threats.
Updated: Out with the Old, In with the New: Replacing Traditional Antivirus by Barbara Filkins - December 1, 2017
- Associated Webcasts: Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV
- Sponsored By: CarbonBlack
This updated version of the 2016 paper that included the SANS guide to evaluating next-generation antivirus provides the background information organizations need to assist them in their efforts to procure next-generation antivirus. Review this document to establish your overall road map and help resolve any questions you may have on the procurement process after reading the companion piece: "SANS Step-by-Step Guide for Procuring Next-Generation Antivirus".
Step by Step Guide for Procuring Next-Generation Antivirus by Barbara Filkins - November 30, 2017
- Associated Webcasts: Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV
- Sponsored By: CarbonBlack
This document outlines a procurement process you can use and customize when upgrading to NGAV. The key steps to successful procurement do not change and should apply to any NGAV procurement project.
NGAV RFP by Barbara Filkins - November 30, 2017
- Associated Webcasts: Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV
- Sponsored By: CarbonBlack
This document is a standalone RFP for selecting a next-generation antivirus (NGAV) solution. For more information on how to procure NGAV, be sure to access the Step by Step Guide for Procuring Next-Generation Antivirus.
NGAV RFP Evaluation Master Template by Barbara Filkins - November 30, 2017
- Associated Webcasts: Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV
- Sponsored By: CarbonBlack
Click on the link in this file to access the Excel spreadsheet designed to help you compare the vendors from whom you have collected RFP information.
Cloud Security: Defense in Detail if Not in Depth by Dave Shackleford - October 31, 2017
- Associated Webcasts: Cloud Security: Defense in Detail if Not in Depth. Part 1: Using Cloud Services to Address the Cloud Threat Environment Cloud Security: Defense in Detail if Not in Depth. Part 2: Changes Make the Cloud More Secure, but Is InfoSec Changing Even More? Cloud Security: Defense in Detail if Not in Depth. Part 1: Using Cloud Services to Address the Cloud Threat Environment
- Sponsored By: Qualys Mcafee LLC BMC Software, Inc. Forcepoint LLC
Survey respondents feel that they lack visibility, auditability and effective controls to monitor everything that goes on in their public clouds. We are, however, seeing increased use of security controls within cloud provider environments and wider use of security-as-a-service (SecaaS) solutions to achieve in-house and external security and compliance requirements. Related findings and best practices are discussed in the following report.
Closing the Skills Gap with Analytics and Machine Learning by Ahmed Tantawy - October 30, 2017
- Associated Webcasts: Closing the Skills Gap with Analytics and Machine Learning Closing the Skills Gap with Analytics and Machine Learning
- Sponsored By: RSA
It is important that IT departments leverage automated analytics and machine learning solutions that connect the dots between seemingly random events and provide much-needed context, visibility and actionable advice. In this paper, we explain how to utilize and integrate analytics and machine learning to reduce the load on security professionals, while increasing visibility and accurately predicting attackers' next steps.
Blueprint for CIS Control Application: Securing the Oracle E-Business Suite by Barbara Filkins - October 26, 2017
- Sponsored By: Onapsis
This paper looks at how the Critical Security Controls can be used to secure Oracle's E-Business Suite (EBS), using an approach that considers application- as well as network-related issues.
2017 State of Application Security: Balancing Speed and Risk by Jim Bird - October 24, 2017
- Associated Webcasts: Application Security on the Go! SANS Survey Results, Part 1 Application Breaches and Lifecycle Security: SANS 2017 Application Security Survey, Part 2 Application Security on the Go! SANS Survey Results, Part 1 Application Breaches and Lifecycle Security: SANS 2017 Application Security Survey, Part 2 Application Breaches and Lifecycle Security: SANS 2017 Application Security Survey, Part 2
- Sponsored By: Tenable WhiteHat Security Rapid7 Inc. Veracode Synopsys
Agile teams deliver working software every few weeks. High-speed cross-functional DevOps teams push software changes directly to production multiple times each day. Organizations are taking advantage of cloud platforms and on-demand services, containerization, and automated build and continuous delivery pipelines. All of this radically changes how development teams�and their security/risk management teams�think and work. Read on to learn more.
Enhance Your Investigations with Network Data by Matt Bromiley - October 19, 2017
- Associated Webcasts: Enhance Your Investigations with Network Data
- Sponsored By: Cisco Systems
Network forensics is its own specialized field that often introduces complex protocols, jargon, and analysis techniques that are potentially confusing to practitioners. But particular artifacts can be leveraged to determine the attack sequence and to offer a more complete picture of the breach. In this white paper, SANS analyst and instructor Matt Bromiley examines the power of network forensics and why it should be incorporated into all incident response investigations.
Targeted Attack Protection: A Review of Endgame�s Endpoint Security Platform by Dave Shackleford - October 17, 2017
- Associated Webcasts: Targeted Attack Protection: SANS Review of Endgame\'s endpoint security platform
- Sponsored By: Endgame
SANS Analyst Dave Shackleford presents his experience reviewing Endgame's Managed Detection and Response Services under real-world threats in a simulated environment.
AppSec: ROI Justifying Your AppSec Program Through Value-Stream Analysis by Jim Bird - October 4, 2017
- Sponsored By: Veracode
In this paper we focus narrowly on the impact of application security on the end-to-end software development value chain. We also look at ways to identify and balance cost and risk to help you decide which tools and practices are most practical and cost effective for your organization.
Next-Gen Protection for the Endpoint: SANS Review of Carbon Black Cb Defense by Jerry Shenk - September 14, 2017
- Associated Webcasts: EDR + NGAV Working Together: SANS Review of Carbon Black Cb Defense
- Sponsored By: Carbon Black
In today�s threat landscape, organizations wanting to shore up their defenses need endpoint tools that not only detect, alert and prevent malware and malware-less attacks, but also provide defenders a road map of the systems and pathways attackers took advantage of. Our review shows that Carbon Black�s Cb Defense does all this and more with a high degree of intelligence and analytics. Utilizing a cloud-based delivery system, it makes informed decisions on subtle user and system behaviors that we wouldn�t otherwise see with traditional antivirus tools. Importantly, it saved us time: Manual correlation and false positives are among the top 10 time-consuming tasks IT professionals hate, according to a recent article in Dark Reading.2 Rather than toggling between separate security systems, tra c logs and so on, we used a single cloud interface�through drill-down and pivot�to determine whether a threat was a false positive or real.
Asking the Right Questions: A Buyer's Guide to Dynamic Scanning to Secure Web Applications by Barbara Filkins - September 12, 2017
- Associated Webcasts: Asking the Right Questions about Dynamic Scanning to Secure Web Applications: A Buyer\'s Guide to App Sec Scanning Tools
- Sponsored By: Veracode
Securing a web apps across its lifecycle is fundamentally different than securing an app born inside a secure perimeter. The selection of tools designed to scan running applications is more complex and challenging select than are conventional tools as the threat these are designed to counter is also more intensive and more pervasive. This makes the choice of tool critical. We walk you through the various parameters involved in the decision-making process in this paper.
Sensitive Data at Risk: The SANS 2017 Data Protection Survey by Barbara Filkins - September 5, 2017
- Associated Webcasts: Sensitive Data Everywhere: Results of SANS 2017 Data Protection Survey
- Sponsored By: Mcafee LLC InfoBlox
Ransomware, insider threat and denial of service are considered the top threats to sensitive data by respondents to the 2017 SANS Data Protection Survey. User credentials and privileged accounts represented the most common data types involved in these breaches reported in the survey, spotlighting the fact that access data is prized by attackers. The experiences of respondents with compromised data provide valuable lessons for security professionals.
The Efficiency of Context: Review of WireX Systems Incident Response Platform by Jerry Shenk - September 5, 2017
- Associated Webcasts: The Efficiency of Context: Review of WireX Network Forensics Platform
- Sponsored By: WireX Systems
WireX Systems officials think they have found the way to slash the time it takes to spot an intruder by making it easier for mere mortals to read and understand network traffic and identify early signs of a breach. Contextual Capture, a key feature of the WireX Network Forensics Platform, is designed to turn every SOC member into a valuable analyst by providing easy-to-use forensics history (for periods of months) using a unique and intuitive query interface. WireX NFP also creates investigation workflows that can be used by the entire security team to accelerate alert validation and incident response.
2017 Threat Landscape Survey: Users on the Front Line by Lee Neely - August 14, 2017
- Associated Webcasts: Security Whack-a-Mole: SANS 2017 Threat Landscape Survey Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
- Sponsored By: Qualys Mcafee LLC FireEye Cylance
Endpoints-and the users behind them-are on the front lines of the battle: Together they represent the most significant entry points for attackers obtaining a toehold into the corporate network. Users are also the best detection tool organizations have against real threats, according to the 2017 SANS Threat Landscape survey. Read on for more detail on the types of attacks occurring and their impact on organizations and their security.
Road Map to a Secure, Smart Infrastructure by Barbara Filkins - August 9, 2017
- Associated Webcasts: Roadmap to a Secure Smart Infrastructure
- Sponsored By: Rapid7 Inc.
This paper provides a multifaceted security approach for securing infrastructure systems that are being targeted by attackers and malware.
Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey by Eric Cole - July 31, 2017
- Associated Webcasts: The SANS 2017 Insider Threat Survey: Mounting an Effective Defense Against Insider Threat The SANS 2017 Insider Threat Survey: Mounting an Effective Defense Against Insider Threat
- Sponsored By: Rapid7 Inc. Dtex Systems Haystax Technology
It is easy, while evaluating attack vectors, researching competitors and gauging the threat from organized crime or foreign adversaries, to conclude that external attacks should be the primary focus of defense. This conclusion would be wrong. The critical element is not the source of a threat, but its potential for damage. This survey highlights the importance of managing internal threats as the key to winning at cyber security.
Automating Cloud Security to Mitigate Risk by Dave Shackleford - July 20, 2017
- Associated Webcasts: Automating Cloud Security to Mitigate Risk
- Sponsored By: Skybox Security, Inc.
As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. This paper explores the potential security challenges enterprises face as they migrate to any kind of cloud setup and offers guidance to ensure a smooth migration to new solutions.
Securing Industrial Control Systems-2017 by Bengt Gregory-Brown - July 11, 2017
- Associated Webcasts: The 2017 State of Industrial Control System Security-Part 1: Personnel, Threats and Tools The 2017 State of Industrial Control System Security�Part 2: Protection, Prevention and Convergence
- Sponsored By: Tripwire, Inc. Tempered Networks Great Bay Software PAS Nozomi Networks
We annually gather and analyze raw data from hundreds of IT and industrial control systems (ICS) security practitioners. Our mission is to turn these inputs into actionable intelligence to support new developments and address trends in the field to inform the crucial business decisions. Here we report on these trends and other changes that make active use of ICS as a core enabler for business imperatives and provide actionable advice for today's security practitioners.
Complying with Data Protection Law in a Changing World by Benjamin Wright - June 27, 2017
- Associated Webcasts: Complying with Data Protection Law in a Changing World
- Sponsored By: Forcepoint LLC
Failure to meet legal and political expectations for data security can expose your enterprise to fines, lawsuits, negative publicity and regulatory investigations. These expectations are rapidly evolving across the world, making it difficult for enterprises to effectively protect their brands. This white paper reveals the major steps a large, multinational enterprise can take to assure the public, authorities and business partners that it is behaving responsibly and is on a commendable path of compliance.
Zero-Touch Detection and Investigation of Cloud Breaches: A Review of Lacework's Cloud Workload Security Platform by Matt Bromiley - June 27, 2017
- Associated Webcasts: Effortless Detection and Investigation of Cloud Breaches: A Review of Lacework\'s Zero Touch Cloud Workload Security Platform
- Sponsored By: Lacework
Today's increasingly dynamic cloud environments present new challenges to security practitioners. With security talent in short supply, tailoring old policy-and-logs approaches to the needs of an organization can require time and resources it just doesn't have. In this review, SANS analyst and instructor Matt Bromiley shares his experience using Lacework's new Zero Touch Cloud Workload Security Platform to mitigate these challenges.
Testing Web Apps with Dynamic Scanning in Development and Operations by Barbara Filkins - June 15, 2017
- Associated Webcasts: Using Dynamic Scanning to Secure Web Apps in Development and After Deployment
- Sponsored By: Veracode
Building secure web applications requires more than testing the code to weed out flaws during development and keeping the servers on which it runs up to date. Public-facing web apps remain the primary source of data breaches. To keep web apps secure, IT ops groups are increasingly adopting Dynamic Application Security Testing (DAST) tools. Learn how DAST tools can reduce dev costs and security flaws; how to avoid organizational gaps between dev and ops that can make remediation difficult; and other AppSec/vulnerability scanning issues.
The Show Must Go On! The 2017 SANS Incident Response Survey by Matt Bromiley - June 12, 2017
- Associated Webcasts: SANS 2017 Incident Response Survey Results - Part 1: Attack, Response and Maturity SANS 2017 Incident Response Survey Results�Part 2: Threat Intelligence and Improving Incident Response Capabilities
- Sponsored By: Guidance Software Mcafee LLC LogRhythm IBM AlienVault Anomali
Overall, the results of 2017 Incident Response survey were very promising. Organizations are building IR teams that suit their environments and their unique set of issues. Malware still looms as the root cause of a large majority of incidents; and IR teams still suffer from a shortage of skilled staff, lack of ownership and business silo issues. Read on to examine the results of the survey and guidelines and feedback to spur improvements.
Security by Design: The Role of Vulnerability Scanning in Web App Security by Barbara Filkins - June 7, 2017
- Associated Webcasts: The Role of Vulnerability Scanning in Web App Security
- Sponsored By: Netsparker
The growth in custom applications in the cloud has increased organizations' security exposure. Although more organizations want to test and remediate during development, this doesn't address the thousands of existing, potentially vulnerable, apps already online. Modern web scanners can help by highlighting areas of likely vulnerability. Their speed and automation can make them a valuable part of a multilayered scanning and monitoring program.
Using Cloud Deployment to Jump-Start Application Security by Adam Shostack - May 24, 2017
- Associated Webcasts: Choosing the Right Path to Application Security
- Sponsored By: Veracode
The cloud has significantly changed corporate application development. Now that releases come every few days rather than once or twice a year, AppSec is now squeezed into tiny windows of time. The speed, repetitiveness and changes in responsibility associated with these changes make it hard for traditional approaches to work. What are the choices and best practices for security within AppSec? How can you leverage the cloud to work for you? Attend this webcast and be among the first to receive access to the associated whitepaper developed by Adam Shostack.
Network Security Infrastructure and Best Practices: A SANS Survey by Barbara Filkins - May 23, 2017
- Associated Webcasts: Network Security Infrastructure and Best Practices: A SANS Survey
- Sponsored By: NETSCOUT Systems, Inc.
Network infrastructure is the key business asset for organizations that depend on geographically dispersed data centers and cloud computing for their critical line-of-business applications. Consistent performance across links and between locations must be maintained to ensure timely access to data, enabling real-time results for decision making. The following pages provide guidance on how to approach common challenges faced by both the network and security operational teams in managing interrelated security and performance problems.
Future SOC: SANS 2017 Security Operations Center Survey by Christopher Crowley - May 16, 2017
- Associated Webcasts: SOCs Grow Up to Protect, Defend, Respond: Results of the 2017 SANS Survey on Security Operations Centers, Part 1 Future SOCs: Results of the 2017 SANS Survey on Security Operations Centers, Part 2
- Sponsored By: Tripwire, Inc. LogRhythm NETSCOUT Systems, Inc. Carbon Black ThreatConnect Endgame
The primary strengths of security operations centers (SOCs) are flexibility and adaptability, while their biggest weakness is lack of visibility. Survey results indicate a need for more automation across the prevention, detection and response functions. There are opportunities to improve security operations, starting with coordination with IT operations. SOCs can improve their understanding how to serve the organization more effectively and their use of metrics.
How to Conquer Targeted Email Threats: SANS Review of Agari Advanced Threat Protection by Dave Shackleford - May 9, 2017
- Associated Webcasts: How to Conquer Targeted Email Threats: SANS Review of Agari Advanced Threat Protection
- Sponsored By: AGARI
Why are our traditional email and endpoint security tools failing us? First, most email deployments lack any authentication of outside senders. Given this vulnerability, it�s trivial to execute spoo ng and falsi ed email content that purports to come from a trusted entity the recipient knows and trusts. Second, attackers are using cloud-based email and �detection-busting� techniques such as fake identities, deceptive sender names and phony domains to beat defenses. Clearly, given the prevalence of email-borne threats, protecting email infrastructure and end users needs to be a high priority for all security teams today. To this end, SANS had the opportunity to review Agari Enterprise Protect and the Agari Email Trust Platform.
Deception Matters: Slowing Down the Adversary with illusive networks® by Eric Cole, PhD - May 1, 2017
- Associated Webcasts: Deception Matters: Slowing the Adversary with illusive networks
- Sponsored By: Illusive Networks
Deception is an effective defense against targeted attacks that leverages a false map of cyber assets to boost the odds of finding an adversary early and mitigate overall damage. The adversary is tricked into a cyber rabbit hole of fake systems with fake libraries and DNS servers, counteracting the attacker's every move. In this review, SANS Fellow Eric Cole recounts his review of illusive networks' deception and protection capabilities to show cyber deception in action.
A New Era in Endpoint Protection by Dave Shackleford - April 26, 2017
- Associated Webcasts: A New Era in Endpoint Protection: A SANS Product Review of CrowdStrike Falcon Endpoint Protection
- Sponsored By: CrowdStrike, Inc.
Conventional antivirus solutions aren�t keeping pace with today's threats. There's a lot of fear, uncertainty and doubt around replacing antivirus with next-generation antivirus solutions, particularly in legacy environments. Learn what NGAV actually is; where it fits into the IT infrastructure; and how to easily utilize CrowdStrike's Falcon cloud-based services against a variety of threats first-generation AV normally wouldn't catch. SANS analyst Dave Shackleford explains and presents his findings.
The Hunter Strikes Back: The SANS 2017 Threat Hunting Survey by Rob Lee and Robert M. Lee - April 25, 2017
- Associated Webcasts: Threat Hunting-Modernizing Detection Operations: The SANS 2017 Threat Hunting Survey Results | Part 1 Reducing Attacks and Improving Resiliency: The SANS 2017 Threat Hunting Survey Results | Part 2
- Sponsored By: Rapid7 Inc. Anomali DomainTools ThreatConnect Sqrrl Data, Inc. Malwarebytes
Threat hunting is a focused and iterative approach to searching out, identifying and understanding adversaries that have entered the defender�s networks. Results just in from our new SANS 2017 Threat Hunting Survey show that, for many organizations, hunting is still new and poorly defined from a process and organizational viewpoint.
Integrating Prevention, Detection and Response Work Flows: SANS Survey on Security Optimization by G.W. Ray Davidson, PhD - April 19, 2017
- Associated Webcasts: Impact of Isolated Cyber Security Functions: A SANS Survey
- Sponsored By: ThreatConnect
Are the prevention, detection, response and prediction functional groups operating in unison with shared data and workflow, or are they remaining true to the tradition of operational silos in most technology groups? In this survey, we analyze satisfaction with staffing levels, tools and management-support architectures to help provide best practices and guidance for IT security practitioners.
Speed and Scalability Matter: Review of LogRhythm 7 SIEM and Analytics Platform by Dave Shackleford - April 13, 2017
- Associated Webcasts: Speed and Scalability Matter: SANS Review of LogRhythm 7 SIEM and Analytics Platform
Just how scalable, fast and accurate are SIEM tools when under load? To find out, we put the LogRhythm 7.2 Threat Lifecycle Management Platform to the test. We found that its clustered Elasticsearch indexing layer supported large log volumes of security and event data during simulated events that would require investigation and remediation.
SOC-as-a-Service: All the Benefits of a Security Operations Center Without the High Costs of a DIY Solution by Sonny Sarai - March 28, 2017
- Associated Webcasts: SOC in the Cloud: A review of Arctic Wolf SOC Services
- Sponsored By: Arctic Wolf Networks
Security Operations Centers are increasingly important in today's enterprises - they protect against intrusions, damaging DDoS attacks and data security breaches, as well as help with investigation and remediation. But how can midsize enterprises get the same SOC advantages as their large enterprise peers?

This paper explores how Arctic Wolf Networks' CyberSOC can help midsize organizations roll out a SOC-as-a-Service, thereby leveraging the benefits of a SOC without the high costs of a DIY solution.
Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 by John Pescatore - March 20, 2017
- Associated Webcasts: 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security
Attackers are always changing their methods, but some cybersecurity trends are clear--and identifying these trends will help security professionals plan for addressing these issues in the coming year. Attacks will continue, and many will be successful. While security professionals should try to prevent a breach, it's far more critical to uncover breaches quickly and mitigate damage. Another significant trend for 2017: expanding current security measures to better protect data in the cloud and to address the security shortcomings of the Internet of Things. Even while fighting daily security fires, security managers can expect boards of directors to show more interest in their efforts. Board members are keenly aware that breaches can be high-profile catastrophes for companies, and they are also concerned that the organizations they oversee are in compliance with new and more stringent regulations. This whitepaper covers the latest and best security hygiene and common success patterns that will best keep your organization off the "Worst Breaches of 2017" lists.
Securing DNS Against Emerging Threats: A Hybrid Approach by John Pescatore - March 16, 2017
- Associated Webcasts: Protecting Business Mobility Against Emerging Threats
- Sponsored By: InfoBlox
This paper looks at the impact of mobility and new attack vectors on DNS-related risk and outlines use cases for securing DNS services more effectively. It also examines the use of a hybrid model of on-premises and cloud-based services to improve the security posture of organizations.
Cyber Threat Intelligence Uses, Successes and Failures: The SANS 2017 CTI Survey by Dave Shackleford - March 14, 2017
- Associated Webcasts: Cyber Threat Intelligence in Action-Skills and Implementations: Results of the 2017 Cyber Threat Intelligence Survey Part 1 Cyber Threat Intelligence in Action-Effectiveness of CTI Programs and Wish Lists for the Future: Results of the 2017 Cyber Threat Intelligence Survey Part 2
- Sponsored By: Arbor Networks Rapid7 Inc. Lookingglass Cyber Solutions, Inc. Anomali DomainTools ThreatConnect
Respondents' biggest challenges to effective implementation of cyber threat intelligence (CTI) are lack of trained staff, funding, time to implement new processes, and technical capability to integrate CTI, as well as limited management support. Those challenges indicate a need for more training and easier, more intuitive tools and processes to support the use of CTI in today's networks. These and other trends and best practices are covered in this report.
Preparing for Compliance with the General Data Protection Regulation (GDPR) A Technology Guide for Security Practitioners by Benjamin Wright - March 7, 2017
- Associated Webcasts: Complying with the General Data Protection Regulation: A Guide for Security Practitioners
- Sponsored By: Skybox Security, Inc.
The General Data Protection Regulation (GDPR) is the latest data security legislation in the European Union. When it goes into effect, it can apply widely to various organizations, including those without a physical presence in the European Union. What does this complex regulation mean and what does your organization need to do to comply? This paper explains these as well as how to identify a Data Protection Officer and what this person needs to know to be effective. It also provides a checklist for compliance with concise, practical information your organization can begin using now.
Next-Gen Endpoint Risks and Protections: A SANS Survey by G. W. Ray Davidson, PhD - February 27, 2017
- Associated Webcasts: Next-Gen Endpoints Risks and Protections: A SANS Survey Part 1: New Devices and Risks Next-Gen Endpoints Risks and Protections: A SANS Survey Part 2: Next-Gen Protection and Response
- Sponsored By: Guidance Software Sophos Inc. Carbon Black IBM Malwarebytes Great Bay Software
Results of this survey suggest that we may need to broaden the definition of an endpoint to include users, as the two most common forms of attack reported are directed at users. Lack of adequate patching programs also results in endpoint compromises, despite reported centralized endpoint management. Results also point to the need for improved detection, response, automation of remediation processes.
DevSecOps Transformation: The New DNA of Agile Business by Dave Shackleford - February 21, 2017
This is an additional resource that accompanies the analyst paper, "The DevSecOps Approach to Securing Your Code and Your Cloud". To view the paper please click this link.
Moving Toward Better Security Testing of Software for Financial Services by Steve Kosten - February 7, 2017
- Associated Webcasts: Enhanced Application Security for the Financial Industry Enhanced Application Security for the Financial Industry
- Sponsored By: Synopsys
The financial services industry (FSI) maintains high-value assets and typically operates in a very complex environment. Applications of all types--web applications, mobile applications, internal web services and so forth--are being developed quickly in response to market pressures by developers with limited security training and with relatively immature processes to support secure application development. This combination presents a juicy target for attackers, and data shows that the FSI continues to be a top target. Attempts to introduce security into the application life cycle frequently face challenges such as a lack of available application security expertise, concerns about costs for tooling, and a fear among product owners that security processes might impede the development cycle and slow their response to market conditions. This paper explores why the applications are being targeted, what is motivating the attackers and what some inhibitors of application security are. Most important, this paper specifies some best practices for developing a secure development life cycle to safeguard applications in the FSI.
The DevSecOps Approach to Securing Your Code and Your Cloud by Dave Shackleford - February 7, 2017
- Sponsored By: CloudPassage
DevSecOps, at heart, is about collaboration. More specifically, it is continual collaboration between information security, application development and IT operations teams. Having all three teams immersed in all development and deployment activities makes it easier for information security teams to integrate controls into the deployment pipeline without causing delays or creating issues by implementing security controls after systems are already running. Despite the potential benefits, getting started with DevSecOps will likely require some cultural changes and considerable planning, especially when automating the configuration and security of assets in the cloud. To help the shift toward a more collaborative culture, security teams need to integrate with the developers who are promoting code to cloud-based applications to show they can bring quality conditions to bear on any production code push without slowing the process. Security teams should also work with QA and development to define the key qualifiers and parameters that need to be met before any code can be promoted. This paper also has an additional resource titled, "DevSecOps Transformation: The New DNA of Agile Business". The resource can be accessed by clicking this link.
Digital Ghost: Turning the Tables by Michael J. Assante - February 1, 2017
- Associated Webcasts: Digital Ghost: Turning the Tables on Cyber Attacks in Industrial Systems
- Sponsored By: GE
The complex weave of digital technology relies heavily on hyperconnected systems to move data and unlock value through analytics. The benefits are real, but the stakes involved require a serious look at the potential downsides, including the risk of cyber attacks. Organizations embracing technology innovation should not focus solely on efficiency and productivity, for innovation done correctly can also reduce the risks that come with expanding digital touchpoints.
Back to Basics: Focus on the First Six CIS Critical Security Controls by John Pescatore - January 24, 2017
- Sponsored By: Tripwire, Inc.
Rather than a lack of choices in security solutions, a major problem in cyber security is an inability to implement mature processes - many organizations lack a defined and repeatable process for selecting, implementing and monitoring the security controls that are most effective against real-world threats. This paper explores how the Center for Internet Security (CIS) Critical Security Controls has proven to be an effective framework for addressing that problem.
Countering Impersonation, Spearphishing and Other Email-Borne Threats: A Review of Mimecast Targeted Threat Protection by Jerry Shenk - January 24, 2017
- Associated Webcasts: Mimecast Targeted Threat Protection
- Sponsored By: Mimecast Services Limited
The FBI estimates that between October 2013 and August 2015, more than 7,000 U.S.-based organizations lost a total of $748 million to business email scams. Such scams rely on the same tricks as confidence artists in the real world: the appearance of legitimacy and the tendency of victims to go along with requests that appear to be on the up-and-up, without checking to be sure. In this whitepaper, SANS senior analyst Jerry Shenk evaluates Targeted Threat Protect, an email-security service from Mimecast that is focused on stopping sophisticated phishing attacks. Among its most difficult targets: �whaling� attacks that spoof high-level executives asking for sensitive data, access or the transfer of money to accounts owned by scammers.
Implementing the Critical Security Controls by Jim D. Hietala - January 24, 2017
- Associated Webcasts: Secure Configuration in Action (and How to Apply It)
- Sponsored By: Tripwire, Inc.
This paper serves as a how-to for organizations in various stages of implementing the controls and offers two real-world examples of CIS Control adoption. The case studies are based on real-time interviews with the people behind the efforts and includes the security environments before the implementation, the challenges experienced in adopting the controls and the benefits they�ve experienced.
Packets Don't Lie: LogRythm NetMon Freemium Review by Dave Shackleford - January 18, 2017
- Associated Webcasts: Packets Don�t Lie: What�s Really Happening on Your Network?
- Sponsored By: LogRhythm
With more traffic than ever passing through our environments, and adversaries who know how to blend in, network security analysts need all the help they can get. At the same time, data is leaking out of our environments right under our noses. This paper investigates how LogRhythm�s Network Monitor Freemium (NetMon Freemium) Version 3.2.3 provides intelligent monitoring, and helps organizations to identify sensitive data leaving the network and to respond when loss occurs.
SANS 2016 Security Analytics Survey by Dave Shackleford - December 6, 2016
- Associated Webcasts: Security Analytics in Action: SANS Fourth Annual Security Analytics Survey - Part 1 Part 2 | SANS Security Analytics Survey Results: What\'s Working? What\'s Not?
- Sponsored By: LogRhythm Rapid7 Inc. AlienVault Lookingglass Cyber Solutions, Inc. Anomali
Survey respondents have become more aware of the value of analytics and have moved beyond using them simply for detection and response to using them to measure and aid in improving their overall risk posture. Still, we�ve got a long way to go before analytics truly progresses in many security organizations. Read on to learn more.
Insider Threats and the Need for Fast and Directed Response by Dr. Eric Cole - December 1, 2016
- Associated Webcasts: Insider Threats and the Real Financial Impact to Organizations - A SANS Survey
- Sponsored By: Veriato
As breaches continue to cause significant damage to organizations, security consciousness is shifting from traditional perimeter defense to a holistic understanding of what is causing the damage and where organizations are exposed. Although many attacks are from an external source, attacks from within often cause the most damage. This report looks at how and why insider attacks occur and their implications.
Reducing Attack Surface: SANS� Second Survey on Continuous Monitoring Programs by Barbara Filkins - November 14, 2016
- Associated Webcasts: Vulnerabilities, Controls and Continuous Monitoring: The SANS 2016 Continuous Monitoring Survey
- Sponsored By: Forescout Technologies BV Qualys IBM RiskIQ
Continuous monitoring is not a single activity. Rather, it is a set of activities, tools and processes (asset and configuration management, host and network inventories, and continuous vulnerability scanning) that must be integrated and automated all the way down to the remediation workflow. Although CM is shifting focus and slowly improving, it still has a way to go to attain the maturity needed to become a critical part of an organization�s business strategy.
Forcepoint Review: Effective Measure of Defense by Eric Cole, PhD - November 9, 2016
- Associated Webcasts: Taking Action: Effective Measures of Defense
- Sponsored By: Forcepoint LLC
Effective security is all about the quality of the solution, not the quantity of products. Indeed, buying more products can make the problem worse. All of the major breaches over the last several years have had one thing in common: Multiple products were issuing alerts, but there were too many alerts and not enough people charged with monitoring and responding to them. When that is the case, putting more products in place spreads current resources even thinner--the problem gets worse, not better. This paper explains the advantages of an integrated defense-in-depth approach to security and looks at how Forcepoint's integrated solution suite meets the needs of such an approach.
Out with the Old, In with the New: Replacing Traditional Antivirus by Barbara Filkins - November 2, 2016
- Associated Webcasts: Ready to Replace AV? Criteria to Evaluate NGAV Solutions
- Sponsored By: Carbon Black
Research over the past 10 years indicates that traditional antivirus products are rarely successful in detecting smart malware, unknown malware and malware-less attacks. This doesn�t mean that antivirus is �dead.� Instead, antivirus is growing up. Today, organizations look to spend their antivirus budget on replacing current solutions with next-generation antivirus (NGAV) platforms that can stop modern attacks. This paper provides a guide to evaluating NGAV solutions.
Security in a Converging IT/OT World by Bengt Gregory-Brown and Derek Harp - November 1, 2016
- Associated Webcasts: The Fusion of IT and OT Security: What You Need to Know
- Sponsored By: GE
In this paper we look at the challenges in securing ICS environments and recommendations for effective ICS security. OT cyber security is a relatively young field with few experts, but a great deal can be judiciously drawn from IT experience. The fundamentals are the same: controlling access to devices and applications; monitoring networks to identify potential issues and direct appropriate responsive action; oversight and periodic reviews of controls and their effectiveness; securing the supply chain; and securing the human factor through awareness training. It is in the design and application of these basics to the particular considerations and technical nature of control systems and process control networks (PCNs) that things diverge the most, and it is here that we will focus.
Getting C-Level Support to Ensure a High-Impact SOC Rollout by John Pescatore - October 24, 2016
- Associated Webcasts: Prioritizing and Planning to Ensure a High-Impact SOC Rollout
- Sponsored By: Leidos
To security professionals, the need for an effective SOC is obvious. But to organizational management, security is just one of many groups asking for financial and personnel resources. Security leaders who simply promise management that a SOC will provide better security or help the company avoid attacks won�t get very far. The security team must define and communicate the business benefits of investing in, establishing and optimizing a SOC over the long term.
From the Trenches: SANS 2016 Survey on Security and Risk in the Financial Sector by G. Mark Hardy - October 18, 2016
- Associated Webcasts: From the Trenches, the SANS 2016 Survey on Security and Risk in the Financial Sector: Part 1 Incidents, Risks and Preparedness From the Trenches, the SANS 2016 Survey on Security and Risk in the Financial Sector: Part 2 Securing Financial Environments
- Sponsored By: Forescout Technologies BV Guidance Software Arbor Networks WhiteHat Security NSFOCUS
The financial services industry is under a barrage of ransomware and spearphishing attacks that are rising dramatically. These top two attack vectors rely on the user to click something. Organizations enlist email security monitoring, enhanced security awareness training, endpoint detection and response, and firewalls/IDS/IPS to identify, stop and remediate threats. Yet, their preparedness to defend against attacks isn�t showing much improvement. Read on to learn more.
Security and Accountability in the Cloud Data Center: A SANS Survey by Dave Shackleford - October 10, 2016
- Associated Webcasts: Security and Accountability in the Cloud, the SANS 2016 Cloud Security Survey: Part 2 - Changes in Cloud Security Security and Accountability in the Cloud, the SANS 2016 Cloud Security Survey: Part 1 - Breach Landscape and the Top Threats and Challenges
- Sponsored By: Mcafee LLC Rapid7 Inc. IBM CloudPassage Bitglass
Despite risk that is higher than more controlled on-premises traditional non-cloud systems, this survey found that almost a quarter of respondents (24%) are in organizations adopting a �cloud first� strategy. Using public cloud or on-premises applications as appropriate led the way, chosen by 46% of respondents, and 30% of respondents said they prefer on-premises applications. Read on to learn more about the state of cloud security and what we need to do to improve it.
Taking Action Against the Insider Threat by Eric Cole, PhD - October 5, 2016
- Associated Webcasts: Taking Action Against Insider Threats Taking Action Against Insider Threats
- Sponsored By: Dtex Systems
Most organizations tend to focus on external threats, but insider threats are increasingly taking center stage. Insider threats come not only from the malicious insider, but also from infiltrators and unintentional insiders as well. Why are insider threats so common and why do they have such a significant impact? What is the difference between the different types of insider threats and the degree of risk they can constitute?
Security Intelligence and the Critical Security Controls v6 by G. W. Ray Davidson, PhD - September 29, 2016
- Sponsored By: LogRhythm
Security data is everywhere�in our logs, feeds from security devices (IDS/IPS/ rewalls, whitelists, etc.), network and endpoint systems, anomaly reports, access records, network tra c data, security incident and event monitoring (SIEM) systems, and even in applications hosted in the cloud. All of this data�and the processes that use them� combine to form an organization�s security intelligence ecosystem. The major challenge of managing this ecosystem of security data is tying all these bits of data together and automating their correlation and use, with the goal of faster detection, prevention, continued security improvement and ultimately, reduced risk.1 The key to success is through automation and integration, according to the CIS Critical Security Controls, which is now in version 6.
Threat Intelligence: What It Is, and How to Use It Effectively by Matt Bromiley - September 19, 2016
- Sponsored By: NSFOCUS
In today�s cyber landscape, decision makers constantly question the value of their security investments, asking whether each dollar is helping secure the business. Meanwhile, cyber attackers are growing smarter and more capable every day. Today�s security teams often nd themselves falling behind, left to analyze artifacts from the past to try to determine the future. As organizations work to bridge this gap, threat intelligence (TI) is growing in popularity, usefulness and applicability.
Data Breaches: Is Prevention Practical? by Barbara Filkins - September 13, 2016
- Associated Webcasts: Breach Detected! Could It Have Been Prevented?
- Sponsored By: Palo Alto Networks
Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches � and what security and IT practitioners actually are, or are not, implementing for prevention.
Intelligent Network Defense by Jake Williams - September 8, 2016
- Associated Webcasts: Intelligent Network Security
- Sponsored By: ThreatSTOP
When an army invades a sovereign nation, one of the defenders� first goals is to disrupt the invader�s command and control (C2) operations. The same is true when cyber attackers invade your network. Network defenders must prevent adversary communication, stopping the attack in its tracks while alerting the incident response (IR) team to the point of compromise and nature of the attack. Read on to learn more.
Hunting with Prevention by Dave Shackleford - August 24, 2016
- Associated Webcasts: Using an Attacker Technique-Based Approach for Prevention
- Sponsored By: Endgame
Traditional endpoint protection such as antivirus, while effective in some cases, is no match for the ever-changing techniques that attackers use to get past defenses, according to multiple SANS surveys.
Protect the Network from the Endpoint with the Critical Security Controls by G. W. Ray Davidson, PhD - August 22, 2016
- Sponsored By: Forescout Technologies BV
The endpoint is rapidly evolving and often the first vector of attack into enterprises, according to the SANS 2016 State of Endpoint Security Survey. As such, all endpoints should be considered potentially hostile.
Generating Hypotheses for Successful Threat Hunting by Robert M. Lee and David Bianco - August 15, 2016
Threat hunting is a proactive and iterative approach to detecting threats. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated. One of the human�s key contributions to a hunt is the formulation of a hypotheses to guide the hunt. This paper explores three types of hypotheses and outlines how and when to formulate each of them.
The SANS State of Cyber Threat Intelligence Survey: CTI Important and Maturing by Dave Shackleford - August 15, 2016
- Associated Webcasts: The State of Cyber Threat Intelligence: Part 1: How Cyber Threat Intelligence Is Consumed and Processed The State of Cyber Threat Intelligence: Part 2: The Value of CTI
- Sponsored By: Arbor Networks Hewlett Packard NETSCOUT Systems, Inc. Rapid7 Inc. AlienVault Anomali
It�s 2016, and the attacks (and attackers) continue to be more brazen than ever. In this threat landscape, the use of cyber threat intelligence (CTI) is becoming more important to IT security and response teams than ever before. This paper provides survey results along with advice and best practices for getting the most out of CTI.
Exploits at the Endpoint: SANS 2016 Threat Landscape Survey by Lee Neely - August 10, 2016
- Associated Webcasts: 2016 Threat Landscape Survey Report: Europe Edition 2016 Threat Landscape Survey Report
- Sponsored By: Check Point Software Technologies, Inc.
The perfect storm it is upon us: Users with their many devices are falling victim to phishing and ransomware at alarming rates, with user actions at the endpoint representing the most common entry points allowing threats into organizations. Results reveal that ransomware, which spreads by phishing and web downloads, is the No. 1 type of malware making its way into organizations. Read on to learn more.
Healthcare Provider Breaches and Risk Management Road Maps: Results of the SANS Survey on Information Security Practices in the Healthcare Industry by Barbara Filkins - July 19, 2016
- Associated Webcasts: Health Care Provider Breaches and Risk Management Roadmaps: Part 2 - Health Care Security from the Top Down
- Sponsored By: Forescout Technologies BV WhiteHat Security Carbon Black Trend Micro Inc. Anomali Great Bay Software
The number of attack surfaces continues to rise as the use of mobile medical- and health-related apps grows and as electronic health records (EHR) become ever more embedded in clinical settings. As this survey shows, many attacks stem from insiders with access, whether through simple negligence, malicious intent or just plain curiosity. To get the specifics, read on �
Decision Criteria and Analysis for Hardware-Based Encryption by Eric Cole, PhD - July 13, 2016
- Associated Webcasts: Decision Criteria and Analysis for Hardware-Based Encryption
- Sponsored By: THALES e-Security
Organizations trying to balance the risk of data breaches against the inconvenience, latency and cost of encrypting every bit of valuable data often balk at the trade-off. But with the volume of digital data growing and computing environments becoming more complex and accessible, the ratio of cost to benefit has improved and encryption is now far more common in organizations that rely heavily on Internet- or cloud-connected applications for significant business functions.
The Case for PIM/PAM in Today's Infosec by Barbara Filkins - June 30, 2016
- Associated Webcasts: The Case for PIM/PAM in Today's Infosec
- Sponsored By: CA, Inc.
To see how serious a threat the misuse of privileged credentials represents, look no further than the astonishing scope of the breach discovered in 2015 at the United States Office of Personnel Management (OPM). To realize how often similar threats become real, look no further than the 2016 Verizon Data Breach Incident Report (DBIR), which found that privilege misuse was the second-most frequent cause of security incidents and the fourth-most common cause of breaches.
SANS 2016 State of ICS Security Survey by Derek Harp and Bengt Gregory-Brown - June 28, 2016
- Associated Webcasts: Where Are We Now?: The SANS 2016 ICS Survey
- Sponsored By: Arbor Networks Carbon Black Anomali Belden
Analysis of survey data collected between January and April 2016 indicates that security for ICSes has not improved in many areas and that many problems identified as high-priority concerns in our past surveys remain as prevalent as ever. In this report we focus on identifying and prioritizing recommendations to address the greatest concerns.
Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey by Barbara Filkins - June 20, 2016
- Associated Webcasts: Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey
- Sponsored By: PivotPoint Risk Analytics
Results of this survey, conducted in conjunction with Advisen, Ltd., make it clear that the effort to achieve a common understanding of cyber insurance and derive value from it will require focused attention from all sides. This study also sets a direction toward a common, achievable goal: reducing the risk of financial loss from a cyber incident. The gaps identified in this survey come together to form the building blocks needed to achieve this goal.
Infographic: Financial Apps at Risk by - June 7, 2016
- Sponsored By: Veracode
View the associated whitepaper here: https://www.sans.org/reading-room/whitepapers/analyst/understanding-security-regulations-financial-services-industry-37027
Incident Response Capabilities in 2016: The 2016 SANS Incident Response Survey by Matt Bromiley - June 7, 2016
- Associated Webcasts: Incident Response Capabilities in 2016 - Part 1: The Current Threat Landscape and Survey Results Incident Response Capabilities in 2016 - Part 2: Emerging Trends in Incident Response and Survey Results
- Sponsored By: IBM Security Mcafee LLC Arbor Networks LogRhythm NETSCOUT Systems, Inc. HP Enterprise Security AlienVault Veriato
Results of the 2016 Incident Response Survey indicate that the IR landscape is ever changing. Advanced industries are able to maintain effective IR teams, but as shown in this report, there are still hurdles to jump to increase the efficiency of many IR teams. Read this report to learn more.
Understanding Security Regulations in the Financial Services Industry by David Hoelzer - June 3, 2016
- Sponsored By: Veracode
View the associated infographic here: https://www.sans.org/reading-room/whitepapers/analyst/infographic-financial-apps-risk-37042
Blueprint for CIS Control Application: Securing the SAP Landscape by Barbara Filkins - May 26, 2016
- Associated Webcasts: A Blueprint to Secure SAP Applications Using CIS Controls As a Guide
- Sponsored By: Onapsis
Any data breach can be expensive, but the potential cost rises with the value or exploitability of the data targeted in an attack.
Assessing Application Security: A Buyer's Guide by Barbara Filkins - May 23, 2016
- Sponsored By: Veracode
Organizations realize that application security (AppSec) is key to protecting their data and the IT assets that contain it.
2016 State of Application Security: Skills, Configurations and Components by Johannes Ullrich, PhD - April 26, 2016
- Associated Webcasts: Managing Applications Securely: A SANS Survey
- Sponsored By: WhiteHat Security Veracode Checkmarx Inc.
Survey results reveal that it is critical for an overall enterprise security program to coordinate efforts among developers, architects and system administrators�particularly since many software vulnerabilities are rooted in configuration issues or third-party components, not just in code written by the development team. Read on to learn more.
Improving Application and Privilege Management: Critical Security Controls Update by John Pescatore - April 25, 2016
- Associated Webcasts: Overcome Privilege Management Obstacles with CSC v. 6
- Sponsored By: Appsense
- Login
- Join SANS.org
Threat Hunting: Open Season on the Adversary by Dr. Eric Cole - April 12, 2016
- Associated Webcasts: Open Season on Cyberthreats: Part 2- Threat Hunting Methodologies and Tools Open Season on Cyberthreats: Part I- Threat Hunting 101
- Sponsored By: HPE Carbon Black DomainTools Endgame Sqrrl Data, Inc. Malwarebytes
Nearly 86% of organizations responding to the survey want to be doing the hunting, albeit informally, as more than 40% do not have a formal threat hunting program in place. Results indicate that hunting is providing benefits, including finding previously undetected threats, reducing attack surfaces and enhancing the speed and accuracy of response by using threat hunting. They also suggest that organizations want to improve their threat-hunting programs and realize more benefits from threat hunting.
Can We Say Next-Gen Yet? State of Endpoint Security by G. W. Ray Davidson, PhD - March 16, 2016
- Associated Webcasts: SANS 2016 Endpoint Security Survey Part 1: The Evolving Definition of Endpoints SANS 2016 Endpoint Security Survey Part 2: Can We Say Next-Gen Yet?
- Sponsored By: Guidance Software IBM Security Sophos Inc. Malwarebytes Great Bay Software
The survey results show that although conventional devices such as desktops and servers represent the largest segment of endpoints connected to the network, the variety of endpoints is growing quickly. Read this survey results paper for insight into endpoint management strategies and processes.
Using Metrics to Manage Your Application Security Program by Jim Bird - March 14, 2016
- Associated Webcasts: Benchmarking AppSec: A Metrics Pyramid
- Sponsored By: Veracode
In this paper, we�ll look at the first steps in measuring your AppSec program, starting with how to use metrics to understand what is working and where you need to improve, to identify and solve problems, and to build a case for making further investments in your program. Ultimately, the goal is to make AppSec part of the organization�s culture, and ensure it�s relevant to business units and meaningful to executives.
Active Breach Detection: The Next-Generation Security Technology? by Dave Shackleford - March 11, 2016
- Associated Webcasts: Is Active Breach Detection the Next-Generation Security Technology?
- Sponsored By: EastWind Networks
A SANS Whitepaper written by Dave Shackleford
A DevSecOps Playbook by Dave Shackleford - March 8, 2016
- Associated Webcasts: A DevSecOps Playbook
- Sponsored By: CloudPassage
Enterprise computing is going through a major transformation of infrastructure and IT delivery models, one that is at least as disruptive as the move from mainframe computing to client/server (Internet) architectures. With client/server architectures, the change in hardware was the most obvious difference, but the more meaningful transformation was IT organizations� new ability to build custom systems and software much more quickly, with far greater flexibility and at lower cost than had been possible during the mainframe era.
The Who, What, Where, When, Why and How of Effective Threat Hunting by Robert M. Lee and Rob Lee - March 1, 2016
- Associated Webcasts: Threat Hunting
- Sponsored By: Sqrrl Data, Inc.
The chances are very high that hidden threats are already in your organization�s networks. Organizations can�t afford to believe that their security measures are perfect and impenetrable, no matter how thorough their security precautions might be. Having a perimeter and defending it are not enough because the perimeter has faded away as new technologies and interconnected devices have emerged. Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools by, for example, making their attacks look like normal activity.
Quantifying Risk: Closing the Chasm Between Cybersecurity and Cyber Insurance by Barbara Filkins - February 25, 2016
- Sponsored By: PivotPoint Risk Analytics
Sponsored by PivotPoint Risk Analytics, in conjunction with Advisen.
Getting Started with Web Application Security by Gregory Leonard - February 10, 2016
- Associated Webcasts: Getting Started with Web Application Security
- Sponsored By: Veracode
- Login
- Join SANS.org
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices by Lee Neely - February 9, 2016
- Associated Webcasts: Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices
- Sponsored By: Skycure
The ubiquitous use of mobile devices results in a mixture of corporate and personal data stored on devices that are online continuously, seamlessly connecting to the closest available network, downloading and uploading data whenever possible, and carried with users continuously. This trend has radically changed the landscape of data protection.
Using Analytics to Predict Future Attacks and Breaches by Dave Shackleford - February 9, 2016
- Associated Webcasts: Predicting Future Attacks and Breaches: Analytics in Action
- Sponsored By: SAS INSTITUTE INC
The pace and sophistication of data breaches is growing all the time. Anyone with valuable secrets can be a target, and likely already is. According to the Privacy Rights Clearinghouse, at the time of this writing, 884,903,517 records were breached in 4,621 incidents documented since 2005. This number is just an estimate based on publicly disclosed and well-documented incidents; the real number is likely much higher. According to data available from datalossdb.org, the size of the major breaches over the past several years has grown significantly.
Eliminating Blind Spots: A New Paradigm of Monitoring and Response by Dave Shackleford - February 4, 2016
- Associated Webcasts: A New Paradigm of Monitoring and Response
- Sponsored By: Raytheon | Websense
- Login
- Join SANS.org
IT Security Spending Trends by Barbara Filkins - February 2, 2016
- Associated Webcasts: SANS 2016 IT Security Spending Strategies Survey
- Sponsored By: Arbor Networks Gigamon
This paper assumes security budgeting occurs as part of each organization's yearly cost management cycle. Readers will explore the what, why, where and how of IT security spending and will get advice on how to better meet the challenge of aligning security spending processes with organizational needs.
Why You Need an Application Security Program by Johannes B. Ullrich, PhD - January 28, 2016
- Associated Webcasts: Why You Need Application Security
- Sponsored By: Veracode
- Login
- Join SANS.org
Guarding Beyond the Gateway: Challenges of Email Security by Barbara Filkins - January 6, 2016
- Associated Webcasts: Guarding Beyond the Gateway: Modern Challenges of Email Security
- Sponsored By: Mimecast Services Limited
Learn how to maximize the trustworthiness of email services through changes to infrastructure and how to use your systems to improve the performance of the human firewall.
Cleaning Up After a Breach Post-Breach Impact: A Cost Compendium by Barbara Filkins - December 14, 2015
- Associated Webcasts: Post-Breach Impact: A Cost Compendium
- Sponsored By: Spirion
Read this report to explore the factors that influence the financial impact on the organization in the post-breach environment: forensic analysis, system repair and data recovery, legal and insurance considerations, additional controls, customer support and losses to brand and reputation.
LogRhythm 7 Review: Reducing Detection and Response Times by Dave Shackleford - December 10, 2015
- Associated Webcasts: Scaling Big Data Analytics: SANS Review of LogRhythm 7 Analytics and Intelligence Upgrades
- Sponsored By: LogRhythm
Although we have made progress in the use of analytics and intelligence, the latest SANS Security Analytics survey shows 26 percent of respondents feel they still cant understand and baseline normal behavior in their IT environments, with a majority citing a lack of people and dedicated resources as an impediment.
Advancing Endpoint Protection and Compliance with Promisec Endpoint Manager by Jake Williams - December 10, 2015
- Associated Webcasts: Ensuring Compliance and Detecting Suspicious Activity with Promisec Endpoint Manager
- Sponsored By: Promisec
A review by SANS analyst and instructor Jake Williams of Promisec Endpoint Manager (PEM). It discusses PEMs effectiveness in detecting and remediating endpoint issues.
Intrusion Prevention with HPE TippingPoint by Dave Shackleford - December 7, 2015
- Associated Webcasts: New Frontiers in Intrusion Protection
- Sponsored By: Hewlett Packard
A review by Dave Shackleford of HPEs TippingPoint 2600NX IPS and its management platform. It examines the device's analytic and operational features and discusses the integration of such devices with security information and event management (SIEM) systems as wells as external threat information.
Protect Against Advanced Email-Borne Malware, Phishing and Social Media Fraud: A SANS Guide by Jerry Shenk - December 2, 2015
- Sponsored By: ProofPoint
Organizations are constantly under attack. Nearly every week comes a news headline of another breach affecting millions of people. Organizations that experience 'small' breaches spend hundreds of thousands of dollars on forensic examinations, infrastructure upgrades and identity monitoring. Those that get hit by a large breach spend millions.
Securing SSH with the CIS Critical Security Controls by Barbara Filkins - November 30, 2015
- Associated Webcasts: Securing SSH Itself with the Critical Security Controls
- Sponsored By: Venafi, Inc
A SANS Analyst Program whitepaper by Barb Filkins. It discusses how the Critical Security Controls—coupled with good configuration management processes—can support the effort required to avoid the risks inherent to SSH.
2015 Analytics and Intelligence Survey by Dave Shackleford - November 10, 2015
- Associated Webcasts: Security Analytics Maturation Curve: Part 1 of the 3rd Annual SANS Security Analytics and Intelligence Survey Moving up the Analytics Maturation Curve: Part 2 of the 3rd Annual SANS Security Analytics and Intelligence Survey
- Sponsored By: LogRhythm AlienVault Lookingglass Cyber Solutions, Inc. SAS INSTITUTE INC Anomali DomainTools
Although survey results indicate slow and steady progress in the use of analytics and intelligence, most analytics programs lack maturity. Read this survey to understand what is missing and learn where most organizations plan to invest funds to drive improvement.
Security Automation: Security Nirvana or Just a Fad? by Jerry Shenk - November 3, 2015
- Associated Webcasts: Security Automation: Security Nirvana or Just A Fad?
- Sponsored By: Symantec
Security breaches have become so frequent that often, they don�t even make news.
The Expanding Role of Data Analytics in Threat Detection by Barbara Filkins - October 27, 2015
- Associated Webcasts: The Expanding Role of Data Analytics in Threat Detection
- Sponsored By: Vectra Networks
- Login
- Join SANS.org
What Are Their Vulnerabilities?: A SANS Survey on Continuous Monitoring by David Hoelzer - October 27, 2015
- Associated Webcasts: What Are Their Vulnerabilities? A SANS Continuous Monitoring Survey
- Sponsored By: Tenable Arbor Networks HP AlienVault
This report offers an analysis of the survey findings and recommendations for improving practices. It also offers a definition of what a mature program should look like now and in the future. The goal, ultimately, is to provide a metric by which organizations can gauge their own progress in an objective way.
Behind the Curve? A Maturity Model for Endpoint Security by G. Mark Hardy - October 22, 2015
- Associated Webcasts: Behind the Curve? Getting Started on Endpoint Security Maturity
- Login
- Join SANS.org
Detecting a Targeted Data Breach with Ease: A SANS Product Review by Jake Williams - October 21, 2015
- Associated Webcasts: Implementing Active Breach Detection
A product review by Jake Williams. It examines LightCyber Magna, focusing on its effectiveness in detecting reconnaissance, lateral movement, data exfiltration and other threats.
The State of Dynamic Data Center and Cloud Security in the Modern Enterprise by Dave Shackleford - October 13, 2015
- Associated Webcasts: Dynamic Data Center Security
- Sponsored By: Illumio
As organizations' data centers become more dynamic and the need to scale quickly in complex architectures grows, security will need to adapt accordingly. Read this survey results paper to learn the challenges hybrid data centers face, along with some of the steps you can take to update current practices to enhance security for the dynamic data centers in use today.
Automating the Hunt for Hidden Threats by Eric Cole, PhD - October 1, 2015
- Associated Webcasts: Automating the Hunt for Network Intruders
- Sponsored By: Endgame
An Analyst Program whitepaper by Dr. Eric Cole. It defines the process of automating the hunt for threats, and discusses how to deploy a continuous threat-hunting process while preparing a team to analyze threats to protect critical processes and data.
Orchestrating Security in the Cloud by Dave Shackleford - September 22, 2015
- Sponsored By: HP Intel CloudPassage Evident.io
Survey results indicate a strong need to keep security close to the data as it traverses cloud systems. Findings also indicate a need to integrate monitoring capabilities across hybrid environments and partnership with public cloud providers for full-spectrum visibility and response. Learn more by in this survey report focusing on cloud security.
Combatting Cyber Risks in the Supply Chain by Dave Shackleford - September 9, 2015
- Associated Webcasts: Combatting Cyber Risks in the Supply Chain
- Sponsored By: Raytheon | Websense
By some estimates, up to 80% of breaches may originate in the supply chain. Read this paper to get some guidance on best practices to protect your organization from vulnerabilities introduced by your vendors and suppliers.
Retail Security: Third-Party Interaction by Eric Cole, PhD - September 4, 2015
- Associated Webcasts: Retail Security: PCI DSS and Third Party Interactions
- Sponsored By: Tenable
- Login
- Join SANS.org
A Proactive Approach to Incident Response by Jake Williams - August 31, 2015
- Associated Webcasts: A Proactive Approach to Incident Response
- Sponsored By: Blue Coat Systems, Inc.
- Login
- Join SANS.org
Using Hardware-Enabled Trusted Crypto to Thwart Advanced Threats by John Pescatore - August 28, 2015
- Associated Webcasts: Thwarting Advanced Threats with Trusted Crypto
- Sponsored By: THALES e-Security
- Login
- Join SANS.org
Protecting Third Party Applications with RASP Infographic by - August 27, 2015
- Associated Webcasts: Protecting Third Party Applications with RASP
- Login
- Join SANS.org
Detect, Contain and Control Cyberthreats by Eric Cole, PhD - August 20, 2015
- Associated Webcasts: Detect, Contain, and Control Cyberthreats
- Sponsored By: Raytheon | Websense
An Analyst Program whitepaper by Dr. Eric Cole. It discusses the value of prioritizing mitigation efforts based on known risks and high- value targets, and how doing so can reinforce network defenses.
The Race to Detection: A Look at Rapidly Changing IR Practices by Alissa Torres - August 19, 2015
- Associated Webcasts: The Race to Detection: IR Trends, Tools and Processes That Close the Gap
- Sponsored By: Carbon Black
With the rapidly changing risk environment, those assigned to protect their organizations must be agile in adapting technology to meet the challenges presented to them. Read this paper to learn what leading incident response practices are doing, and what they plan for the future.
Insider-Focused Investigation Made Easier by Dave Shackleford - August 18, 2015
- Associated Webcasts: The Value of Real-Time Pattern Recognition
- Sponsored By: Raytheon | Websense
A review by SANS analyst and instructor Dave Shackleford of Raytheon|Websense SureView Insider Threat. It discusses the product's ability to assist security teams in their efforts to mitigate the threats posed by trusted insiders.
Maturing and Specializing: Incident Response Capabilities Needed by Alissa Torres - August 17, 2015
- Associated Webcasts: Part 1: Incident Response - What Is (and Isn't) Working Today Part 2: Incident Response - How Can We Be More Proactive for the Future?
- Sponsored By: Mcafee LLC Arbor Networks Hewlett Packard Rapid7 Inc. Carbon Black AlienVault
Survey results reveal an increasingly complex response landscape and the need for automation of processes and services to provide both visibility across systems and best avenues of remediation. Read this paper for coverage of these issues, along with best practices and sage advice.
Observation and Response: An Intelligent Approach by J. Michael Butler - August 7, 2015
- Associated Webcasts: Tracking and Observation-How-To and What To Watch For
- Sponsored By: Anomali
A SANS Analyst Program whitepaper by J. Michael Butler. It discusses how properly focused observation and tracking efforts provide intelligence from inside the enterprise by monitoring for indicators of compromise such as odd point-in-time activities on the network, unusual machine-to-machine communications, outbound transfers, connection requests and many other suspicious activities.
Beyond the Point of Sale: Six Steps to Stronger Retail Security by Robert L. Scheier - July 28, 2015
- Associated Webcasts: Analyst Webcast: Securing Retail Beyond the Cash Register--Insider Threats and Targeted Attacks
- Sponsored By: Palo Alto Networks
A whitepaper by Robert Scheier. It addresses the complex nature of IT in the retail environment and outlines a six-step process for enhancing security of small shopkeepers as well as big-box chains.
The State of Security in Control Systems Today by Derek Harp and Bengt Gregory-Brown - June 24, 2015
- Associated Webcasts: The State of Security in Control Systems Today: A SANS Survey Webcast
- Sponsored By: Tenable SurfWatch Labs
By reading this report, ICS professionals will gain insight into the challenges facing peers, as well the approaches being employed to reduce the risk of cyberattack.
Security Spending and Preparedness in the Financial Sector: A SANS Survey by Jaikumar Vijayan - June 23, 2015
- Associated Webcasts: SANS 2nd Financial Sector Security Survey
- Sponsored By: Arbor Networks LogRhythm VSS Monitoring, Inc. AlienVault
Financial services organizations are being breached too often. Find out how the threat landscape and the tools to secure data are changing in the 2015 SANS Financial Services Survey.
Six Steps to Stronger Security for SMBs by Eric Cole, PhD - June 23, 2015
- Associated Webcasts: Six Steps to Stronger Security for SMBs
- Sponsored By: Qualys
An Analyst Program whitepaper by Dr. Eric Cole. It describes a six-step approach that small and medium-size businesses can use as a template for enhancing their overall security posture.
Enabling Big Data by Removing Security and Compliance Barriers by Barbara Filkins - June 17, 2015
- Associated Webcasts: Big Data: Identifying Major Threats and Removing Security and Compliance Barriers
- Sponsored By: Cloudera
The rewards that big data can bring are widely recognized: scientific insight, competitive intelligence and improved fraud detection, as well as the benefits derived from sophisticated analyses of vast sets of transactional and behavioral data.
Conquering Network Security Challenges in Distributed Enterprises by John Pescatore - June 11, 2015
- Associated Webcasts: Conquering Network Security Challenges in Distributed Enterprises
- Sponsored By: Palo Alto Networks
Enterprises continue to have difficulties detecting, blocking and responding to threats.
New Critical Security Controls Guidelines for SSL/TLS Management by Barbara Filkins - June 4, 2015
- Associated Webcasts: Meeting New CSC Guidelines for SSL Certificate Management
- Sponsored By: Venafi, Inc
Security flaws like Heartbleed, POODLE, BEAST and a series of high-profile certificate thefts and misappropriations have shaken public confidence in "secure" SSL/TLS certificates. It is possible for organizations to safeguard themselves and retain most of the benefits of using the web's most common authentication system, however, as long as they're rigorous about setting and enforcing the right policies on who do trust among many questionable nodes in the global network of trust.
Improving Detection, Prevention and Response with Security Maturity Modeling by Byron Acohido - May 29, 2015
- Associated Webcasts: The Value of Adopting and Improving Security Maturity Models
- Sponsored By: HP
An Analyst Program whitepaper written by Byron Acohido. It discusses various security maturity models and how organizations can use them to improve their defense posture while reducing the time needed to respond to incidents and contain the damage.
Securing Portable Data and Applications for a Mobile Workforce by Jaikumar Vijayan - May 13, 2015
- Associated Webcasts: Securing Portable Data and Applications on Enterprise Mobile Workspaces: A SANS Survey
- Sponsored By: Ironkey by Imation
Explore the challenges of securing a mobile workforce while enabling a desktop environment for mobile workers.
2015 State of Application Security: Closing the Gap by Jim Bird, Eric Johnson, Frank Kim - May 12, 2015
- Associated Webcasts: 2015 Application Security Survey, Part 2: Builder Issues 2015 Application Security Survey, Part 1: Defender Issues
- Sponsored By: Qualys WhiteHat Security Hewlett Packard Veracode Waratek
Explore the current state of application security through the lens of both builders and defenders and find out how much progress has been made in securing applications over the last 12 months.
The Case for Visibility: SANS 2nd Annual Survey on the State of Endpoint Risk and Security by Jacob Williams - May 5, 2015
- Associated Webcasts: Assume Compromise and Protect Your Endpoints: SANS 2nd Survey on Endpoint Security
- Sponsored By: Guidance Software
Read the results of the 2015 Endpoint Security Survey to find out whether organizations assume risk, whether their perimeter defenses protect their endpoints, how much progress we are making on automation, how long it takes to remediate each compromised endpoint, and much more.
Protection from the Inside: Application Security Methodologies Compared by Jacob Williams - April 27, 2015
- Associated Webcasts: Analyst Webcast: RASP vs. WAF: Comparing Capabilities and Efficiencies
- Sponsored By: HP
A SANS Analyst Program review by Jacob Williams. This webcast will explore the relative capabilities and efficiencies of RASP and WAF technologies, and discuss a blind, vendor-anonymous review of a representative product in each category.
Building a World-Class Security Operations Center: A Roadmap by Alissa Torres - April 15, 2015
- Sponsored By: RSA
Explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.
Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6 by Dave Shackleford - April 1, 2015
- Associated Webcasts: Analyst Webcast: Simplifying Compliance and Forensic Requirements with HP ArcSight Logger
- Sponsored By: Hewlett Packard
A review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.
Creating an SOC by Alissa Torres - March 31, 2015
- Associated Webcasts: Creating a Roadmap for Dramatically Improving Your Strategic Security Operations
- Sponsored By: RSA
Graphically explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.
Enabling Large-Scale Mobility with Security from the Ground Up by Jaikumar Vijayan - March 30, 2015
- Associated Webcasts: Analyst Webcast: Enabling Enterprise Mobility With Security From The Ground Up
- Sponsored By: Symantec
A SANS Analyst Program whitepaper written by Jaikumar Vijayan and advised by SANS Analyst G. Mark Hardy. It discusses the state of enterprise mobility and the challenges posed to information technology groups by the massive influx of personal and corporate-owned mobile devices in the workplace in recent years.
Enabling Large-Scale Mobility with Security from the Ground Up Infographic by Jaikumar Vijayan - March 30, 2015
- Associated Webcasts: Analyst Webcast: Enabling Enterprise Mobility With Security From The Ground Up
- Sponsored By: Symantec
A SANS Analyst Program infographic based on the whitepaper, Enabling Large-Scale Mobility with Security from the Ground Up. It offers a graphical interpretation of the paper's keytakeaways and supplemental data.
Automation in the Incident Response Process: Creating an Effective Long-Term Plan by Alissa Torres - March 4, 2015
- Associated Webcasts: Automating the Incident Response Process
- Sponsored By: Carbon Black
With the right resources in place, attackers can be detected more accurately and efficiently, mitigating damage and data loss from inevitable network attacks. This paper presents a proper process and procedure for incident response that includes the use of automation tools.
Who's Using Cyberthreat Intelligence and How? by Dave Shackleford - February 16, 2015
- Associated Webcasts: Who's Using Cyberthreat Intelligence and How? Part 1: Definitions, Tools and Standards Who's Using Cyberthreat Intelligence and How? Part 2: Best Practices to Improve Incident Detection and Response
- Sponsored By: Arbor Networks Carbon Black BeyondTrust AlienVault SurfWatch Labs Anomali
In the last several years, we've seen a disturbing trend-attackers are innovating much faster than defenders are. We've seen the "commercialization" of malware, with attack kits available on underground forums for anyone who wants to perpetrate a variety of attacks.
The Critical Security Controls: What's NAC Got to Do with IT? by Deb Radcliff, Editor - February 4, 2015
- Associated Webcasts: Mapping Next-Generation NAC to the Critical Security Controls
- Sponsored By: Forescout Technologies BV
- Login
- Join SANS.org
Protecting Access to Data and Privilege with Oracle Database Vault by Pete Finnigan - January 29, 2015
- Associated Webcasts: Analyst Webcast: Securing Oracle Databases Made Easy
- Sponsored By: Oracle
A review of Oracle Database Vault 12c by security expert Pete Finnigan. Oracle Database Vault takes advantage of built-in features of the Oracle ecosystem, and provides a holistic approach to data security management.
New Threats Drive Improved Practices: State of Cybersecurity in Health Care Organizations by Barbara Filkins - December 9, 2014
- Associated Webcasts: SANS 2nd Survey on the State of Information Security in Health Care Institutions: Part 2 SANS 2nd Survey on the State of Information Security in Health Care Institutions: Part 1
- Sponsored By: Qualys Tenable Cigital, Inc. FireEye CloudPassage Trend Micro Inc. RiskIQ
See the results of the 2014 SANS Health Care Cybersecurity survey.
Securing Personal and Mobile Device Use with Next-Gen Network Access Controls by Deb Radcliff, executive editor - November 24, 2014
- Associated Webcasts: Securing Personal and Mobile Device Use with Next-Gen Network Access Controls
- Sponsored By: Forescout Technologies BV
An updated SANS Analyst Program whitepaper. It covers the essentials of applying NAC to secure guest networking, as well as leveraging NAC for BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device) situations and ensuring endpoint compliance with network policy.
Point of Sale Systems and Security: Executive Summary by Wes Whitteker - November 20, 2014
- Sponsored By: Carbon Black
The last year has seen scores of point of sale (POS) systems compromised by bad actors. In many cases, these environments were PCI-DSS compliant at the time of compromise. Executives seeking to protect their organizations and POS systems from compromise need to look beyond PCI-DSS and adopt a proactive "offense must inform defense" approach to POS security.
Securing DNS to Thwart Advanced Targeted Attacks and Reduce Data Breaches by John Pescatore - November 12, 2014
- Associated Webcasts: Protecting DNS: Securing Your Internet Address Book
Internet traffic is severely affected when critical DNS services are not reliable or are compromised by cyber attacks. However, DNS services can be secured with the right configuration and deployment of appropriate solutions.
Be Ready for a Breach with Intelligent Response by James Tarala - November 5, 2014
- Associated Webcasts: Be Ready for a Breach with Intelligent Response
- Sponsored By: Mcafee LLC
By preparing a careful plan and resilient response infrastructure before an attack, organizations can limit both data loss and the reactive, post-incident expenses. The result: greatly reduced impact and costs associated with events.
Data Center Server Security Survey 2014 by Jacob Williams - October 29, 2014
- Associated Webcasts: Data Center Server Security: A SANS Survey
- Sponsored By: IBM Security Mcafee LLC
Learn how organizations are tackling the difficult problem of data center security, explore their best practices and consider improvements needed for data centers to meet compliance demands while reducing overall risk and management complexity.
Detect, Investigate, Scrutinize and Contain with Rapid7 UserInsight by Jerry Shenk - October 23, 2014
- Associated Webcasts: Detecting Risky Activity "Wherever" Before It Becomes A Problem
- Sponsored By: Rapid7 Inc.
A review of Rapid7 UserInsight by SANS senior analyst Jerry Shenk. It discusses a tool that highlights user credential misuse while tracking endpoint system details that would be valuable to an incident response team.
Breaches Happen: Be Prepared by Stephen Northcutt - October 14, 2014
- Associated Webcasts: Breaches Happen: Be Prepared
- Sponsored By: Symantec
A whitepaper by SANS Analyst and Senior Instructor Stephen Northcutt. It describes how improved malware reporting and gateway monitoring, combined with security intelligence from both internal and external resources, helps organizations meet the requirements of frameworks such as the Critical Security Controls.
Hardening Retail Security by John Pescatore - October 10, 2014
- Associated Webcasts: Hardening Retail Security: Why and How to Prevent Breaches and Attacks
- Sponsored By: LogRhythm
Read this article and learn what IT security staff in the retail industry say about their security budgets, behavioral baselining, and endpoint forensics practices.
Analytics and Intelligence Survey 2014 by Dave Shackleford - October 8, 2014
- Associated Webcasts: 2nd Annual Analytics and Intelligence Survey 2nd Annual Analytics and Intelligence Survey - Pt 2. Future State: Improving Intelligence and Threat Protection
- Sponsored By: Mcafee LLC HP LogRhythm Rapid7 Inc. AlienVault Anomali
This paper explores the use of analytics and intelligence today and exposes the impediments to successful implementation.
Ninth Log Management Survey Report by Jerry Shenk - October 3, 2014
- Associated Webcasts: Log and Event Management Survey
- Sponsored By: VMWare, Inc
Using the results of the 2014 Log Management Survey, this paper identifies strengths and weaknesses in log management systems and practices, and provides advice for improving visibility across systems with proper log collection, normalization and analysis.
Critical Security Controls: From Adoption to Implementation by James Tarala - September 18, 2014
- Associated Webcasts: The Critical Security Controls: From Adoption to Implementation A SANS Survey
- Sponsored By: Qualys Tripwire, Inc. Mcafee LLC EiQnetworks
This SANS survey report explores how widely the CSCs are being adopted, as well as what challenges adopters are facing in terms of implementation of the controls and what they are looking for to improve their implementation practices.
Data Encryption and Redaction: A Review of Oracle Advanced Security by Dave Shackleford - September 15, 2014
- Associated Webcasts: Simplifying Data Encryption and Redaction Without Touching the Code
- Sponsored By: Oracle
A review of Oracle Advanced Security for Oracle Database 12c by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including transparent data encryption (TDE) and effortless redaction of sensitive data, that seamlessly protect data without any developer effort from unauthorized access.
Insider Threats in Law Enforcement by Dr. Eric Cole - September 4, 2014
- Associated Webcasts: Solving Insider Threats in Law Enforcement
- Sponsored By: Raytheon | Websense
Based on the valuable information they have at their disposal, law enforcement agencies are among those that are prime targets for advanced attacks. While network protection can be extensive and sophisticated, the exploitation of insiders poses a serious threat for illegal access to these agencies.
Under Threat or Compromise - Every Detail Counts by Jake Williams - August 20, 2014
- Associated Webcasts: Under Threat or Compromise: Every Detail Counts
- Sponsored By: Blue Coat Systems, Inc.
This paper outlines five major components of a life-cycle approach to defense and how companies can adopt this model to maximize security in the current threat landscape.
Incident Response: How to Fight Back by Alissa Torres - August 13, 2014
- Associated Webcasts: Incident Response Part 1: Incident Response Techniques and Processes: Where We Are in the Six-Step Process Incident Response Part 2: Growing and Maturing An IR Capability
- Sponsored By: Mcafee LLC AccessData Corp. Arbor Networks HP Carbon Black AlienVault
A spate of high-profile security breaches and attacks means that security practitioners find themselves thinking a lot about incident response. A new SANS incident response survey explores how practitioners are dealing with these numerous incidents and provides insight into incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.
Continuous Diagnostics and Mitigation : Making it Work by John Pescatore - August 6, 2014
- Associated Webcasts: Continuous Diagnostics and Mitigation for Government Agencies: Is It Working? A SANS Survey
- Sponsored By: Forescout Technologies BV IBM Security Symantec Firemon
Security professionals in federal, state and local agencies face many unique challenges in protecting critical systems and information. The CDM program has tremendous potential for both increasing the security levels at those agencies and reducing the cost of demonstrating compliance. However, to be successful, the program must address the following: lack of awareness, low inspector general awareness and lack of information on how to use the program. For use of the program to result in better security, additional staffing and skills are needed, as are success stories to guide organizations attempting to implement CDM.
Killing Advanced Threats in Their Tracks: An Intelligent Approach to Attack Prevention by Tony Sager - July 29, 2014
- Associated Webcasts: Need to defeat APTs? Tony Sager Explains Where We're At With Live Threat Detection Automation
- Sponsored By: Palo Alto Networks
All attacks follow certain stages. By observing those stages during an attack progression and then creating immediate protections to block those attack methods, organizations can achieve a level of closed-loop intelligence that can block and protect across this attack kill chain. This paper explains the many steps in the kill chain, along with how to detect unknown attacks by integrating intelligence into sensors and management consoles.
Advanced Network Protection with McAfee Next Generation Firewall by Dave Shackleford - June 19, 2014
- Associated Webcasts: Analyst Webcast: Advanced Network Protection with McAfee Next Generation Firewall
- Sponsored By: Mcafee LLC
A review of McAfee Next Generation Firewall by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including clustering and redundancy, numerous varieties of VPN access, policy options and features such as end-user identification and advanced anti-evasion tools
Higher Education: Open and Secure? by Randy Marchany - June 16, 2014
- Associated Webcasts: Higher Education: Open and Secure? A SANS Survey
- Sponsored By: Tenable Trend Micro Inc. AlienVault
- Login
- Join SANS.org
Practical Threat Management and Incident Response for the Small- to Medium-Sized Enterprises by Jacob Williams - June 12, 2014
- Associated Webcasts: Practical Threat Management and Incident Response for the Small- to Medium-Sized Enterprise
- Sponsored By: AlienVault
If you work in a small- to medium-sized enterprise (SME),1 you know how challenging securing your technology assets can be.
Cybersecurity Professional Trends: A SANS Survey Advisors: John Pescatore, Barb Filkins, Tracy Lenzner and SANS GIAC - May 8, 2014
- Associated Webcasts: SANS 2014 Salary Survey: The State of Security Professionals Today
- Sponsored By: Arbor Networks
Survey results on evolving roles of security professionals worldwide, including new roles, titles, managerial functions, and existing and planned certifications broken out by industry and geography.
Combining Security Intelligence and the Critical Security Controls: A Review of LogRhythm's SIEM Platform by Dave Shackleford - April 23, 2014
- Associated Webcasts: SIEM, Security Intelligence and the Critical Security Controls
- Sponsored By: LogRhythm
Review of LogRhythm�s security information and event management (SIEM) platform with new security intelligence features built in for compliance.
2014 Trends That Will Reshape Organizational Security by John Pescatore - April 22, 2014
- Associated Webcasts: The 2014 Security Trends Forecast: What Does 2014 Hold for Security and Its Impact on Business Professionals?
- Sponsored By: Cisco Systems Inc.
Information for security managers to facilitate focusing their investments on the areas that are mostly likely to impact their organizations and customers over the next several years.
Improving Security Management with Real-Time Queries by Dave Shackleford - April 2, 2014
- Associated Webcasts: The Value of On-Demand Endpoint Visibility
- Sponsored By: Mcafee LLC
Product review McAfee Real Time Command with a focus on features and ease of use. Examination of its security-related features found the product to be surprisingly intuitive.
Breaches on the Rise in Control Systems: A SANS Survey by Matthew Luallen - April 1, 2014
- Associated Webcasts: SANS Survey on Control Systems Security
- Sponsored By: Qualys Cisco Systems Inc. Tenable Raytheon | Websense
Survey shows SCADA breaches on rise from 2013, and more targeted.
Risk, Loss and Security Spending in the Financial Sector: A SANS Survey by Mark Hardy - March 26, 2014
- Associated Webcasts: Risks, Threats and Preparedness: Part I of the SANS Financial Services Survey
- Sponsored By: Forescout Technologies BV Cisco Systems Inc. Tenable Blue Coat Systems, Inc. Raytheon | Websense FireEye
Survey identified key areas in which financial service employees and endpoints were most at risk, with direct losses resulting from internal abuse, spearphishing and botnet infections.
DDoS Attacks Advancing and Enduring: A SANS Survey by John Pescatore - March 20, 2014
- Associated Webcasts: SANS Survey on Distributed Denial of Service
- Sponsored By: Corero
Survey on the state of DDoS readiness reveals more frequent and sophisticated DDoS attacks as well as lack of preparedness in many enterprises.
Finding Advanced Threats Before They Strike: A Review of Damballa Failsafe Advanced Threat Protection and Containment by Jerry Shenk - March 18, 2014
- Associated Webcasts: Finding Advanced Threats Before They Strike: Advanced Threat Protection and Containment
- Sponsored By: Damballa, Inc.
Review of Damballa Failsafe's ability to collect and analyze evidence and presents precise information about infected devices.
The Case for Endpoint Visibility by Jacob Williams - March 13, 2014
- Associated Webcasts: Visibility at the Endpoint: The SANS 2014 Survey of Endpoint Intelligence
- Sponsored By: Guidance Software
Information to help security professionals track trends in endpoint protection and identify how their organization�s capabilities compare with the survey base.
Champagne SIEM on a Beer Budget by Jerry Shenk - March 12, 2014
- Associated Webcasts: Making Log and Event Management Easy for SMBs
- Sponsored By: SolarWinds
Review of SolarWinds' Log & Event Manager (LEM) ability to provide small-to-medium-size businesses the forensic intelligence, compliance and security information necessary to manage operations.
Server Security: A Reality Check by Jake Williams - March 11, 2014
- Associated Webcasts: Server Security: A Reality Check
- Sponsored By: Carbon Black
Why servers are still vulnerable despite layers of security in place today.
Health Care Cyberthreat Report: Widespread Compromises Detected, Compliance Nightmare on Horizon by Barbara Filkins - March 6, 2014
- Associated Webcasts: Exposing Malicious Threats to Health Care IT
- Sponsored By: Norse
The use of threat intelligence to improve the security of information systems in the health care industry.
Calculating Total Cost of Ownership on Intrusion Prevention Technology by J. Michael Butler, Dave Shackleford - February 17, 2014
- Sponsored By: Cisco Systems Inc.
Calculate the value of specific automation features in NGIPSes with which organizations can achieve savings in total cost of ownership TCO
Protecting Virtual Endpoints with McAfee Server Security Suite Essentials by Dave Shackleford - February 14, 2014
- Associated Webcasts: Security Without Scanning for Today's Hybrid Datacenter
- Sponsored By: Mcafee LLC
A review of McAfee�s Server Security Suite Essentials that address some of the emerging challenges of securing virtual platforms and cloud environments.
Survey on Application Security Programs and Practices by Jim Bird, Frank Kim - February 12, 2014
- Associated Webcasts: Application Security Programs On the Rise, Skills Lacking: A SANS Survey
- Sponsored By: Qualys Hewlett Packard Veracode
Survey shows application security programs on the rise but skill are lacking.
Securing the �Internet of Things� Survey by John Pescatore - January 15, 2014
- Associated Webcasts: SANS Analyst Webcast: SANS Survey on Securing The Internet of Things
- Sponsored By: Codenomicon Norse
Survey reveals the risks introduced by an increasing array of "smart" things with wireless or Internet connections.
Database Activity Monitoring and Audit: A Review of Oracle Audit Vault and Database Firewall by Tanya Baccam - January 14, 2014
- Sponsored By: Oracle
Review of Oracle Audit Vault and Database Firewall (AVDF). A platform for organizations looking to increase security with enterprise wide database activity monitoring, auditing and reporting.
Industrial Control System (ICS) Cybersecurity Response to Physical Breaches of Unmanned Critical Infrastructure Sites by Scott D. Swartz and Michael J. Assante - January 1, 2014
- Sponsored By: Alert Enterprise
Physical break-ins and other unauthorized entries into unmanned critical infrastructure locations have historically been viewed only as traditional property crimes.
Fear and Loathing in BYOD by Joshua Wright - December 10, 2013
- Associated Webcasts: SANS Survey Results on BYOD Security Policies and Practices
- Sponsored By: Trusted Computing Group
Survey on mobile device security trends and techniques organizations are adopting to mitigate threats associated with mobile devices and BYOD.
Layered Security: Why It Works by Jerry Shenk - December 9, 2013
- Associated Webcasts: Layered Security: Why It Works
- Sponsored By: Symantec
How a layered approach to security provides better protection of your organization�s IT assets.
Managing Threats and Compliance While Automating the CSCs: EiQ SecureVue Review by Jerry Shenk - November 11, 2013
- Associated Webcasts: Managing Threats and Compliance While Automating the CSCs: EiQ SecureVue Review
- Sponsored By: EiQnetworks
Product review of EiQ SecureVue - a solution to provide advanced log management and security information and event management (SIEM) capabilities for the SMB-sized organizations.
Finding Hidden Threats by Decrypting SSL by Michael Butler - November 8, 2013
- Associated Webcasts: Finding Hidden Threats by Decrypting SSL/TLS
- Sponsored By: Blue Coat Systems, Inc.
Paper describes the role of SSL, the role SSL decryption/inspection tools play in security, options for deploying inspection tools, and how the information generated by such inspection can be shared with other security monitoring systems.
Inaugural Health Care Survey by Barbara Filkins - October 30, 2013
- Associated Webcasts: The SANS Survey of IT Security in Health Care
- Sponsored By: Tenable Oracle Trend Micro Inc. Redspin
This survey reveals aspects of security in the health care arena from the perspective of IT security staff�managers, analysts, and executives.
Not Your Father's IPS:SANS Survey on Network Security Results by Rob VandenBrink - October 29, 2013
- Associated Webcasts: Analyst Webcast: Not your Father's IPS: SANS Survey on Network Security Results
- Sponsored By: Hewlett Packard
Survey of security professionals on network security practices today, use of IPS, technical and management capacities, and how IPS will be integrated into overall security strategy for the future.
Securing Web Applications Made Simple and Scalable by Gregory Leonard - October 10, 2013
- Associated Webcasts: Securing Web Applications Made Simple and Scalable
- Sponsored By: Hewlett Packard
Evaluation of HP Fortify WebInspect 10.10, an application security testing (DAST) tool.
Correlating Event Data for Vulnerability Detection and Remediation by Jacob Williams - October 8, 2013
- Associated Webcasts: Correlating Real-Time Event Data with SIEM for Forensics and Incident Handling
- Sponsored By: Mcafee LLC
Examination of how 2012 Saudi Aramco �spearphishing� attacks could have been thwarted with the help of a SIEM platform that combines the power of historical data with real-time data from network data sources and security policies.
Application Security: Tools for Getting Management Support and Funding by John Pescatore - October 4, 2013
- Associated Webcasts: John Pescatore Analyst Webcast - Actionable Tools for Convincing Management to Fund Application Security
- Sponsored By: WhiteHat Security
This paper provide tools and techniques that demonstrate the need for better application security and the appropriate level of investment.
SANS Security Analytics Survey by Dave Shackleford - October 1, 2013
- Associated Webcasts: SANS Analytics and Intelligence Survey Results Part I: The Risk Landscape
- Sponsored By: Guidance Software LogRhythm Hewlett Packard SolarWinds Hexis Cyber Solutions
Survey on next generation of security tools shows that market is in need of analytics and intelligence wrapped around the data that is being/can be collected in organizations.
Real-World Testing of Next-Generation Firewalls by Dr. Eric Cole - September 13, 2013
- Associated Webcasts: Testing Next Gen Firewalls
- Sponsored By: Fortinet, Inc. Ixia
Advice on what to expect from a next-generation firewall, features and business needs to consider, and a test methodology for IT and business professionals to use to enhance their investments in security through enhanced firewall capabilities.
Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm's Security Analytics Platform by Dave Shackleford - September 10, 2013
- Associated Webcasts: Under Pressure: Scaling Analytics to Meet Real-Time Threats
- Sponsored By: LogRhythm
Evaluation of LogRhythm�s real-time analytics capabilities.
How DDoS Detection and Mitigation Can Fight Advanced Targeted Attacks by John Pescatore - September 5, 2013
- Associated Webcasts: How to Fight the Real DDoS Threat
- Sponsored By: Arbor Networks
Exploration of how DDoS is used as part of advanced targeted attacks (ATAs) and description of how DDoS detection and prevention tools and techniques can also be used against ATAs.
Simplifying Cloud Access Without Sacrificing Corporate Control: A Review of McAfees Integrated Web and Identity Solutions by Dave Shackleford - August 21, 2013
- Associated Webcasts: Managing Identities in the Cloud Without Sacrificing Corporate Control: A Review of McAfee
- Sponsored By: Mcafee LLC
Review of McAfee Web Gateway version 7.3, McAfee Cloud Single Sign On (CSSO) version 4.0 and McAfee One Time Password version 4.0, with Pledge Software Token (Pledge) version 2.0.
The SANS Survey of Digital Forensics and Incident Response by Paul Henry, Jacob Williams, and Benjamin Wright - July 18, 2013
- Associated Webcasts: Digital Forensics in Modern Times: A SANS Survey
- Sponsored By: Guidance Software FireEye Carbon Black Cellebrite
2013 Digital Forensics Survey to identify the nontraditional areas where digital forensics techniques are used.
The SANS 2013 Help Desk Security and Privacy Survey by Barbara Filkins - July 16, 2013
- Sponsored By: RSA
Survey/report will serve as a starting point to promote awareness and help bridge the educational gap between what a help desk is and what a secure help desk should be.
Network and Endpoint Security "Get Hitched" for Better Visibility and Response by Jerry Shenk - July 10, 2013
- Associated Webcasts: Network and Endpoint Security "Get Hitched" for Better Visibility and Response
- Sponsored By: Carbon Black
How endpoint visibility, coordinated with network intelligence, can help identify threats not discovered by other means, determine the level of threat, recognize previously unknown threats and follow up with more accurate information for regulators and investigators.
SANS 2013 Critical Security Controls Survey: Moving From Awareness to Action by John Pescatore - June 25, 2013
- Sponsored By: Tenable Symantec EiQnetworks FireEye IBM
Survey to determine how well the CSCs are known in government and private industry, how they are being used and what can we learn from CSC implementations to date.
Implementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age by Gal Shpantzer - June 18, 2013
- Associated Webcasts: Implementing Hardware Roots of Trust
- Sponsored By: Trusted Computing Group
Discussion of trends that are driving adoption of TPM, with advice on how to take advantage of this increasingly commonplace technology without disrupting your security infrastructure.
Reducing Risk Through Prevention: Implementing Critical Security Controls 1-4 by James Tarala - June 12, 2013
- Associated Webcasts: Leveraging the First Four Critical Security Controls for Holistic Improvements
- Sponsored By: Tripwire, Inc.
Examination of actual threats facing organizations today, methods dedicated attackers use to compromise systems using the �intrusion kill chain� as a model and specific defenses organizations can use to mitigate threat.
Need for Speed: Streamlining Response and Reaction to Attacks by Michael Butler - June 7, 2013
- Sponsored By: Mcafee LLC
Exploration of how to correlate information from disparately managed systems and bring visibility to their behavior with accurate, actionable reporting in as near-real time as possible.
2013 SANS Mobile Application Security Survey by Kevin Johnson, James Jardine - June 6, 2013
- Sponsored By: SAP Global Marketing Veracode Box
Survey to assess organizational awareness and the procedures around mobile application risk.
Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2 by Dave Shackleford - May 22, 2013
- Associated Webcasts: Advanced Intelligence in Action: Review of McAfee Enterprise Security Manager 9.2
Review of McAfee�s Enterprise Security Manager (ESM) 9.2 with focus on fundamental SIEM features and capabilities to meet business demand for security and threat intelligence.
Your Pad or Mine? Enabling Secure Personal and Mobile Device Use On Your Network by Mark Kadrich - May 7, 2013
- Sponsored By: Forescout Technologies BV
This paper discusses policies and approaches for using NAC to support guest networking and BYOD to complement and enable other mobile security controls such as Mobile Device Management (MDM).
The Critical Security Controls: What's NAC Got to Do with IT? by Mark Hardy - May 3, 2013
- Associated Webcasts: NAC Applied to the Critical Security Controls
- Sponsored By: Forescout Technologies BV
This paper reveals what NAC can do today, how it stacks up to many of the CSCs and what strategies are needed for successfully leveraging NAC to reduce risk, improve compliance and meet the key automation and integration requisites cited in the controls.
Next-Generation Datacenters = Next-Generation Security by Dave Shackleford - May 1, 2013
- Associated Webcasts: Datacenter Virtualization from a Security Perspective
- Sponsored By: Mcafee LLC
Whitepaper breaks down the foundations of a virtual infrastructure, examines pros and cons of security tools and controls available for risk layers, present the pros and cons of different approaches, and looks at new technology to implement protection models in virtual and cloud-based data centers.
Results of the SANS SCADA Security Survey by Matthew Luallen - February 20, 2013
- Associated Webcasts: Results of the SANS SCADA Security Survey
- Sponsored By: Splunk ABB Industrial Defender
In-depth survey of SCADA system operators to determine their risk awareness and security practices.
Security Intelligence in Action: A Review of LogRhythm's SIEM 2.0 Big Data Security Analytics Platform by Dave Shackleford - December 12, 2012
- Sponsored By: LogRhythm
Review of LogRhythm's SIEM 2.0 Big Data Security Analytics Platform -- the fundamental capabilities and the innovative new features.
SANS Survey on Application Security Programs and Practices by Jim Bird, Frank Kim - December 6, 2012
- Sponsored By: Qualys WhiteHat Security NT Objectives, Inc Veracode
Application security survey to understanding what works in appsec and why.
What Is Your Mobile Content Policy? A Checklist for Content Risk Mitigation by Barbara Filkins - November 3, 2012
- Sponsored By: SAP Global Marketing
Content management policies must adapt to the mobile user and the cloud, provide protection to information being accessed and processed, look at the context in which it is used and validate compliance.
SANS Institute Product Review: Self-Service Provisioning Made Simple: A Review of Oracle Identity Manager 11g R2 by Dave Shackleford - October 22, 2012
- Sponsored By: Oracle
Review of Oracle Identity Manager (OIM) 11g R2, an enterprise IAM product that offers end users a personalized experience through a friendly interface, while managing workflow approvals and executing changes at both the user and administrator levels.
SANS Survey on Mobility/BYOD Security Policies and Practices by Kevin Johnson, Tony DeLaGrange - October 15, 2012
- Sponsored By: Mcafee LLC F5 Networks, Inc. Oracle RSA MobileIron Box
Survey to determine the level of policy and controls around emerging threats against mobile devices.
Beyond Continuous Monitoring: Threat Modeling for Real-time Response by Mark Hardy - October 13, 2012
- Sponsored By: SecurityCoverage
Threat modeling, through timely and accurate inputs, can be used by enterprises to mitigate and defeat attack scenarios before they fully unfold.
Own Your Network with Continuous Monitoring by Jerry Shenk - September 10, 2012
- Sponsored By: Tripwire, Inc.
A look at what continuous monitoring is and how organizations can devise a solution that works for them.
Securing Data Center Servers: A Review of McAfee Data Center Security Suite Products by Jim Hietala - August 18, 2012
- Sponsored By: Mcafee LLC
This paper explores threats to data center servers, along with key security controls required to electively protect them, and reviews how the McAfee portfolio of server products aligns with these controls.
Secure Configuration Management Demystified by Dave Shackleford - August 2, 2012
- Sponsored By: Tripwire, Inc.
Paper shows how to use secure configuration concepts to reduce the overall attack surface, bring better coordination among groups within IT and elsewhere, and ultimately reduce the risk to your business by continuously improving the IT environment.
When Breaches Happen: Top Five Questions to Prepare For by Dave Shackleford - June 17, 2012
- Sponsored By: Solera Networks
This paper explores how to create processes to sort through data in the event of a breach that enable IT security and operations teams to respond immediately with actionable information.
Streamline Risk Management by Automating the SANS 20 Critical Security Controls by James Tarala - June 12, 2012
- Sponsored By: FireEye
Practical considerations for automating the 20 Critical Security Controls to create a more defensible network against these increasingly automated, persistent attacks.
SANS Eighth Annual 2012 Log and Event Management Survey Results: Sorting Through the Noise by Jerry Shenk - May 9, 2012
- Sponsored By: HPE Tripwire, Inc. LogLogic, Inc. LogRhythm TrustWave Corporation Splunk
SANS� Eighth Annual Log and Event Management Survey highlights inability of many organizations to separate normal log data from actionable events
Reducing Federal Systems Risk with the SANS 20 Critical Controls by G. Mark Hardy - April 22, 2012
- Sponsored By: Tripwire, Inc. Patriot Technologies
The 20CSCs: are they a better approach than the ten-year-old FISMA? And how will adoption ultimately enhance security and operations overall?
SANS Institute Product Review: Demystifying External Authorization: Oracle Entitlements Server Product Review by Tanya Baccam - April 20, 2012
- Sponsored By: Oracle
Product review of Oracle Entitlements Server (OES) -- a solution that provides flexibility in access control allowing for dynamic changes, understands multiple systems and applies complex rules in a flexible manner.
SANS Mobility/BYOD Security Survey by Kevin Johnson - March 5, 2012
- Sponsored By: Bradford Networks HP Enterprise Security MobileIron
Survey determines the type of mobile device usage allowed for enterprise applications and the level of policies and controls applied to this type of usage.
Oracle Audit Vault by Tanya Baccam - March 4, 2012
- Sponsored By: Oracle
Review of Oracle Audit Vault, which provides database log centralization, management, alerting and reporting across multiple databases.
Privileged Password Sharing: "root" of All Evil by J. Michael Butler - February 12, 2012
- Sponsored By: Quest Software
This paper addresses the issue of managing privileged accounts and offers advice on how to move toward better centralization of privileged account management.
NetIQ Sentinel 7 Review by Jerry Shenk - January 28, 2012
- Sponsored By: NetIQ
A functional review of the latest NetIQ offering in the SEIM space that effectively addresses issues organizations are having with log collection and management.
Needle in a Haystack? Getting to Attribution in Control Systems by Matthew E. Luallen - January 17, 2012
- Sponsored By: Tripwire, Inc. LogRhythm Splunk
In control system protection, mechanisms for achieving attack attribution must be implemented across physical, cyber and operational controls using additional tools.
Oracle Data Masking by Tanya Baccam - January 4, 2012
- Sponsored By: Oracle
This review of Oracle Data Masking, investigates the process of implementing and using data masking to mask specific confidential data types within Oracle Database 11g.
Oracle Advanced Security by Tanya Baccam - December 9, 2011
- Sponsored By: Oracle
Review of Oracle Advanced Security encryption covers important product capabilities including network encryption for data in flight and Transparent Data Encryption (TDE) for data at rest.
Critical Control System Vulnerabilities Demonstrated - And What to Do About Them by Matthew E. Luallen - November 29, 2011
- Sponsored By: NitroSecurity
A study of four common infrastructures (agriculture and food, transportation, water and wastewater, and physical facilities) demonstrates what vulnerabilities could be found in specific control systems and how they might be exploited and protected.
APT Dot Gov: Protecting Federal Systems from Advanced Threats by G. Mark Hardy - October 31, 2011
- Sponsored By: F5 Networks, Inc.
This paper describes advanced threats against federal and other governmental systems and provides advice on how to identify and protect the data at risk.
Adding Enterprise Access Management to Identity Management by J. Michael Butler - October 4, 2011
- Sponsored By: FoxT
This paper discusses the difference between IDM and EAM and explains how these two enterprise functions can work together for better control of access to operating systems, applications and related data.
Integrating Security into Development, No Pain Required by Dave Shackleford - September 20, 2011
- Sponsored By: IBM Security
This paper looks at software development from both the security and development perspectives, and then evaluates what tools and techniques can help integrate security into development cycles without slowing down the process or creating too much overhead.
Cloudy with a Chance of Better Health Care: Security and Compliance Fundamentals for Protecting e-Health Data by Barbara Filkins - September 6, 2011
- Sponsored By: ArcSight, an HP Company Ping Identity, Inc.
This paper explores challenges and considerations for the use of cloud computing in health care, paying particular attention to security and compliance issues related to cloud computing.
SANS Institute Review: Oracle Database Vault by Tanya Baccam - August 27, 2011
- Sponsored By: Oracle
Review of Oracle Database Vault with Oracle Database Enterprise Edition 11g Release 2demonstrates strong performance, while making it easy to add, change and modify rules and groups. as well as gain visibility into user activity through a variety of audit and compliance reports available through the Oracle Database Vault application.
Optimized Network Monitoring for Real-World Threats by Dave Shackleford - July 1, 2011
- Sponsored By: VSS Monitoring, Inc.
This paper explores current threats today�s networks face that impact monitoring capabilities, the types of gaps that exist in many current monitoring architectures, and ways that network and security monitoring can be improved through advances in trafﬁc capture and delivery technologies such as intelligent distributed taps.
Security of Applications: It Takes a Village by Dave Shackleford - June 20, 2011
- Sponsored By: Adobe Systems Inc.
This paper discusses the role of vendors and consumers in protecting against client-side application attacks.
Continuous Monitoring: What It Is, Why It Is Needed, and How to Use It by E. Eugene Schultz, Ph.D. - June 17, 2011
- Sponsored By: Tripwire, Inc.
A review of continuous monitoring as defined by the NIST 800-137 guidelines.
Network Security: Theory Versus Practice by James Tarala - May 6, 2011
- Sponsored By: BreakingPoint
Survey makes it clear that network security personnel are not consistent about validating the resiliency � performance, security, and stability � of the devices and systems that go into their network and data center infrastructures.
SANS Seventh Annual Log Management Survey Report by Jerry Shenk - April 30, 2011
- Sponsored By: LogLogic, Inc. ArcSight, an HP Company LogRhythm Splunk Trustwave
This annual survey has consistently identified areas in which organizations are focusing their log management initiatives and continues to provide a roadmap to the industry for future improvement.
Extending Role Based Access Control by J. Michael Butler - April 29, 2011
- Sponsored By: FoxT
This paper discusses advantages and disadvantages of RBAC, along with options to consider when planning to extend RBAC to allow for centralization and standardization in a heterogeneous environment of multiple, diverse operating systems.
Implementing the 20 Critical Controls with Security Information and Event Management (SIEM) Systems by James Tarala - April 5, 2011
- Sponsored By: ArcSight, an HP Company
This paper examines the top 20 controls, with advice on how to get started and an explanation of how SIEM systems can provide a central role in implementing the 20 critical controls effectively.
Managing Insiders in Utility Control Environments by Matthew E. Luallen - March 17, 2011
- Sponsored By: ArcSight, an HP Company Waterfall Security Industrial Defender
This paper discusses techniques attackers use to exploit missing insider controls and offers a cohesive set of cyber, operational and physical controls to manage a range of user access types for better security and compliance in utility control environments.
A Real-Time Approach to Continuous Monitoring by James Tarala - February 12, 2011
- Sponsored By: Splunk NetWitness
The paper identifies the components of a comprehensive CM program and how organizations can use this approach to decrease risk and improve efficiency.
Compliance and Security Challenges with Remote Administration by Dave Shackleford - January 3, 2011
- Sponsored By: Netop
This paper focuses on remote administration of systems with regulated data falling under the Payment Card Industry Data Security Standard (PCI DSS).
Building a Better Bunker: Securing Energy Control Systems Against Terrorists and Cyberwarriors by Jonathan Pollet - December 9, 2010
- Sponsored By: Mcafee LLC NitroSecurity
This paper, the second in the series, explains the advanced persistent threats being aimed at SCADA and utility control systems, followed by advanced measures to take against these threats.
Enabling Social Networking Applications for Enterprise Usage by Eric Cole, PhD - December 1, 2010
- Sponsored By: Palo Alto Networks
Businesses must define a secure social networking policy and educate employees about the risks associated with using social networking sites.
PCI 2.0: What's New? What Matters? What's Left? by Dave Hoelzer - November 12, 2010
- Sponsored By: Dell SecureWorks
This paper discusses what�s new and what still needs more attention in the PCI DSS 2.0 standard, including gaps in storage encryption, wireless networking, and physical security that carry over from version 1.2.
How to Choose a Qualified Security Assessor by Dave Shackleford - November 9, 2010
- Sponsored By: Dell SecureWorks
An overview of new guidance for Qualified Security Assessors as a result of the new Payment Card Industry Data Security Standard (PCI DSS v2.0).
Cloud Security and Compliance: A Primer by Dave Shackleford - August 6, 2010
- Sponsored By: Mcafee LLC Catbird
A quick guide to cloud computing that address areas of mobility and multi-tenancy, identity and access management, data protection and incident response and assessment.
McAfee Total Protection for Server Review by Dave Shackleford - June 17, 2010
- Sponsored By: Mcafee LLC
This paper is a review of the type of security and compliance coverage McAfee Total Protection for Server provides for server endpoints.
SANS Log Management Survey: Mid-Sized Businesses Respond by Jerry Shenk - June 5, 2010
- Sponsored By: RSA
Annual log management survey on how organizations collect and use their logs; what they aren�t currently using their log for but would like to; what they see as the biggest problems; and the impact Log Management issues have on small- and mid-sized businesses.
A Guide to Virtualization Hardening Guides by Dave Shackleford - May 20, 2010
- Sponsored By: VMWare, Inc
A guide to the virtualization hardening guides that includes key configuration and system security settings for VMware ESX and vSphere/Virtual Infrastructure with key control areas organizations need to consider.
Keys to the Kingdom: Monitoring Privileged User Actions for Security and Compliance by Dave Shackleford - May 2, 2010
- Sponsored By: LogRhythm
This paper explores some of the types of insider threat organizations face today and discusses monitoring and managing privileged user actions and the role this level of monitoring plays in today's compliance reporting efforts.
Oracle Database Security: What to Look for and Where to Secure by Tanya Baccam - April 10, 2010
- Sponsored By: Oracle
This paper discusses four risk management basics that must be addressed to protect databases and their sensitive data.
Transparent Data Encryption: New Technologies and Best Practices for Database Encryption by Tanya Baccam - April 7, 2010
- Sponsored By: Oracle
A look at the basics of encryption with a discussion the pros and cons of leading encryption architectures available today.
SANS Sixth Annual Log Management Survey Report by Jerry Shenk - April 1, 2010
- Sponsored By: LogLogic, Inc. netForensics, Inc. ArcSight, an HP Company RSA TrustWave Corporation Novell
Results of the annual log management survey.
Managing Operating System (OS) Lock Down by Dave Shackleford - March 17, 2010
- Sponsored By: Trusted Computing Group
Review of a tool specific to OS lock down from Trusted Computer Solutions (TCS) called Security Blanket, which automates OS configuration for a wide variety of UNIX and Linux platforms.
Calculating TCO on Intrusion Prevention Technology by Eugene E. Schultz, Ph.D. - March 7, 2010
- Sponsored By: Cisco Systems Inc.
This paper attempts to calculate the value of specific automation features in advanced IPSs with which organizations can achieve savings in total cost of ownership (TCO).
Smart Strategies for Securing Extranet Access by Dave Shackleford - March 1, 2010
- Sponsored By: Oracle
This paper discusses how to use risk-based authentication and entitlement management to enforce authentication security and achieve granular authorization using centralized role-based policies.
Sentinel Log Manager Review by Jerry Shenk - January 5, 2010
- Sponsored By: Novell
This paper is a review of the stand-alone Sentinel Log Manager and how it stands up to key concerns that survey respondents raised about log managers, including collection, storage and searching/reporting capabilities.
New Tools on the Bot War Front by Jerry Shenk - December 12, 2009
- Sponsored By: FireEye
This paper discusses the bot problem and its impact on enterprises, followed by a review of how FireEye's 4200 appliance catches bot installers and bot traffic on the network.
Making Database Security an IT Security Priority by Tanya Baccam - November 11, 2009
- Sponsored By: Oracle
A discussion of security strategy and the key controls that should be considered to database security and protection of an organization�s information assets.
Securing a Smarter Grid: Risk Management in Power Utility Networks by Matthew E. Luallen - October 17, 2009
- Sponsored By: NitroSecurity
This paper will address the security issues facing smarter grid operators and will provide policy advice points.
Application Whitelisting: Enhancing Host Security by Dave Shackleford - October 7, 2009
- Sponsored By: Mcafee LLC
Whitelisting provides a lighter means to protect end points, is useful for securing legacy applications and systems, as well as embedded systems and kiosks, and a helpful addition for any robust end point security plan.
IT Audit for the Virtual Environment by J. Michael Butler, Rob Vandenbrink - September 6, 2009
- Sponsored By: VMWare, Inc
This paper will help IT managers and auditors come together and understand the virtualization process and the new risk and audit areas this technology presents.
Top Virtualization Security Mistakes (and How to Avoid Them) by Jim D. Hietala - August 9, 2009
- Sponsored By: Mcafee LLC Catbird
This paper explores practical security issues that can arise when virtualization technologies are deployed without proper planning and controls and offers advice on how to avoid making mistakes in critical areas of deployment and management.
Data Protection Requirements by Barbara Filkins - July 20, 2009
- Sponsored By: Mcafee LLC
An interactive Data Protection Requirements Worksheet to map business needs against technological challenges.
Data Protection Requirements Checklist by Barbara Filkins - July 10, 2009
- Sponsored By: Mcafee LLC
A Prospective Vendor Checklist will help organizations map business needs and procure technical solutions.
SANS Review: McAfee's Total Protection for Data by Dave Shackleford - June 2, 2009
- Sponsored By: Mcafee LLC
McAfee�s Data Protection suite, Total Protection for Data, allows several data protection tools to work in tandem.
SANS Annual 2009 Log Management Survey by Jerry Shenk - April 17, 2009
- Sponsored By: LogLogic, Inc. ArcSight, an HP Company Intellitactics, Inc.
Annual log management survey shows companies far more successful collecting log data, but indicate concerns around normalization, indexing and access, creating reports and log management lifecycle.
Benchmarking Security Information Event Management (SIEM) by J. Michael Butler - February 12, 2009
- Sponsored By: NitroSecurity
SIEM is benchmarked by setting one baseline environment with equations for organizations to extrapolate benchmark requirements.
ArcSight Logger Review by Jerry Shenk - January 1, 2009
- Sponsored By: ArcSight, an HP Company
ArcSight Logger 7100 v.3.0 can help organizations get valuable usage from log collection.
Real-Time Adaptive Security by Dave Shackleford - December 17, 2008
- Sponsored By: Cisco Systems Inc.
With security actions based on context, intrusion systems can adapt to real-time threats like these while giving visibility into what to investigate, where to investigate, and even take or recommend action based on preset rules.
Log Management in the Cloud: A Comparison of In-House versus Cloud-Based Management of Log Data by Jerry Shenk - October 28, 2008
- Sponsored By: Alert Logic, Inc.
Organizations have many questions to consider regarding business needs before switching to log management in-the-cloud (otherwise known as Software as a Service or SaaS.
Monitoring Security and Performance on Converged Traffic Networks by Dave Shackleford - April 23, 2008
- Sponsored By: NIKSUN
For security teams to be effective within today�s converged networks, network performance and security monitoring need to converge as well.
Leveraging Event and Log Data for Security and Compliance by Dave Shackleford - April 20, 2008
- Sponsored By: Intellitactics, Inc.
This paper explores steps for using compliance to improve security incrementally over time, giving auditors and security teams alike more current and relevant event data to assess and act upon.
Data Leakage Landscape: Where Data Leaks and How Next Generation Tools Apply by Barbara Filkins, Deb Radcliff - April 19, 2008
- Sponsored By: Trend Micro Inc. Utimaco
This paper maps data leakage points with regulations and best practices and tools to protect critical data.
The SANS Database Audit and Compliance Survey by Barbara Filkins - February 9, 2008
- Sponsored By: Lumigent Technologies
The 2007 Database Audit and Compliance survey demonstrates need for methods and tools to monitor compliance with regulations and protect sensitive information in databases.
Regulations and Standards: Where Encryption Applies by Dave Shackleford - November 17, 2007
- Sponsored By: Utimaco
This paper describes the types of data under protection regulation and basic best practices for implementing appropriate encryption technologies.
Hardware Versus Software: A Usability Comparison of Software-Based Encryption with Seagate Secure� Hardware-Based Encryption by Jim D. Hietala - September 10, 2007
- Sponsored By: Seagate Technology
This paper explores the factors driving adoption of encryption in laptop and desktop systems and then compares two different approaches to providing encryption, software-based and hardware-based.
NetDetector/NetVCR 2005 Traffic Analyzer by Jerry Shenk - August 5, 2007
- Sponsored By: NIKSUN
NIKSUN NetDetector/NetVCR 2005 collects all types of data and offers a different approach to storing and making event and traffic data accessible.
Encryption Procurement: Setting a Standard by Stephen Northcutt, Barbara Filkins - June 6, 2007
- Sponsored By: Utimaco
Information and checklist to help organizations develop an RFP for enterprise encryption.
The SANS 2007 Log Management Market Report by Jerry Shenk - June 5, 2007
- Sponsored By: LogLogic, Inc.
An analysis of survey data to unlock how log data is being used successfully, key problems holding enterprises back from log management, what is needed from vendor community and how vendors are working to resolve issues.
Penetration Testing: Assessing Your Overall Security Before Attackers Do by Stephen Northcutt, Jerry Shenk, Dave Shackleford, Tim Rosenberg, Raul Sile, Steve Mancini - November 17, 2006
- Sponsored By: Core Security Technologies
CORE IMPACT provides a stable, quality-assured testing tool that can be used to accurately assess systems by penetrating existing vulnerabilities.
Building the Business Case for Log Management Intelligence (LMI) - November 2006 by Steve Mancini, Jerry Shenk - November 6, 2006
- Sponsored By: LogLogic, Inc.
An outline of key business drivers for deploying an Log Management Intelligence (LMI) solution.
The Log Management Industry: An Untapped Market by Stephen Northcutt, Jerry Shenk, Dave Shackleford - June 1, 2006
- Sponsored By: LogLogic, Inc.
The Log Management market has increased dramatically because advantages of log management extend well beyond security to health monitoring forensics, regulatory compliance and marketing.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

STI Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.

Reading Room

Analyst Papers

Latest Whitepapers

Latest Tweets @SANSInstitute

Contact Us

Reading Room

Subscribe to SANS Newsletters

Analyst Papers

Subscribe to SANS Newsletters

Latest Whitepapers

Latest Tweets @SANSInstitute

Contact Us