Reading Room

Analyst Papers

Featuring 425 Papers as of July 8, 2020

To download the Analyst Papers, you must be a member of the SANS.org Community. Upon joining the community, you will have unlimited access to Analyst Papers and all associated webcasts, including the ondemand version where you can download the slides.

• Making and Keeping Work-at-Home Operations Safe and Productive by John Pescatore - July 8, 2020 

  • Associated Webcasts: Making and Keeping Work at Home Operations Safe and Productive Insights on Remote Access Cybersecurity and Workplace Flexibility - A SANS Whitepaper
  • Sponsored By: InfoBlox Menlo Security Pulse Secure BlackBerry Cylance

  Workforce mobility, endpoint security and data protection risks have amplified since the COVID-19 pandemic. Organizations have had to address a variety of remote worker challenges including security teams working from home (WFH). While secure remote access capacity and cloud usage for business continuity has accelerated, business are now realizing productivity and operational advantages -- projecting a shift towards increased remote workplace flexibility and permanence.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Using Zero Trust to Enable Secure Remote Access by Dave Shackleford - July 7, 2020 

  • Associated Webcasts: Using Zero Trust to Enable Secure Remote Access
  • Sponsored By: BlackBerry Cylance

  Many tools and controls can help monitor internal workloads and data moving between hybrid cloud environments. The zero trust model may be the most important when designing a dynamic security architecture.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing Assets Using Micro-Segmentation: A SANS Review of Guardicore Centra by Dave Shackleford - June 29, 2020 

  • Associated Webcasts: Securing Assets Using Micro-Segmentation: A SANS Review of Guardicore Centra
  • Sponsored By: Guardicore LTD

  Organizations are taking advantage of digital transformation in their quest to boost agility and shrink infrastructure costs. However, this transformation often comes at a cost: a larger, more complex security attack surface. Guardicore Centra aims to provide a simpler, faster way to reduce attack surfaces and prevent lateral movement in an IT environment via micro-segmentation security policies. In this product review, SANS analyst Dave Shackleford shares his experience of putting Centra through its paces.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• ICS Asset Identification: It's More Than Just Security by Mark Bristow - June 24, 2020 

  • Associated Webcasts: ICS Asset Identification: It\'s More Than Just Security: A SANS Report ICS Asset Identification: It’s More Than Just Security: A SANS Panel Discussion
  • Sponsored By: Cisco Systems Inc. Tenable Palo Alto Networks PAS

  Historically, asset identification has been associated with time-consuming and costly cybersecurity efforts. In this new SANS report, Mark Bristow, SANS ICS Active Defense and Incident Response certified instructor, explores critical resources needed to start an asset identification program. The author also explains how asset Identification can enhance ROI through such benefits as improved maintenance, reduced mean-time-to-repair, and increased availability.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Use NERC-CIP: An Overview of the Standards and Their Deployment with Fortinet by Tim Conway and Ted Gutierrez - June 17, 2020 

  • Associated Webcasts: How to Use NERC CIP: An Overview of the Standards, Their Deployment and How to Use Fortinet Products for Compliance
  • Sponsored By: Fortinet, Inc.

  This paper is a unique review of a few key Fortinet products and how those products align with existing NERC CIP regulation requirements. It also examines how those products might aid an organization in the process of maintaining compliance and explores the product features that will help defend the organization's program during an audit.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Remote Workers Poll by Heather Mahalik - June 3, 2020 

  • Associated Webcasts: How Are Remote Workers Working? A SANS Poll
  • Sponsored By: InfoBlox Menlo Security Pulse Secure ExtraHop

  Remote work has quickly become the "new normal" with the COVID-19 pandemic. Organizations have been forced to rethink how they will get work done with their employees mandated to stay home. How are organizations handling working from home? How well were companies prepared for remote work? How have technological needs changed with this shift? How are teams communicating? How are devices and communications being secured? When a time like this does not allow for the mission to halt, employees and employers have scrambled to keep the work going. Ensuring that teams are equipped, communicating, and are safe at home is key during this time. This webinar, led by Heather Mahalik SANS Senior Instructor, Author and Senior Director of Digital Intelligence at Cellebrite, covers how companies have adjusted to this new landscape as a workforce. How have things changed and how are we coping and keeping the ball rolling forward from home.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Factoring Enterprise IoT Devices into Detection and Response by Matt Bromiley - May 27, 2020 

  • Associated Webcasts: Factoring IoT Devices into Detection and Response: A SANS Whitepaper
  • Sponsored By: ExtraHop

  With the advent of the cloud, corporate networks are becoming more complex. There is a constant state of change with new types of devices installed daily. To keep pace, you will need an approach to threat detection and response that enables your team’s full visibility so it can quickly adapt and include enterprise IoT devices in its response plans. This paper explores the growth of enterprise IoT devices inside corporate networks and how they change the shape of incident detection and response. The enterprise device landscape is dynamic; it’s prudent for your information security team to track changes to understand the effects on your network.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Is Your Threat Hunting Working? A New SANS Survey for 2020 by Mathias Fuchs - May 26, 2020 

  • Associated Webcasts: Is Your Threat Hunting Effective? A New SANS Survey
  • Sponsored By: Cyborg Security

  Although threat hunting has become a mandatory task to establish an acceptable level of security, the demand for skilled hunters far exceeds the number of available specialists. In this new research, SANS queried organizations about how they approach threat hunting, the barriers to success and how they measure their efforts. This paper explores what exactly leads to the shortage of suitable personnel and how it affects security organizations’ capabilities to utilize threat hunting teams.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Responding to Incidents in Industrial Control Systems: Identifying Threats/Reactions and Developing the IR Process by Don C. Weber - May 21, 2020 

  • Associated Webcasts: Responding to Incidents in Industrial Control Systems (ICS): Identifying Threats, Reactions and Developing the IR Process
  • Sponsored By: Honeywell International

  Threats, attacks and incidents are not decreasing. Industrial control systems (ICS) have become increasingly vulnerable as cyber criminals discover that OT environments are viable targets. This paper outlines the incident response process in OT environments, and provide examples of the pitfalls of being unprepared.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Implement a Software-Defined Network Security Fabric in AWS by Dave Shackleford - May 18, 2020 

  • Associated Webcasts: How to Implement a Software-Defined Network Security Fabric in AWS
  • Sponsored By: AWS Marketplace

  Maintaining control and visibility of network assets in hybrid networks creates many security challenges. In this paper, you'll learn proven strategies such as building a control stack of cloud-native and third-party controls to ensure confidentiality and availability of assets; using SD-WAN and cloud security-as-a-service to provide edge security in a unified network fabric; and leveraging infrastructure-as-code for automation and management of infrastructure.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2020 SANS Automation and Integration Survey by Don Murdoch - May 18, 2020 

  • Associated Webcasts: SANS 2020 Automation and Integration Survey Results
  • Sponsored By: CloudPassage DomainTools ThreatConnect Siemplify Swimlane Devo Technology Inc. SIRP

  This year's Automation and Integration Survey aimed to quantify automation experiences and more concretely understand how organizations are able to maximize their security investment and improve operations through automation efforts. This paper explores what automation activities have been successful, why they have been successful, and how organizations set up their automation activities to achieve meaningful results.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• All Roads Lead to the Browser: A SANS Buyer's Guide to Browser Isolation by Matt Bromiley - May 6, 2020 

  • Associated Webcasts: All Roads Lead to the Browser: A SANS Buyer\'s Guide to Browser Isolation
  • Sponsored By: Cyberinc

  As organizations move to the cloud, browser dependency becomes more prevalent. That's why we say the browser is the new endpoint. By limiting the impact a browser can have on a victim system, organizations can prevent web code from reaching the endpoint. Find out how browser isolation works, key factors to consider when evaluating, implementing and testing solutions, and how to integrate browser isolation into your security posture to stop attacks earlier.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Transforming Detection and Response: A SANS Review of Cortex XDR by Matt Bromiley - May 4, 2020 

  • Associated Webcasts: Transforming Detection and Response: A SANS Review of Cortex XDR
  • Sponsored By: Palo Alto Networks

  To help their teams detect and respond to the ever-growing list of security threats, many organizations have turned toward endpoint detection and response (EDR) platforms within their environment. This product review explores the intuitive and insightful security platform Cortex XDR, provided by Palo Alto Networks. A platform designed to help decrease the time an organization needs to detect and respond to threats, Cortex XDR brings multiple data sources together, including network, endpoint and cloud, to assist analysts in performing enterprise investigations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Top New Attacks and Threat Report by John Pescatore - April 27, 2020 

  • Associated Webcasts: SANS Top New Attacks and Threat Report
  • Sponsored By: Cisco Systems RSA Unisys InfoBlox Anomali DomainTools Verodin Cyberinc

  SANS instructors presented their analysis of new attack techniques currently in use and shared their projections for future exploits at the annual 2020 RSA Conference in San Francisco. In this paper, SANS Director of Emerging Security Trends John Pescatore highlights key themes from that report and other sources.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Design a Least Privilege Architecture in AWS by Dave Shackleford - April 23, 2020 

  • Associated Webcasts: How to Design a Least Privilege Architecture in AWS
  • Sponsored By: AWS Marketplace

  A least privilege architecture reduces risk and minimize disruptions by allowing only the minimum required authority to perform tasks. This architecture should include authentication and authorization controls, network access and inspection controls, and monitoring/enforcement controls for both the network and workloads. Learn what it takes to create a granular security environment that provides strong attack resistance.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Zero Trust: What You Need to Know to Secure Your Data and Networks by Dave Shackleford - April 20, 2020 

  • Associated Webcasts: Zero Trust: What You Need to Know to Secure Your Data and Networks
  • Sponsored By: Gigamon

  In the ongoing movement toward increasingly hybrid software-based environments, enterprises are designing dynamic security architecture models to start adopting an overarching theme: one of "zero trust." The core elements of a well-rounded zero trust model are still in the development stage but this paper explores the critical missing element to securing your data and network in a zero trust architecture.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2020 SANS Network Visibility and Threat Detection Survey by Ian Reynolds - March 31, 2020 

  • Associated Webcasts: Network Visibility and Threat Detection: A SANS Survey
  • Sponsored By: ExtraHop

  Organizations have untapped opportunities to strengthen the way they analyze network data and increase visibility. Visibility brings increased situational awareness, allowing for rapid threat identification and investigation for faster resolution of internal performance issues and security breaches. Investing time in understanding how and where to capitalize on these opportunities will bring real and measurable benefits.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Implementer's Guide to Deception Technologies by Kyle Dickinson - March 17, 2020 

  • Associated Webcasts: Using Deception Technologies to Defend Against Active Directory and Ransomware Attacks
  • Sponsored By: Fidelis Cybersecurity

  Deception technologies significantly improve security teams' capabilities to quickly and accurately detect attackers that intentionally avoid looking malicious. But how do these cyber technologies work to address key security concerns? This paper explores how to collect threat intelligence and attack attribution information associated with malicious behaviors that fly under the radar in an attempt to carry out Active Directory and ransomware attacks, phishing and credential hijacking, vulnerable applications, and more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Women in Cybersecurity: Spanning the Career Life Cycle by Heather Mahalik - March 16, 2020 

  • Associated Webcasts: Women in Cybersecurity: A SANS Survey Women in Cybersecurity: A SANS Survey Panel Discussion
  • Sponsored By: Cisco Systems LogRhythm ThreatConnect ThreatQuotient

  In this paper, survey author and SANS instructor Heather Mahalik explores key results of our survey of successful women in varied roles within the cybersecurity community and draws on experiences of such women to provide practical advice to women all along their career life cycle.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Knock, Knock: Is This Security Thing Working? by Matt Bromiley - March 10, 2020 

  • Associated Webcasts: Knock, Knock: Is This Security Thing Working?
  • Sponsored By: VMWare, Inc

  Is our current state of information security working? Is it possible the "same old way" of doing things is simply making us feel secure...until the next breach proves us wrong? This paper explores how the movement toward virtualized data centers has removed obstacles to a long-held goal for information security: the concept of intrinsic security.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Leverage Endpoint Detection and Response (EDR) in AWS Investigations by Justin Henderson - March 9, 2020 

  • Associated Webcasts: How to Leverage Endpoint Detection and Response (EDR) in AWS Investigations
  • Sponsored By: AWS Marketplace

  Endpoints are moving past EC2 virtual machines, and it is imperative for EDR solutions to evolve and support this evolution. This paper illustrates how to leverage endpoint detection and response (EDR) in Amazon Web Services (AWS) to achieve a higher standard of security while simplifying management overhead. Discover how to use EDR solutions to add thousands of host-based observables for threat hunting, auto-scale threat detection across cloud endpoints and integrate a cloud access security broker (CASB) to extend protection to cloud apps.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cybersecurity in the Age of the Cloud by Frank Kim - February 21, 2020 

  The hand-selected resources in this eBook provide a well-rounded look at cybersecurity considerations and practices in the age of the cloud. Each report in the collection touches on different parts of the five functions of the NIST Cybersecurity Framework - identify, protect, detect, respond, and recover. The collection is rounded out by the recent SANS 2019 Cloud Security Survey to provide a snapshot of today's cloud security environment and associated concerns.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Implementer's Guide to Deception Technologies by Kyle Dickinson - February 18, 2020 

  • Associated Webcasts: Real-World Implementation of Deception Technologies
  • Sponsored By: Acalvio Technologies, Inc.

  Deception technologies can significantly improve an organization's capability to quickly and accurately detect attackers that intentionally avoid looking malicious. At the same time, deception technologies can collect threat intelligence and attack attribution information to improve response effectiveness. Implemented as network-accessible resources, on endpoints and even in cloud implementations, deception technologies can cover major attack surfaces to assist with attack malicious behaviors like account hijacking, phishing, vulnerable applications, and more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Improve Security Visibility and Detection/Response Operations in AWS by Dave Shackleford - February 12, 2020 

  • Associated Webcasts: How to Improve Security Visibility and Detection/Response Operations in AWS
  • Sponsored By: AWS Marketplace

  Security teams handle a sizable stream of alerts, creating noise and impairing their ability to determine which incidents to prioritize. Used together, logging and event monitoring, along with automation strategies and tools, can enable teams to build an effective and efficient continuous cloud security monitoring strategy. By implementing large-scale analytics processing, integrating SIEM solutions that improve detection and investigation of potential threats, and leveraging SOAR technologies to auto-remediate events, security teams have the power to create more signal and less noise for actionable responses.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Using Illusive Networks' Attack Surface Manager to Enhance Vulnerability Management by Dave Shackleford - February 11, 2020 

  • Associated Webcasts: Discover and Eliminate Cyberattack Pathways to Critical Assets with Illusive Networks Attack Surface Manager
  • Sponsored By: Illusive Networks

  Illusive Networks' Attack Surface Manager (ASM) takes a unique approach to identify vulnerabilities within the network. SANS reviewed ASM and learned how it continuously discovers assets in the environment and monitors systems for artifacts, allowing it to pinpoint attack paths that could be exploited by adversaries who have gained initial access to an environment. The product can then map these paths to show whether important assets are vulnerable to attack, and can remediate issues on systems within the attack path.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Boosting IAM and Privilege Control Using Illusive Networks’ Attack Surface Manager by Dave Shackleford - February 11, 2020 

  • Associated Webcasts: Discover and Eliminate Cyberattack Pathways to Critical Assets with Illusive Networks Attack Surface Manager
  • Sponsored By: Illusive Networks

  Illusive Networks' Attack Surface Manager (ASM) takes a unique approach to identify vulnerabilities within the network. SANS reviewed ASM and learned how it continuously discovers assets in the environment and monitors systems for artifacts, allowing it to pinpoint attack paths that could be exploited by adversaries who have gained initial access to an environment. The product can then map these paths to show whether important assets are vulnerable to attack, and can remediate issues on systems within the attack path.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2020 SANS Cyber Threat Intelligence (CTI) Survey by Robert M. Lee - February 10, 2020 

  • Associated Webcasts: 2020 SANS Cyber Threat Intelligence (CTI) Survey Results 2020 SANS Cyber Threat Intelligence (CTI) Survey Panel Discussion 2020 SANS Cyber Threat Intelligence (CTI) Survey Results 2020 SANS Cyber Threat Intelligence (CTI) Survey Results 2020 SANS Cyber Threat Intelligence (CTI) Survey Panel Discussion
  • Sponsored By: Sophos Inc. InfoBlox Anomali DomainTools RecordedFuture ThreatConnect ThreatQuotient EclecticIQ

  Over the past several years, SANS has seen a gradual maturation of cyber threat intelligence (CTI) and its applications in information security. This paper, based on results from the 2020 SANS CTI Survey, provides guidance on how organizations of all types can get the most out of CTI.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Implementer's Guide to Deception Technologies by Kyle Dickinson - February 5, 2020 

  • Associated Webcasts: Implementer\'s Guide to Deception Technologies
  • Sponsored By: Fidelis Cybersecurity Attivo Networks Acalvio Technologies, Inc.

  Deception technologies can significantly improve an organization's capabilities to swiftly and accurately detect attackers, while at the same time collect sufficient threat intelligence and attack attribution information to improve response effectiveness. By deploying decoy lures, misdirections, and systems to attract and snare attackers, organizations can take back the advantage on today's digital battlefield. All it takes for the attacker to touch one deceptive resource.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Spends and Trends: SANS 2020 IT Cybersecurity Spending Survey by Barbara Filkins and John Pescatore - January 28, 2020 

  • Associated Webcasts: Spends and Trends: Results of the SANS 2020 Cybersecurity Spending Survey Spends and Trends: SANS 2020 Cybersecurity Spending Survey Panel Discussion Spends and Trends: SANS 2020 Cybersecurity Spending Survey Panel Discussion 2020 SANS Cyber Threat Intelligence (CTI) Survey Results
  • Sponsored By: Gigamon ExtraHop Netskope

  CISOs and security operations managers need information on the areas of security in which their peers plan to increase or decrease their investment. This paper explores what organizational leaders are emphasizing as they budget for and procure security tools and services to support their businesses amid evolving technologies and threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security by Design: A Systems Road Map Approach by Barb Filkins - January 16, 2020 

  • Associated Webcasts: Securing ICS Using the NIST Cybersecurity Framework and Fortinet: Best Practices for the Real World
  • Sponsored By: Fortinet, Inc.

  This implementation guide has been designed to help organizations use the NIST Cybersecurity Framework to establish a security program that spans both the information technology (IT) and operational technology (OT) domains. This guide outlines a five-step approach and contains a wealth of specific takeaways, graphs and charts, as well as action items for more effective security.

  This guide is a companion paper to "Effective Implementation of the NIST Cybersecurity Framework with Fortinet".

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Effective Implementation of the NIST Cybersecurity Framework with Fortinet by Don Weber - January 16, 2020 

  • Associated Webcasts: Securing ICS Using the NIST Cybersecurity Framework and Fortinet: Best Practices for the Real World
  • Sponsored By: Fortinet, Inc.

  This product overview looks at one approach to updating an OT network, commonly referred to as a control network, by leveraging a combination of the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), the SANS ICS410 Reference Architecture model and Fortinet Security Fabric technologies. It examines how to effectively support and implement the NIST CSF and explores how some of Fortinet’s product line can assist with an organization’s OT security evolution.

  This product overview is a companion paper to "Security by Design: A Systems Road Map Approach".

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Threat Hunting and Discovery: A SANS Review of Vectra Cognito by Dave Shackleford - January 15, 2020 

  • Associated Webcasts: Threat Hunting and Discovery: A SANS Review of Vectra Cognito
  • Sponsored By: Vectra Networks Inc.

  Vectra's Cognito security analytics platform aims to address modern attacks by analyzingmany of the attacker behaviors outlined in MITRE's ATT&CK matrix, which thoroughly describes an attack campaign and its phases. Security teams are facing pressure to detect attacks and respond to them more rapidly, which is difficult when trying to find evidence of lateral movement, reconnaissance, privilege escalation and other stealthy behavior. SANS reviewed the Cognito platform to understand how it can be used to rapidly analyze network data and provide a behavior-focused model of detection and response.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Workforce Transformation: Challenges, Risks and Opportunities by David Hazar - December 17, 2019 

  • Associated Webcasts: Workforce Transformation and Risk: A SANS Survey Workforce Transformation and Risk: A SANS Survey
  • Sponsored By: RSA

  Shifts in globalization, demographics, work styles and work sourcing are transforming the way companies manage their businesses. In this survey, SANS, in cooperation with RSA, examines the risk factors associated with workforce transformation, what organizations are most concerned about, and what organizations are doing to mitigate risks.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Leverage a CASB for Your AWS Environment by Kyle Dickinson - December 17, 2019 

  • Associated Webcasts: How to Leverage a CASB for Your AWS Environment
  • Sponsored By: AWS Marketplace

  As organizations move applications and data to the cloud, the number of applications they can leverage grows constantly, as do the areas where data can reside. Cloud access security brokers (CASBs) provide the convenience and means to integrate with modern technologies and implement security controls. Discover how CASBs help you make sense of auditing data, provide data protection and storage security, take advantage of common CASB features to secure deployments.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Protecting the User: A Review of Mimecast's Web Security Service by David Szili - December 11, 2019 

  • Associated Webcasts: Protecting the User: A Review of Mimecast’s Web Security Service Protecting the User: A Review of Mimecast’s Web Security Service
  • Sponsored By: Mimecast Services Limited

  The web remains a primary vector for cyberattacks, as either the initiation point or the way to complete the adversaries' mission. In this review, SANS instructor David Szili shares his perspectives on best practices for securing the web in general and his experience using the Mimecast Web Security cloud service in particular.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Threat Hunting with Consistency by Matt Bromiley - December 8, 2019 

  • Associated Webcasts: Threat Hunting with Consistency - A SANS Whitepaper
  • Sponsored By: Vectra Networks Inc.

  A proposed alternative language to threat hunting, based on the existing MITRE ATT&CK language, this white paper outlines a stronger internal process that builds a security team that views their environment holistically and relies on evidence-based security research. Through a uniformed vocabulary, greater efficiencies and stronger borders against threats can be developed.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Build a Threat Hunting Capability in AWS by Shaun McCullough - December 3, 2019 

  • Associated Webcasts: How to Build a Threat Hunting Capability in AWS
  • Sponsored By: AWS Marketplace

  Threat hunting is more of an art than a science, in that its approach and implementation can differ substantially among enterprises and still be successful. In cloud environments, where the threat landscape is always changing, security teams must know what data to collect and how to analyze it in order to tease out suspicious anomalies. In addition to these topics, this whitepaper walks you through the threat hunting process, describing tools and techniques you can use to find and neutralize threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2019 SANS Survey on Next-Generation Endpoint Risks and Protections by Justin Henderson and John Hubbard - December 2, 2019 

  • Associated Webcasts: 2019 SANS Survey on Next-Generation Endpoint Risks and Protections
  • Sponsored By: Cisco Systems OpenText Inc. Sophos Inc. VMWare Carbon Black

  Past SANS surveys show that endpoints of all types are being breached and used to dig deeper into organizations' networks. Our 2019 Next-Generation Endpoint Survey explores how attack methods and payloads are changing, whether organizations are containing breaches effectively, and more--including recommendations and guidance in addressing these concerns.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Taming the Wild West: Finding Security in Linux by Matt Bromiley - November 22, 2019 

  • Associated Webcasts: Taming Linux for Enterprise Security
  • Sponsored By: Cmd

  Although Linux has historically been less prone to attacks, increased enterprise use on-premises and in the cloud means it has become as common a target as Windows environments. This paper looks at the deficiencies of Linux from a security perspective and how to lock Linux down more effectively.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Someone to Watch Over You: A Review of CrowdStrike’s Falcon OverWatch by Joe Sullivan - November 19, 2019 

  • Associated Webcasts: Someone to Watch Over You: A Review of CrowdStrike’s Falcon OverWatch
  • Sponsored By: CrowdStrike, Inc.

  Technology alone cannot stop 100% of threats against endpoints. Ensuring security requires that people and processes be an integral part of threat hunting. That’s where CrowdStrike’s Falcon OverWatch comes in--with a team of live, trained threat hunting analysts whose job it is to alert you to advanced attack techniques that can go undetected by automated tools. In this review, SANS puts OverWatch through its paces to detect and alert on sophisticated attacks like credential theft, defense evasion and lateral movement, making it possible for on-premises security teams to respond to threats immediately.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• JumpStart Guide to Investigations and Cloud Security Posture Management in AWS by Kyle Dickinson - November 8, 2019 

  • Associated Webcasts: JumpStart Guide to Security Investigations and Posture Management in Amazon Web Services
  • Sponsored By: Barracuda Networks AWS Marketplace

  Cloud security posture management ( CSPM) has gained popularity as organizations move to a cloud-first mentality. CSPM enables efficient investigations because it centralizes data sources that provide operational and security insight. When an organization moves to the cloud, the security team needs visibility into its AWS accounts, which can be a complex undertaking. This paper focuses on the tactics that can aid in an investigation.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Perform a Security Investigation in AWS A SANS Whitepaper by Kyle Dickinson - October 30, 2019 

  • Associated Webcasts: How to Perform a Security Investigation in AWS
  • Sponsored By: AWS Marketplace

  Because the technologies that enable investigations in the cloud differ from those on premises, as do the levels of responsibility, organizations need to put in place a cloud-specific incident response plan. By planning out how they will perform investigations using solutions such as AWS, organizations can validate that any obligations they may have as a security organization can be met as effectively in cloud environments as they did in-house.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Investigating Like Sherlock: A SANS Review of QRadar Advisor with Watson by Matt Bromiley - October 26, 2019 

  • Sponsored By: IBM

  This paper reviews QRadar Advisor with Watson, a platform that combines IBM’s famous Watson with QRadar.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters by Mathias Fuchs and Joshua Lemon - October 25, 2019 

  • Associated Webcasts: SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters Threat Hunting for New and Experienced Hunters: Panel Discussion of the SANS 2019 Threat Hunting Survey
  • Sponsored By: Sophos Inc. VMWare Carbon Black Anomali DomainTools ThreatConnect ThreatQuotient Authentic8 ExtraHop Lastline Verodin

  Organizations just starting their threat hunting journey have different needs than those who are honing their skills and programs. The SANS 2019 Threat Hunting Survey looks at those differences and how they impact the priorities set by both types of organizations. The authors provide actionable advice to assist organizations as they grow their programs and improve their threat hunting abilities, whether they are new to threat hunting or are simply honing their processes.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• What Security Practitioners Really Do When It Comes to Security Testing by Matt Bromiley - October 18, 2019 

  • Associated Webcasts: Are Your Security Controls Yesterday\'s News?
  • Sponsored By: Cymulate

  Given the number, criticality and potential damage of attacks, how can you better protect your organization against the latest threats? And with so many solutions in your arsenal, how can you ensure that security controls are integrated seamlessly to defend you in the moment of truth against attacks? This paper, which is a follow-up to "Are Your Security Controls Yesterday’s News?," addresses issues with security effectiveness testing and how to improve control validation to shorten testing cycles, accelerate remediation and improve your organization's security posture--faster. It presents the results of a recent SANS poll to provide insight into how organizations are testing for security effectiveness and how performance is actually being measured.  The paper also provides specific steps to help you optimize security in a more proactive, continuous way.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Secure App Pipelines in AWS by Dave Shackleford - October 16, 2019 

  • Associated Webcasts: How to Secure App Pipelines in AWS
  • Sponsored By: AWS Marketplace

  We are seeing nothing less than an evolutionary shift as security infrastructure moves to software-defined models that improve speed and scale, and afford enterprise IT more agility and capabilities than ever before. Application development and deployment are driving this shift, and as the pace of development increases, organizations have a real need to ensure application security is embedded in all phases of the development and deployment life cycle, as well as in the cloud during operations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Effectively Use Segmentation and Microsegmentation by Dave Shackleford - October 15, 2019 

  • Associated Webcasts: How to Effectively Use Segmentation and Microsegmentation
  • Sponsored By: VMWare, Inc

  In recent years, software-defined networking (SDN) has emerged as a significant technology to help improve network visibility, packet analysis and security functions.  Unfortunately, not all segmentation models are equal when it comes to security. This whitepaper covers several different models of SDN and microsegmentation, and explores situations where security shortcomings are possible. Learn how to test your SDN platform to determine whether it can provide full coverage in detecting and preventing significant security incidents.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome by Chris Dale - October 2, 2019 

  • Associated Webcasts: Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome
  • Sponsored By: Core Security Technologies

  •  Login
  •  Join SANS.org

• ---

• ExtraHop Reveal(x) Expands Attack Investigations to Cover All Vectors by Dave Shackleford - September 30, 2019 

  • Associated Webcasts: ExtraHop Reveal(x) Expands Attack Investigations to Cover All Vectors
  • Sponsored By: ExtraHop

  •  Login
  •  Join SANS.org

• ---

• JumpStart Guide to Application Security in Amazon Web Services by Nathan Getty - September 27, 2019 

  • Associated Webcasts: Jumpstart Guide to Application Security in the Cloud
  • Sponsored By: Fortinet, Inc. AWS Marketplace

  This paper seeks to give you a better idea of what your organization needs to successfully plan and execute a secure application transition to, or deployment in, an AWS environment. Learn how security teams can best support application development teams, what options you have as a security professional for this support, and how best to guide your development teams as they transition workflows to AWS.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Build a Threat Detection Strategy in Amazon Web Services (AWS) by David Szili - September 10, 2019 

  • Associated Webcasts: How to Build a Threat Detection Strategy in AWS
  • Sponsored By: AWS Marketplace

  Threat detection and continuous security monitoring in the cloud must integrate traditional on-premises system monitoring with the cloud network infrastructure and cloud management plane. A successful, cloud-based threat detection strategy will collect data from systems, networks and the cloud environment in a central platform for analysis and alerting. This paper describes how to build a threat detection strategy that automates common tasks like data collection and analysis.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Success Patterns for Supply Chain Security by John Pescatore - September 9, 2019 

  • Associated Webcasts: Success Patterns for Supply Chain Security
  • Sponsored By: Panorays Interos

  Many CISOs report that supply chain security is one of their top challenges. Supply chain attacks are on the rise, and the high financial impact of these attacks has increased CEO, board of director, and regulatory/auditor attention to supply chain security. In this whitepaper, John Pescatore, SANS Director of Emerging Security Trends, provides recommendations and guidance in addressing these concerns.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Elevating Enterprise Security with Fidelis Cybersecurity: Endpoint Security Capabilities by Matt Bromiley - September 5, 2019 

  • Associated Webcasts: Elevating Enterprise Security with Fidelis Cybersecurity: Endpoint Security Capabilities
  • Sponsored By: Fidelis Cybersecurity

  In this final part of a two-part review, Matt Bromiley continues his review of the Fidelis Elevate platform, shifting focus to endpoint security. He examines how Fidelis Endpoint provides endpoint insight and response, highlighting capabilities such as behavioral monitoring and detections, enterprisewide threat hunting, and response automation, as well as ease of integration with Fidelis Elevate to bring networks and endpoints together. With this kind of holistic visibility, the job of securing modern enterprises becomes significantly easier and more achievable.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Elevating Enterprise Security with Fidelis Cybersecurity: Network and Deception by Matt Bromiley - September 5, 2019 

  • Associated Webcasts: Elevating Enterprise Security with Fidelis Cybersecurity: Network and Deception
  • Sponsored By: Fidelis Cybersecurity

  Security teams cannot defend complex networks without holistic, correlative insight into the environment. In this first part of a two-part review, Matt Bromiley reviews the Fidelis Elevate platform, with respect to its ability to provide insight into network traffic, threats and deception. Not only does the Fidelis platform allow for holistic visibility, but it also makes it easy for organizations to move toward threat hunting, shortening their time to detect and uncover intrusions.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• JumpStart Guide for SIEM in AWS by J. Michael Butler - August 20, 2019 

  • Associated Webcasts: JumpStart Guide for Security Information and Event Management (SIEM) in AWS
  • Sponsored By: Optiv AWS Marketplace

  This paper explores the needs, implementation options, capabilities, and various considerations for organizations looking to implement SIEM/SOAR capabilities in Amazon Web Services (AWS). The paper compares the integration of SIEM and SOAR in the cloud environment to on-premises use. Suggestions for planning SIEM and SOAR integration into an AWS cloud environment also included.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Effectively Addressing Advanced Threats by Matt Bromiley - August 19, 2019 

  • Sponsored By: IBM Security

  As security professionals well know, the wave of advanced threats never stops, and organizations are increasingly challenged in dealing with the onslaught. But not all threats are created equal. How do you identify the most critical and deal with those? In this survey, we asked the security community to share what advanced threats their organizations are facing and how they're allocating resources and technology.

  Register now for the associated webcast at 1 p.m. Eastern on Wednesday September 25, 2019: https://register.gotowebinar.com/register/6150616769136423937

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Better Security Using the People You Have by Matt Bromiley - August 13, 2019 

  • Associated Webcasts: Stop Letting Security Fail. Identify the True Problem
  • Sponsored By: Endgame

  Is your organization making optimal use of technology and processes to support the people you currently have? Because, if not, there is more work to do-and it doesn't involve hiring more people. This paper looks at the people, process and technology trifecta to identify weak points in your security. Compensate for deficiencies, maximize the resources you have, and prepare for future security threats. Get tips on how to empower your employees and help them grow their skills relative to the sophistication of today's security challenges.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Device Visibility and Control: Streamlining IT and OT Security with Forescout by Don Murdoch - August 12, 2019 

  • Associated Webcasts: Visibility for Incident Response: A Review of Forescout 8.1
  • Sponsored By: Forescout Technologies BV

  Forescout's latest iteration of its eponymous platform builds on the product's long-standing reputation for handling network admission controls, and adds multifaceted IT/OT network device visibility and control. In this review, SANS analyst and instructor Don Murdoch delves deep into how Forescout can help organizations gain greater visibility into the devices on the network, through device discovery, auto classification, risk assessment and automating security controls.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS 2019 Incident Response (IR) Survey: It's Time for a Change by Matt Bromiley - July 31, 2019 

  • Associated Webcasts: Integrated Incident Response: A SANS Survey Integrated Incident Response: A Panel Discussion about the SANS 2019 IR Survey
  • Sponsored By: OpenText Inc. Unisys InfoBlox DomainTools DFLabs Swimlane ExtraHop King & Union

  The 2019 SANS Incident Response (IR) survey provides insight into the integration of IR capabilities to identify weak spots and best practices for improving IR functions and capabilities. In this survey paper, senior SANS instructor and IR expert Matt Bromiley explores what types of data, tools and information are key to investigations of an incident; the state of budget and staffing for IR; maturity of IR processes; impediments to IR implementations and plans for improvement; and more. The report also includes actionable advice for improving organizational IR practices.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Protect Enterprise Systems with Cloud-Based Firewalls by Kevin Garvey - July 26, 2019 

  • Associated Webcasts: How to Protect Enterprise Systems with Cloud-Based Firewalls
  • Sponsored By: AWS Marketplace

  Deploying WAFs and firewalls in the cloud saves security teams valuable time as they rely on the cloud to automate many tasks. This paper identifies key considerations in using cloud-based firewalls to protect your enterprise, including network logging, IDS/IPS, authentication and inspection. This paper also covers advanced firewalls features like behavioral threat detection, next-gen analytics and customized rules. A comprehensive use case serves as an essential how-to for making it all work.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• JumpStart Guide for Cloud-Based Firewalls in AWS by Brian Russell - July 24, 2019 

  • Associated Webcasts: JumpStart Guide to Cloud-Based Firewalls in AWS
  • Sponsored By: Optiv AWS Marketplace

  This guide examines options for implementing firewalls within the Amazon Web Services (AWS) Cloud. It examines the needs and capabilities associated with today’s firewall and threat prevention services and details general, technical and operational considerations when choosing these products. The guide concludes by examining AWS-specific considerations and recommending a plan of action for organizations considering the purchase of cloud-based firewalls.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Bye Bye Passwords: New Ways to Authenticate by Matt Bromiley - July 23, 2019 

  • Sponsored By: Microsoft

  The "passwordless movement" is upon us! This paper addresses ways to change password handling and implement more secure authentication It examines the problem of passwords and password mismanagement, and provides tips and suggestions for increasing your organization's account security using modern industry standards.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Are Your Security Controls Yesterday's News? by Matt Bromiley - July 18, 2019 

  • Associated Webcasts: Are Your Security Controls Yesterday\'s News?
  • Sponsored By: Cymulate

  This spotlight paper, one of a two-part series, looks at just how successful an organization can expect to be if it's using old news, limited scope or "cookie-cutter" vulnerability scans as a way to assess its environment. SANS believes security control testing needs to improve significantly to emulate actual--not hypothetical--threats to an organization.

  The second spotlight, "What Security Practitioners Really Do When It Comes to Security Testing," focuses on the input SANS received from a poll that gathered opinions from the SANS community on this topic

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey by Chris Crowley and John Pescatore - July 9, 2019 

  • Associated Webcasts: Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey Common and Best Practices for Security Operations Centers: Panel Discussion
  • Sponsored By: Anomali ThreatConnect CYBERBIT Commercial Solutions Siemplify DFLabs ExtraHop BTB Security CyberProof

  In this survey, senior SANS instructor and course author Christopher Crowley, along with advisor and SANS director of emerging technologies John Pescatore, provide objective data to security leaders who are looking to establish a SOC or optimize an existing one. This report captures common and best practices, provides defendable metrics that can be used to justify SOC resources to management, and highlights the key areas that SOC managers should prioritize to increase the effectiveness and efficiency of security operations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Why Traditional EDR Is Not Working - and What to Do About It by Jake Williams - June 27, 2019 

  • Associated Webcasts: Why Traditional EDR Is Not Working--and What to Do About It
  • Sponsored By: Mcafee LLC

  EDR, or endpoint detection and response, promises to revolutionize the way security analysts neutralize attacks. Unfortunately, EDR has not always lived up to the promised hype. This paper examines the challenges of traditional EDR platforms, and suggests what you can do to overcome them for effective EDR implementation. Paper includes a checklist of considerations for selecting and deploying an EDR platform.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Build an Endpoint Security Strategy in AWS by Thomas J. Banasik - June 27, 2019 

  • Associated Webcasts: How to Build an Endpoint Security Strategy in AWS
  • Sponsored By: AWS Marketplace

  Endpoint security is the cornerstone of any successful cloud migration. This paper details how to build an endpoint security strategy that uses a defense-in-depth architecture to protect cloud assets, as well as implement key endpoint security capabilities such as EDR, UEBA and DLP solutions. It also explains synchronization with AWS services for a comprehensive view that increases visibility when combatting threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Building and Maturing Your Threat Hunting Program by David Szili - June 24, 2019 

  • Associated Webcasts: Building and Maturing Your Threat Hunt Program
  • Sponsored By: Cisco Systems

  Building an effective threat hunting program can be daunting. This paper addresses how to get started and covers building a team, what a typical hunt might look like and constructing a knowledge base for later use. It also covers how to create a test lab and use effective metrics.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• JumpStart Guide for Endpoint Security in AWS by David Hazar - June 19, 2019 

  • Associated Webcasts: JumpStart Guide for Endpoint Security in AWS
  • Sponsored By: Optiv AWS Marketplace

  Endpoint security is a key component of any cybersecurity program, but some organizations struggle with extending this program component to cloud workloads. This paper provides guidance on the key issues to consider when choosing an endpoint security solution for integration on the AWS platform and suggests a process for making that important decision.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Build a Data Security Strategy in AWS by Dave Shackleford - June 13, 2019 

  • Associated Webcasts: How to Build a Data Protection Strategy in AWS
  • Sponsored By: AWS Marketplace

  When organizations move sensitive data to the cloud, they absolutely must choose a provider that can ensure compliance with privacy regulations on a global stage. Data security strategies in the cloud must include encryption and key management, data loss prevention and the capability to classify and track data. By using the AWS Cloud, organizations can protect sensitive data at rest, in transit and in use.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Authentication: It Is All About the User Experience by Matt Bromiley - June 12, 2019 

  • Associated Webcasts: Authentication: It Is All About the User Experience
  • Sponsored By: Yubico

  In a world where compromised user credentials can cost an enterprise millions of dollars, the importance of being able to validate user accounts is a crucial enterprise requirement. Yet implementation of modern authentication techniques is lagging, even though it provides better user experiences as well as stronger authentication. This paper examines how these techniques can be applied within your organization for your employees--the other custodians of your data. It also explores the benefits of the new WebAuthn specification.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS 2019 State of OT/ICS Cybersecurity Survey by Barbara Filkins and Doug Wylie - June 11, 2019 

  • Associated Webcasts: SANS 2019 State of OT/ICS Cybersecurity Survey Converging OT and IT Networks: Where and How to Evolve ICS for Security
  • Sponsored By: Forescout Technologies BV Cisco Systems Inc. Yokogawa Corporation of America Nozomi Networks Radiflow Owl Cyber Defense

  In this survey, SANS experts Doug Wylie and Barb Filkins, with advisor and SANS instructor Jason Dely, examine the current state of known and perceived cybersecurity risks, threats and potential impacts to industrial and automation control systems that are applied within the Operational Technology (OT) domain. The survey explores how adeptly we are safeguarding operations and protecting human and company capital from a range of technical and non-technical cybersecurity risks that stem from threats that include malicious and unintentional insiders and outsiders. View the associated infographic here.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Passive Isn't Good Enough: Moving into Active EDR by Justin Henderson - May 17, 2019 

  • Associated Webcasts: Passive Isn\'t Good Enough: Moving into Active EDR
  • Sponsored By: SentinelOne

  Endpoint detection and response (EDR) technologies focus on identifying anomalous activity at scale, but are often constrained by delayed analyses. Endpoint protection platforms (EPP) can manage aspects of endpoint security, but often lack enterprise class detection and reporting capabilities. Which leads us to the most recent addition to the endpoint protection arsenal--active endpoint detection and response, which boasts real-time analysis capabilities as compared to traditional passive EDR.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Protect a Modern Web Application in AWS by Shaun McCullough - May 9, 2019 

  • Sponsored By: AWS Marketplace

  In moving assets to the cloud, organizations need to prioritize their security plans based on the risks to which they are exposed. With threat modeling, organizations can identify and prioritize the risks to infrastructure, applications and the services they provide, as well as evaluate how to manage those risks over time. This paper includes use cases for threat modeling web apps and the DevSecOps platform, using a process that is both repeatable and improvable.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS 2019 Cloud Security Survey by Dave Shackleford - April 30, 2019 

  • Associated Webcasts: The State of Cloud Security: Results of the SANS 2019 Cloud Security Survey The State of Cloud Security: Panel Discussion
  • Sponsored By: Sophos Inc. ExtraHop Sysdig

  This whitepaper delves into the results of the SANS 2019 Cloud Security Survey, conducted in cooperation with the Cloud Security Alliance, concerning organizations' use of the public cloud and provides actionable advice organizations can use to improve their cloud security. It answers questions including, "Are security infrastructures maturing to support the business and improve risk management in the cloud model?" and "How are organizations using the public cloud to meet their business needs?"

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Increasing Visibility with Ixia's Vision ONE by Serge Borso - April 23, 2019 

  • Associated Webcasts: Increasing Visibility with Ixia\'s Vision ONE
  • Sponsored By: Ixia

  Visibility into network structures and endpoints is vital to security and intelligence operations. Ixia's Vision ONE is a device that enables organizations to gain visibility into threats and manage security operations within a single platform. The SANS review of the Vision ONE platform examines how it provides enhanced, more efficient security through packet brokers and actionable information at the application level. We also consider how Vision ONE can help reduce operational costs. | Visibility into network structures and endpoints is vital to security and intelligence operations. Ixia's Vision ONE is a device that enables organizations to gain visibility into threats and manage security operations within a single platform. The SANS review of the Vision ONE platform examines how it provides enhanced, more efficient security through packet brokers and actionable information at the application level. We also consider how Vision ONE can help reduce operational costs.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Why Your Vulnerability Management Strategy Is Not Working - and What to Do About It by Jake Williams - April 23, 2019 

  • Associated Webcasts: Why Your Vulnerability Management Strategy Is Not Working – and What to Do About It
  • Sponsored By: Lookingglass Cyber Solutions, Inc.

  This paper looks at why vulnerability management solutions have not met expectations and how IT and security teams can better implement those solutions to maximize value. It also addresses how to deal with the resourcing constraints that all vulnerability management programs encounter.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Thinking like a Hunter: Implementing a Threat Hunting Program by Matt Bromiley - April 21, 2019 

  • Sponsored By: IBM

  A successful threat hunting program should identify previously unknown or ongoing threats within the environment and facilitate a deeper understanding of the organization's technical landscape. This paper focuses on bridging the gap between those two objectives and discusses the whats, whys and hows of threat hunting. The paper presents techniques that can be immediately applied to your environment to help you either build a new hunt team or hone your existing one.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Top New Attacks and Threat Report by John Pescatore - April 18, 2019 

  • Associated Webcasts: SANS Top New Attacks and Threat Report
  • Sponsored By: Unisys InfoBlox Veracode Anomali DomainTools

  Each year, the annual RSA Conference features top SANS instructors presenting their look at the new attack techniques currently in use and their projections for future exploits. This whitepaper captures highlights from this year's fast-paced and informative panel discussion, including insight into overall cybersecurity trends on both the offensive and defensive sides as well as advice from SANS on the steps enterprises must take to meet future risks.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Build a Security Visibility Strategy in the Cloud by Dave Shackleford - April 17, 2019 

  • Associated Webcasts: How to Build a Security Visibility Strategy in the Cloud
  • Sponsored By: AWS Marketplace

  The security of cloud-based assets requires visibility into the events and behaviors that move into and through the cloud environment, a strategy that differs from traditional security visibility. This paper describes controls that can be used to ensure network, application, instance/container, database/storage and control plane visibility, and explains how to create a strategy that ties event monitoring, vulnerability scanning and control planes together to enhance visibility.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Vulnerability Management Survey by Andrew Laman - April 8, 2019 

  • Associated Webcasts: Current State of Vulnerability Management: Part 1 of the SANS Vulnerability Management Survey Results Vulnerability Practices of Tomorrow: Part 2 of the SANS Vulnerability Management Survey Results
  • Sponsored By: Tenable Veracode Bromium Balbix

  More and more organizations are finding that they need more than scanning results to manage their vulnerabilities effectively. This SANS survey investigates how organizations are managing vulnerabilities across their endpoints, applications, cloud services and business partners, while providing insights about survey results related to risk-based vulnerability management practices, management of cloud-based vulnerabilities and more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Foundation of Continuous Host Monitoring by Matt Bromiley - April 2, 2019 

  • Associated Webcasts: The Foundation of Continuous Host Monitoring
  • Sponsored By: OpenText Inc.

  Without the right architecture, continuous monitoring can cause more headaches than it cures. This paper examines some of the difficulties organizations face when trying to improperly scale forensic tools and/or concepts, and provides guidance on architectural decisions to help improve continuous monitoring implementations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Automate Compliance and Risk Management for Cloud Workloads by Matt Bromiley - March 27, 2019 

  • Associated Webcasts: How to Automate Compliance and Risk Management for Cloud Workloads
  • Sponsored By: AWS Marketplace

  As organizations experience growth and network expansion, their decisions impact the safety and integrity of their data. Organizations that are moving to the cloud must balance the benefits of cloud services with compliance, while also managing risk. Because migrating data to the cloud does not remove the need for compliance, organizations need to focus on compliance from the start and create a strategy that automates compliance and risk management using native and cloud security controls.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Taming the Endpoint Chaos Within: A Review of Panda Security Adaptive Defense 360 by Justin Henderson - March 26, 2019 

  • Associated Webcasts: Taming the Endpoint Chaos Within: A Review of Panda Security Adaptive Defense 360
  • Sponsored By: Panda Security

  Endpoint security requires a solution that scales, is easy to maintain and provides a comprehensive integration into the endpoint itself. This review of Panda Security Adaptive Defense 360 details how the endpoint platform prevents malicious executables, automates complex tasks and provides scalability. Panda Security's EDR approach applies prevention controls in combination with detective controls, and allows security teams to deploy preventive technologies while retaining insight into environments.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security Gets Smart with AI by G.W. Ray Davidson and Barbara Filkins - March 23, 2019 

  • Associated Webcasts: Security Gets Smart with AI: A SANS Survey
  • Sponsored By: Cylance

  This SANS survey, directed at cybersecurity professionals who use or are interested in AI, examines perceptions about AI's basic capabilities for security and what technologies--including deep learning, various recognition techniques, machine learning and others--are considered part of AI for security. The survey also examines whether, how and when security experts will begin implementing AI for security and how they intend to use it.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Empowering Incident Response via Automation by Matt Bromiley - March 20, 2019 

  • Associated Webcasts: Empowering Incident Response via Automation
  • Sponsored By: Cisco Systems

  This paper examines where incident response automation can be used to empower your teams and bring their level of productivity and investigations to never-before-seen heights. Your analysts should be focused on solving the problems that require human intervention, not tripped up by technical hurdles that a computer could easily solve.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2019 SANS Automation and Integration Survey by Barbara Filkins - March 15, 2019 

  • Associated Webcasts: The State of Automation/Integration Practice: Part 1 of the SANS Automation and Integration Survey What\'s Next in Automation Support: Part 2 of the SANS Automation and Integration Survey
  • Sponsored By: Mcafee LLC LogRhythm ThreatConnect D3 Security Swimlane

  With an ever-evolving threat landscape, security and risk management leaders must consider what security automation and integration can do to improve the efficiency, quality and efficacy of security operations. Our 2019 survey explores how respondents characterize their efforts and challenges with security automation, integration and workflow orchestration, and includes actionable advice for achieving the benefits of security automation.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing Your Endpoints with Carbon Black: A SANS Review of the CB Predictive Security Cloud Platform by Dave Shackleford - March 14, 2019 

  • Associated Webcasts: Securing Your Endpoints with Carbon Black: A SANS Review of the CB Predictive Security Cloud Platform
  • Sponsored By: Carbon Black

  Endpoint security remains a top security priority for most organizations. SANS reviews the CB Predictive Security Cloud (PSC), which focuses on securing endpoints by using a single lightweight agent that provides security professionals with actionable insights about cyberattacks. It uses behavioral analytics and big data in the cloud to prevent emerging threats; helps with vulnerability assessment and compliance reporting; and assists in threat hunting and incident response.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Maximizing SOC Effectiveness and Efficiency with Integrated Operations and Defense by John Pescatore - March 12, 2019 

  • Associated Webcasts: Maximizing SOC Effectiveness and Efficiency with Integrated Operations and Defense
  • Sponsored By: NETSCOUT Systems, Inc.

  John Pescatore of the SANS Institute leads a discussion on how to overcome the most commonly cited barriers to improving security operations. Gain perspective on integrating processes and controls used by networks operations with those used for security operations; using timely, accurate threat intelligence to proactively tune detection and protection controls; and assuring that defenses can withstand complex, multi-pronged attacks both today and in the future.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Taking SIEM to the Cloud: A SANS Review of Securonix Next-Gen SIEM v6.1 by Dave Shackleford - March 1, 2019 

  • Associated Webcasts: Taking SIEM to the Cloud: A SANS Review of Securonix Next-Gen SIEM
  • Sponsored By: Securonix

  The SANS Analyst team reviewed Securonix Next-Gen SIEM, which includes many advanced features for reducing detection and response time for security operations and investigations, and processing large quantities of data from numerous sources in real time.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Understanding the Adversary with Deception Technology by Matt Bromiley - February 26, 2019 

  • Associated Webcasts: Improving Detection and Understanding the Adversary with Deception Technology
  • Sponsored By: TrapX Security

  Organizations are having great difficulties properly remediating incidents and eradicating attackers from their environment. This paper examines some of the challenges facing organizations in understanding the adversary, and presents some of the latest deception techniques that can be used to identify attacker activity (both known and unknown).

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Optimize Security Operations in the Cloud Through the Lens of the NIST Framework by John Pescatore - February 25, 2019 

  • Associated Webcasts: Prioritizing Security Operations in the Cloud through the Lens of the NIST Framework
  • Sponsored By: AWS Marketplace

  Security teams today face the mandate of moving production workloads from on-premises to the cloud. By using the NIST Cybersecurity Framework (CSF), teams can effectively and efficiently build in security as part of the migration of operations activities to IaaS services and hybrid cloud implementations. This paper shares proven best practices for evaluating and implementing security architectures, processes and controls while developing an approach to migration that is repeatable.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey by Rebekah Brown and Robert M. Lee - February 4, 2019 

  • Associated Webcasts: CTI Requirements and Inhibitors: Part 1 of the 2019 SANS Cyber Threat Intelligence Survey CTI Tools, Usage and a Look Ahead: Part 2 of the 2019 SANS Cyber Threat Intelligence Survey
  • Sponsored By: Anomali DomainTools RecordedFuture ThreatQuotient IntSights

  In order to use cyber threat intelligence (CTI) effectively, organizations must know what intelligence to apply and where to get that intelligence. This paper delves into the results of the SANS 2019 Cyber Threat Intelligence Survey and explores the value of CTI, CTI requirements, how respondents are currently using CTI--and what the future holds.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Enterprise Security with a Fluid Perimeter by Matt Bromiley - January 22, 2019 

  • Associated Webcasts: Enterprise Security with a Fluid Perimeter
  • Sponsored By: Aruba Networks

  Between BYOD, the cloud, third-party providers and a fluctuating mobile workforce, it is growing more difficult to maintain a rigid security policy. This paper examines critical techniques to addressing this issue, including the role of baselining, integrating and automating response, and defending against attacks more quickly--as well as specific action items for better protection.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Evolving Micro-Segmentation for Preventive Security: Adaptive Protection in a DevOps World by Dave Shackleford - January 7, 2019 

  • Associated Webcasts: Defeating Attackers with Preventive Security
  • Sponsored By: VMWare, Inc

  This paper looks at micro-segmentation as a new way to approach network security. The paper proposes ways to implement effective cyber hygiene, examines the role of automation, and explores ways to add security to workflows.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Defend Your Business Against Phishing by Matt Bromiley - January 4, 2019 

  • Sponsored By: Microsoft

  Phishing is an ever-evolving and pervasive method of attack against small- and medium-sized businesses (SMBs). Don't let your business be an easy target! After walking you through the phishing techniques that attackers commonly use, Matt Bromiley shares proven strategies and specific, actionable steps you can take today to reduce your risk. No matter your budget or level of expertise, you can defend against phishing attacks.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Defend Your Business Against Insider Threats by Matt Bromiley - January 4, 2019 

  • Sponsored By: Microsoft

  Your business faces a security risk that may not even be on your radar. Looming from within are insider threats, which pose a significant risk to small- and medium-sized businesses (SMBs). Matt Bromiley breaks down the two types of insider threats and provides specific, actionable steps and user education tips you can implement today to protect and defend your business against threats from the inside.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Protecting Data To, From and In the Cloud by Dave Shackleford - December 11, 2018 

  • Sponsored By: Symantec

  Attackers have adapted their strategies to the cloud and will likely continue to focus on this threat surface. In this spotlight paper, SANS offers some guidance and recommendations for improving cloud service visibility, data protection, threat protection, access control and reporting.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Automating Detection and Response: A SANS Review of Swimlane by Alissa Torres - December 11, 2018 

  • Associated Webcasts: Efficient Alert Processing and Response: A SANS Review of Swimlane
  • Sponsored By: Swimlane

  This paper highlights the best-in-breed features of Swimlane: its ease of use, customizability, role-based access control and current technology integrations. We put Swimlane through its paces in a triage of a typical phishing email, applying the concept of componential workflow automation.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• An Evaluator's Guide to NextGen SIEM by Barbara Filkins - December 6, 2018 

  • Associated Webcasts: An Evaluator\'s Guide to Next-Generation SIEM
  • Sponsored By: LogRhythm

  A traditional SIEM often lacks the capability to produce actionable information and has a limited shelf life. To be effective, a SIEM must stay relevant in the face of new threats and changes in an organizations technical and support infrastructures. Learn about the key questions to ask as you research adding a next-generation SIEM, one that captures data and generates information that security teams can use as intelligence to detect potentially malicious activity.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Integrating Threat Intelligence into Endpoint Security: A Review of CrowdStrike Falcon X by Dave Shackleford - November 26, 2018 

  • Associated Webcasts: Threat Intelligence and Protecting Your Endpoints: A SANS Review of the CrowdStrike Falcon X Platform
  • Sponsored By: CrowdStrike, Inc.

  While threat intelligence can transform an organization's security posture, it can be complex and costly for organizations to adopt and operationalize. With that in mind, SANS Analyst Dave Shackleford tested CrowdStrike Falcon X, which purportedly enables cybersecurity teams to automatically analyze malware found on endpoints, find related threats and enrich the results with customized threat intelligence. This review encapsulates his findings, and details how the solution can help SOC teams.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2018 Secure DevOps: Fact or Fiction? by Jim Bird and Barbara Filkins - November 5, 2018 

  • Associated Webcasts: Secure DevOps: Fact or Fiction? SANS Survey Looks at Reality, Part I Secure DevOps: Fact or Fiction? SANS Survey Looks at Reality, Part II
  • Sponsored By: Qualys WhiteHat Security Rapid7 Inc. Veracode Aqua Security Inc. Signal Sciences

  A new SANS survey indicates that fewer than half (46%) of survey respondents are confronting security risks up front in requirements and service design in 2018--and only half of respondents are fixing major vulnerabilities. This report chronicles how security practitioners are managing the collaborative, agile nature of DevOps and weave it seamlessly into the development process.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Network Architecture with Security in Mind by Matt Bromiley - November 2, 2018 

  • Associated Webcasts: Network Architecture with Security in Mind
  • Sponsored By: Gigamon

  This paper looks at how efficient and security-minded network routing and security tool utilization can shorten detection and response times.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• It's Awfully Noisy Out There: Results of the 2018 SANS Incident Response Survey by Matt Bromiley - October 30, 2018 

  • Associated Webcasts: Improving the Incident Response Function: SANS 2018 Incident Response Survey Results Part II How Are You Responding to Threats? SANS 2018 Incident Response Survey Results Part I
  • Sponsored By: Forescout Technologies BV Coalfire Systems OpenText Inc. Fidelis Security Systems, Inc. ThreatQuotient 1E

  A new SANS survey finds that incident response (IR) teams are stanching serious data breaches faster in 2018--but they haven't managed to improve on a major hurdle that they reported in 2017: visibility into incidents. This report explores how organizations have structured their incident response functions, what systems they are conducting investigations on, and how they're uncovering threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Algorithm of You: Defeating Attackers by Being Yourself by Matt Bromiley - October 17, 2018 

  • Associated Webcasts: The Algorithm of You: Defeating Attackers by Being Yourself
  • Sponsored By: BehavioSec

  Yesterday's defense mechanisms--such as tokens, one-time passwords and even fingerprint readers--are not adequately protecting our devices, data and networks. SANS author and DFIR expert Matt Bromiley examined a relatively new authentication method, behavioral biometrics, as implemented in a product from BehavioSec. This SANS Product Review chronicles Matts experience as he put BehavioSec's product through the paces, and it explores what behavioral biometrics is, how it works and the role it plays in authentication.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Investigate East-West Attacks on Critical Assets with Network Traffic Analysis by Dave Shackleford - October 3, 2018 

  • Associated Webcasts: Investigate East-West Attack Activities to Defend Critical Assets: A SANS Review of ExtraHop Reveal(x)
  • Sponsored By: ExtraHop

  Once attackers compromise a network, they attempt to maintain a persistent presence in the network and focus on data access and exfiltration. Such east-west attacks can be challenging to detect and remediate. SANS reviewed ExtraHop Networks Reveal(x) network traffic analysis platform, which aims to address the east-west challenge. Read on to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged - Discover and Defend Your Assets by Doug Wylie and Dean Parsons - September 26, 2018 

  • Associated Webcasts: Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged--Discover and Defend Your Assets
  • Sponsored By: Tenable

  The benefits derived from information technology (IT) and operational technology (OT) convergence are enabling more effective management of contemporary control systems. However, the unique challenges of IT/OT convergence make managing and securing an industrial control system (ICS) more difficult. This paper explores how industrial and information system administrators can build stronger cybersecurity programs to protect IT/OT systems.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Automating Open Source Security: A SANS Review of WhiteSource by Serge Borso - September 25, 2018 

  • Associated Webcasts: Automating Open Source Security: A SANS Review of WhiteSource
  • Sponsored By: WhiteSource

  This paper takes a close look at how the WhiteSource solution can handle the myriad of open source vulnerabilities through real-time detection and remediation.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS 2018 Threat Hunting Survey Results by Robert M. Lee and Rob T. Lee - September 18, 2018 

  • Associated Webcasts: Threat Hunting Is a Process, Not a Thing: SANS 2018 Survey Results, Part I Threat Hunting in Action: SANS 2018 Survey Results, Part II
  • Sponsored By: Qualys IBM RiskIQ Anomali DomainTools Malwarebytes

  Our third survey on threat hunting looks at the maturity of hunting programs and where they are going, along with best practices being used in organizations to detect and remediate threats that would otherwise remain hidden. Read this report to learn how survey respondents answered questions that are immediately important to organizations conducting threat hunting.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Essential Requirements for Cloud-Based Endpoint Security by Barbara Filkins - September 11, 2018 

  • Sponsored By: Carbon Black

  Next-generation endpoint security (NGES) strives to combine prevention, detection, response and IT operations into a single platform, allowing for the consolidation of the endpoint footprint while substantially increasing endpoint protection. For those ready to replace their traditional antivirus with NGES, SANS has developed this evaluation guide for assessing NGES tools against your organization's requirements before making capital investments in NGES.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Breach Avoidance: It Can Be Done, It Needs to Be Done by John Pescatore - September 10, 2018 

  • Associated Webcasts: Breach Avoidance: Yes, You Can!
  • Sponsored By: Balbix

  Almost every day it seems like the press is reporting on yet another security breach. Some breaches expose sensitive business and customer information, while others bring down business operations. But breaches are not inevitable. By implementing security processes and controls to proactively identify and remove or mitigate vulnerabilities, today’s companies, even those with limited staff and budgets, can avoid or limit business damage by prioritizing security efforts.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Need for Speed: Integrated Threat Response A SANS Whitepaper by Matt Bromiley - September 10, 2018 

  • Associated Webcasts: The Need for Speed: Integrated Threat Response
  • Sponsored By: Lookingglass Cyber Solutions, Inc.

  This paper addresses the concepts of security automation and integration and provides recommendations on how to use technology to make your team faster and more efficient. It not only emphasizes the need for security automation and integration, but also shows how they are enhancements to, rather than replacements for, a security program.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Stronger Security with Global IT Asset Inventory by Matt Bromiley - August 29, 2018 

  • Associated Webcasts: Stronger Security with Global IT Asset Inventory Stronger Security with Global IT Asset Inventory
  • Sponsored By: Qualys

  You must secure what you cannot see. But how? Take the first step: Recognize the various pieces. Then you'll see how IT asset inventory can, and should be, one of the most useful tools for the security team in identifying and addressing security concerns.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Definition of SOC-cess? SANS 2018 Security Operations Center Survey by Christopher Crowley and John Pescatore - August 13, 2018 

  • Associated Webcasts: No Single Definition of a SOC: Part I of the SANS 2018 SOC Survey Results Webcast SOC Capabilities and Usefulness: Part II of the SANS SOC Survey Results Webcast SOC Capabilities and Usefulness: Part II of the SANS SOC Survey Results Webcast No Single Definition of a SOC: Part I of the SANS 2018 SOC Survey Results Webcast
  • Sponsored By: LogRhythm CYBERBIT Commercial Solutions Authentic8 DFLabs Awake Security ExtraHop

  Although SOCs are maturing, staffing and retention issues continue to vex critical SOC support functions. In this paper, learn how respondents to our 2018 SOC survey are staffing their SOCs, the value of cloud-based services to augment staff and technology, and respondents' level of satisfaction with the architectures they've deployed.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Understanding the (True) Cost of Endpoint Management by Matt Bromiley - July 30, 2018 

  • Associated Webcasts: Understanding the True Cost of Endpoint Management
  • Sponsored By: IBM

  In this paper, we review the challenges in dealing with complex, ever-changing environments and offer suggestions and recommendations in effective endpoint management. Additionally, we discuss enterprise security as it relates to endpoint management and examine the benefits of integrating endpoint management into your security posture.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How Visibility of the Attack Surface Minimizes Risk by Dave Shackleford - July 30, 2018 

  • Associated Webcasts: How Visibility of the Attack Surface Minimizes Risk
  • Sponsored By: Skybox Security, Inc.

  To understand risks and control the attack surface, you need visibility. But what is visibility and why is it critical? And how do you get it? This paper will help you define visibility for effective security and understand why visibility it is key to determining your exposure and potential vulnerabilities.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• A Guide to Managing Cloud Security by Dave Shackleford - July 25, 2018 

  • Associated Webcasts: Managing Cloud Security
  • Sponsored By: Tenable

  While many of the core concepts of vulnerability and threat management remain the same in the world of cloud deployments, we need to adapt our thinking to operate in a hybrid or public cloud deployment model. This paper will help you evaluate cloud vulnerabilities and threat management, and protect your data and assets in a dynamic cloud infrastructure.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• AI Hunting with the Cybereason Platform: A SANS Review by Dave Shackleford - July 23, 2018 

  • Associated Webcasts: Single-Agent Cyber Security Analytics: A SANS Review of the Cybereason Platform

  SANS reviewed Cybereason's AI hunting platform, which offers a lightweight, behavior-focused model of host-based protection that can help intrusion analysis and investigations teams more rapidly and efficiently prevent, detect and analyze malicious behavior in their environments.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The 2018 SANS Industrial IoT Security Survey: Shaping IIoT Security Concerns by Barbara Filkins - July 18, 2018 

  • Associated Webcasts: The State of Industrial IoT
  • Sponsored By: Forescout Technologies BV Accenture Indegy

  IIoT endpoint security is the leading concern of respondents to the 2018 SANS IIoT Security Survey, with network security controls and countermeasures being the main enablers of IIoT security. Most of the growth in connected devices is expected to be for those used for monitoring, status, alarms and alerting, as well as predictive maintenance, but over 50% of respondents are still using their devices controlling operations and processes. Read on to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• One-Click Forensic Analysis: A SANS Review of EnCase Forensic by Jake Williams - June 27, 2018 

  • Associated Webcasts: EnCase Forensic 8: A SANS Analyst Program Review
  • Sponsored By: OpenText Inc.

  When security incidents occur, law enforcement needs forensic information in hours, not days. The new features in EnCase Forensic 8 purport to assist investigators in gathering and analyzing key data in a more efficient manner. Learn more in this product review of EnCase Forensic 8.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cloud Security: Are You Ready? by Dave Shackleford - June 18, 2018 

  • Sponsored By: Symantec

  As more midsize organizations move into the cloud, security professionals may wonder why cloud security seems difficult. More than likely, the real security challenge is the perceived loss of control. Numerous security best practices plus improved security products and services now exist. This short paper takes a look at some of the key elements and best practices for midsize enterprises looking to ensure security in their cloud implementations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Stopping IoT-based Attacks on Enterprise Networks by G. W. Ray Davidson - June 14, 2018 

  • Associated Webcasts: Stopping IoT-based Attacks on Enterprise Networks
  • Sponsored By: Hewlett Packard

  The increased use of IoT devices on business networks presents an growing challenge to security, and printers are an especially overlooked device from a security perspective. This paper examines specific attack areas for IoT devices, particularly printers, including data, management, monitoring and reporting, and make recommendations for protecting against various attacks.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Endpoint Protection and Response: A SANS Survey by Lee Neely - June 12, 2018 

  • Associated Webcasts: It Starts With The Endpoint: Part 1 of the SANS 2018 Endpoint Security Survey Results Endpoint Detection and Response: Part 2 of the SANS 2018 Endpoint Security Survey Results
  • Sponsored By: Forescout Technologies BV Mcafee LLC OpenText Inc. CrowdStrike, Inc. VMWare Carbon Black Endgame Malwarebytes

  Respondents have a vested interest in improving visibility, detection and response through more automated, integrated endpoint protection, detection and response technologies. In this survey, 84% of endpoint breaches included more than one endpoint. Desktops, laptops, server endpoints, endpoints in the cloud, SCADA and other IIoT devices are being caught in the dragnet of multi-endpoint breaches. Read on for more detail, best practices and advice.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Back to Basics: Building a Foundation for Cyber Integrity by Barbara Filkins - June 6, 2018 

  • Sponsored By: Tripwire, Inc.

  File integrity is at the heart of maintaining a secure cyber profile. But cyber security must also protect system integrity--the state of the infrastructure (encompassing applications, endpoints and networks) where intended functions must not be degraded or impaired by other changes or disruptions to its environments. This SANS Spotlight explores how cyber integrity weaves people, processes and technology together into a holistic framework that guards the modern enterprise against changes, whether authorized or unauthorized, that weaken security and destabilize operations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Automate Threat Detection and Incident Response: SANS Review of RSA NetWitness Platform by Ahmed Tantawy - May 10, 2018 

  • Associated Webcasts: Automate Threat Detection and Incident Response: SANS Review of RSA NetWitness
  • Sponsored By: RSA

  In a recent SANS survey, approximately 35 percent of respondents said their greatest impediment is a skills gap in their IT environments. With that in mind, we reviewed RSA NetWitness Platform, a solution that aims to bridge the human skills gap via machine learning and analytics. This review focuses on RSA NetWitness Platform and examines different views, from responding to an incident to performing an investigation and drilling down to see an activity in real time.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 10 Endpoint Security Problems Solved by the Cloud by Deb Radcliff - May 4, 2018 

  • Sponsored By: Carbon Black

  SANS surveys and testimonials from IT and security professionals indicate that endpoint security is a challenge. There is too much complexity and cost, defenses aren't keeping up, and security staff is stretched thin. This infographic explores how cloud can help address these issues.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Tailoring Intelligence for Automated Response by Sonny Sarai - May 2, 2018 

  • Associated Webcasts: Tailored Intelligence for Automated Remediation: SANS Review of IntSights\' Enterprise Intelligence and Mitigation Platform
  • Sponsored By: IntSights

  Overworked and understaffed IT security teams are trying to integrate threat intelligence into their detection, response, and protection processes -- but not very successfully. IT teams need fewer intelligence alerts and more visibility into external threats that matter to their enterprises. SANS Analyst Sonny Sarai discusses his experience reviewing IntSights' Enterprise Threat Intelligence and Mitigation Platform under simulated attack, detection, and remediation scenarios.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Back to Basics: Focus on the First Six CIS Critical Security Controls by John Pescatore - May 1, 2018 

  • Sponsored By: Tripwire, Inc.

  Post-breach investigations reveal that the majority of security incidents occur because well-known security controls and practices were not implemented or were not working as organizations had assumed. This paper explores how Version 7.0 of the Center for Internet Security (CIS) Critical Security Controls addresses the current threat landscape, emerging technologies and tools, and changing mission and business requirements around security.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security Testing and Vendor Selection with BreakingPoint by Serge Borso - April 30, 2018 

  • Associated Webcasts: BreakingPoint: A Multi-Function Tool for Application and Security Testing
  • Sponsored By: Ixia

  In this product review conducted by SANS instructor Serge Borso, we learned that BreakingPoint is more than just a network testing tool. BreakingPoint provides a unique solution that enables security assessment, vendor selection and change management. It integrates well and is easy to use. We believe the tool has great value to the security community and specifically larger enterprises in the midst of infrastructure updates and those optimizing information security programs.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing the Hybrid Cloud: Traditional vs. New Tools and Strategies A SANS Whitepaper by Dave Shackleford - April 2, 2018 

  • Associated Webcasts: Securing the Hybrid Cloud: A Guide to Using Security Controls, Tools and Automation
  • Sponsored By: Qualys

  This paper takes a look at the current state of cloud security and offers specific recommendations for security best practices, including how to use some traditional security tools and emerging solutions, while taking into account typical staffing, technology and other resource issues.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• An Evaluator’s Guide to Cloud-Based NGAV: The SANS Guide to Evaluating Next-Generation Antivirus by Barbara Filkins - March 26, 2018 

  • Associated Webcasts: Moving Endpoint Security to the Cloud: Replacing Traditional Antivirus
  • Sponsored By: VMWare Carbon Black

  The coupling between NGAV and cloud-based analytics is here. The dynamics of cloud-based analytics, which allow for near-real-time operations, bring an essential dimension to NGAV, disrupting the traditional attack model by processing endpoint activity as it happens, algorithmically looking for any kind of bad or threatening behavior, not just for malicious files. This paper covers how cloud support for NGAVs is changing the game and how to evaluate such solutions.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Stopping Advanced Malware, Pre- and Post-Execution: A SANS Review of enSilo's Comprehensive Endpoint Security Platform by Dave Shackleford - March 20, 2018 

  • Associated Webcasts: Stop Really Nasty Malware, Pre- and Post-Execution: A SANS Review of the enSilo Endpoint Security Platform
  • Sponsored By: Ensilo

  Sophisticated malware is the new weapon of choice for criminals and nation states. A multilayered self-defending security solution--agnostic to operating systems, mitigating malware in real-time, enabling pre- and post-execution--is needed to defend against cyber attacks. In this review, SANS Instructor and Analyst Dave Shackleford tests enSilo's response against advanced malware and ransomware threats and explores how enSilo's features can alleviate burden on security staff.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Pinpoint and Remediate Unknown Threats: SANS Review of EnCase Endpoint Security by Jake Williams - March 15, 2018 

  • Associated Webcasts: Pinpoint and Remediate Unknown Threats: SANS Review of EnCase Endpoint Security 6
  • Sponsored By: OpenText Inc.

  With the increasing prevalence of security incidents, security teams are learning quickly that the endpoint is involved in almost every targeted attack. EnCase Endpoint Security aims to help security teams focus on the most critical incidents and avoid costly data breaches. In this review, SANS analyst Jake Williams shares his tests of EnCase Endpoint Security version 6.02 and how it performs.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• VMRay Analyzer: Rapid Malware Analysis for Incident Response (IR) Teams by Matt Bromiley - March 12, 2018 

  • Associated Webcasts: VMRay Analyzer, agentless malware analysis and rapid incident response: A SANS Product Review
  • Sponsored By: VMRay

  In our hands-on testing, we found that VMRay Analyzer's agentless approach to malware analysis is an effective way to provide rapid incident response. VMRay bridges the gap between an easy-to-use interface and back-end technology that provides a novel platform for analyzing advanced threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Managing User Risk: A Review of LogRhythm CloudAI for User and Entity Behavior Analytics by Dave Shackleford - February 26, 2018 

  • Associated Webcasts: Why Insider Actions Matter: SANS Review of LogRhythm CloudAI for User and Entity Behavior Analytics
  • Sponsored By: LogRhythm

  In this product review, we explored the recently released LogRhythm CloudAI, which applies user and entity behaviour analytics (UEBA) capabilities to enhance traditional event management and security analytics toolsets to monitor behaviors tracked over time, alerting analysts to unusual events or patterns of events.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Immutability Disrupts the Linux Kill Chain by Hal Pomeranz - February 20, 2018 

  • Sponsored By: Immutable Systems

  New exploits aimed at Linux systems are able to succeed by achieving root access to the OS. But what if you could lock down the OS and enforce security policies from outside of it? This Spotlight Paper explores the concept of ‘immutability’ as a way of interdicting the Linux kill chain.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• CTI in Security Operations: SANS 2018 Cyber Threat Intelligence Survey by Dave Shackleford - February 5, 2018 

  • Associated Webcasts: Cyber Threat Intelligence Today: SANS CTI Survey Results, Part 1 Cyber Threat Intelligence Skills and Usefulness: SANS CTI Survey Results, Part 2
  • Sponsored By: Rapid7 Inc. Anomali DomainTools ThreatConnect IntSights

  The survey focuses on how organizations could collect security intelligence data from a variety of sources, and then recognize and act upon indicators of attack and compromise scenarios in a timely manner. Although some CTI trends continued this year, we definitely saw several differences in a number of areas, which are noted in the research. From this year's results, it is obvious that CTI collection, integration and use within security teams are maturing.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• DNS: An Asset, Not a Liability by Matt Bromiley - January 30, 2018 

  • Associated Webcasts: DNS: An Asset, Not a Liability
  • Sponsored By: InfoBlox

  The Domain Name System, or DNS, is crucial to billions of Internet users daily, but it comes with issues that organizations must be aware of. Attackers are abusing DNS to conduct attacks that bring businesses to their knees. Fortunately, with the right detection and analysis mechanisms in place, security teams can turn DNS vulnerabilities into enterprise assets.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Building the New Network Security Architecture for the Future by Sonny Sarai - January 22, 2018 

  • Associated Webcasts: In a Perfect World...Building the Network Security Architecture for the Future
  • Sponsored By: NETSCOUT Systems, Inc.

  With the move to cloud services, software-defined networks and IoT devices, the game has changed in terms of defining an organization's network. Current network security architecture doesn't offer the visibility required for modern-day networks, much less guard against threats roaming within them. This white paper examines key elements of the network of the future and their optimal implementation.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SOC Automation-Deliverance or Disaster by Eric Cole, PhD - December 11, 2017 

  • Sponsored By: DFLabs

  Learn how to strike a balance between security alerts that can be automated with minimal impact and the higher-risk alerts that need to be handled by analysts.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security and Operations - An Overlooked But Necessary Partnership by Sonny Sarai - December 4, 2017 

  • Associated Webcasts: Security and Ops Hacks
  • Sponsored By: Rapid7 Inc.

  This paper explores ways to foster cooperation between Security and Operations groups for better visibility into threats and threat pathways, while improving overall protection and network hygiene.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Minerva Labs: Using Anti-Evasion to Block the Stealth Attacks Other Defenses Miss by Eric Cole, PhD - December 4, 2017 

  • Associated Webcasts: Using Anti-Evasion to Block Stealth Attacks with Minerva Labs
  • Sponsored By: Minerva Labs

  Attackers routinely use evasion to evade baseline anti-malware tools and ultimately compromise endpoints. How can enterprises prevent such intrusions without relying on after-the-fact detection? This paper explores a unique approach to preventing evasive malware from infecting endpoints, using Minerva's Anti-Evasion Platform to automatically block threats without ever scanning files or processes. SANS Reviewer Eric Cole, PhD, shares his findings regarding the ability of Minerva's Anti-Evasion Platform to block such evasive threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Updated: Out with the Old, In with the New: Replacing Traditional Antivirus by Barbara Filkins - December 1, 2017 

  • Associated Webcasts: Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV
  • Sponsored By: VMWare Carbon Black

  This updated version of the 2016 paper that included the SANS guide to evaluating next-generation antivirus provides the background information organizations need to assist them in their efforts to procure next-generation antivirus. Review this document to establish your overall road map and help resolve any questions you may have on the procurement process after reading the companion piece: "SANS Step-by-Step Guide for Procuring Next-Generation Antivirus".

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Step by Step Guide for Procuring Next-Generation Antivirus by Barbara Filkins - November 30, 2017 

  • Associated Webcasts: Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV
  • Sponsored By: VMWare Carbon Black

  This document outlines a procurement process you can use and customize when upgrading to NGAV. The key steps to successful procurement do not change and should apply to any NGAV procurement project.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• NGAV RFP by Barbara Filkins - November 30, 2017 

  • Associated Webcasts: Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV
  • Sponsored By: VMWare Carbon Black

  This document is a standalone RFP for selecting a next-generation antivirus (NGAV) solution. For more information on how to procure NGAV, be sure to access the Step by Step Guide for Procuring Next-Generation Antivirus.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• NGAV RFP Evaluation Master Template by Barbara Filkins - November 30, 2017 

  • Associated Webcasts: Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV Next-Generation Antivirus (NGAV) Buyer\'s Guide: Successful Strategies for Choosing and Implementing NGAV
  • Sponsored By: VMWare Carbon Black

  Click on the link in this file to access the Excel spreadsheet designed to help you compare the vendors from whom you have collected RFP information.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cloud Security: Defense in Detail if Not in Depth by Dave Shackleford - October 31, 2017 

  • Associated Webcasts: Cloud Security: Defense in Detail if Not in Depth. Part 1: Using Cloud Services to Address the Cloud Threat Environment Cloud Security: Defense in Detail if Not in Depth. Part 2: Changes Make the Cloud More Secure, but Is InfoSec Changing Even More? Cloud Security: Defense in Detail if Not in Depth. Part 1: Using Cloud Services to Address the Cloud Threat Environment
  • Sponsored By: Qualys Mcafee LLC BMC Software, Inc. Forcepoint LLC

  Survey respondents feel that they lack visibility, auditability and effective controls to monitor everything that goes on in their public clouds. We are, however, seeing increased use of security controls within cloud provider environments and wider use of security-as-a-service (SecaaS) solutions to achieve in-house and external security and compliance requirements. Related findings and best practices are discussed in the following report.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Closing the Skills Gap with Analytics and Machine Learning by Ahmed Tantawy - October 30, 2017 

  • Associated Webcasts: Closing the Skills Gap with Analytics and Machine Learning Closing the Skills Gap with Analytics and Machine Learning
  • Sponsored By: RSA

  It is important that IT departments leverage automated analytics and machine learning solutions that connect the dots between seemingly random events and provide much-needed context, visibility and actionable advice. In this paper, we explain how to utilize and integrate analytics and machine learning to reduce the load on security professionals, while increasing visibility and accurately predicting attackers' next steps.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Blueprint for CIS Control Application: Securing the Oracle E-Business Suite by Barbara Filkins - October 26, 2017 

  • Sponsored By: Onapsis

  This paper looks at how the Critical Security Controls can be used to secure Oracle's E-Business Suite (EBS), using an approach that considers application- as well as network-related issues.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2017 State of Application Security: Balancing Speed and Risk by Jim Bird - October 24, 2017 

  • Associated Webcasts: Application Security on the Go! SANS Survey Results, Part 1 Application Breaches and Lifecycle Security: SANS 2017 Application Security Survey, Part 2 Application Security on the Go! SANS Survey Results, Part 1 Application Breaches and Lifecycle Security: SANS 2017 Application Security Survey, Part 2 Application Breaches and Lifecycle Security: SANS 2017 Application Security Survey, Part 2
  • Sponsored By: Tenable WhiteHat Security Rapid7 Inc. Veracode Synopsys

  Agile teams deliver working software every few weeks. High-speed cross-functional DevOps teams push software changes directly to production multiple times each day. Organizations are taking advantage of cloud platforms and on-demand services, containerization, and automated build and continuous delivery pipelines. All of this radically changes how development teams—and their security/risk management teams—think and work. Read on to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Enhance Your Investigations with Network Data by Matt Bromiley - October 19, 2017 

  • Associated Webcasts: Enhance Your Investigations with Network Data
  • Sponsored By: Cisco Systems

  Network forensics is its own specialized field that often introduces complex protocols, jargon, and analysis techniques that are potentially confusing to practitioners. But particular artifacts can be leveraged to determine the attack sequence and to offer a more complete picture of the breach. In this white paper, SANS analyst and instructor Matt Bromiley examines the power of network forensics and why it should be incorporated into all incident response investigations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Targeted Attack Protection: A Review of Endgame’s Endpoint Security Platform by Dave Shackleford - October 17, 2017 

  • Associated Webcasts: Targeted Attack Protection: SANS Review of Endgame\'s endpoint security platform
  • Sponsored By: Endgame

  SANS Analyst Dave Shackleford presents his experience reviewing Endgame's Managed Detection and Response Services under real-world threats in a simulated environment.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• AppSec: ROI Justifying Your AppSec Program Through Value-Stream Analysis by Jim Bird - October 4, 2017 

  • Sponsored By: Veracode

  In this paper we focus narrowly on the impact of application security on the end-to-end software development value chain. We also look at ways to identify and balance cost and risk to help you decide which tools and practices are most practical and cost effective for your organization.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Next-Gen Protection for the Endpoint: SANS Review of Carbon Black Cb Defense by Jerry Shenk - September 14, 2017 

  • Associated Webcasts: EDR + NGAV Working Together: SANS Review of Carbon Black Cb Defense
  • Sponsored By: Carbon Black

  In today’s threat landscape, organizations wanting to shore up their defenses need endpoint tools that not only detect, alert and prevent malware and malware-less attacks, but also provide defenders a road map of the systems and pathways attackers took advantage of. Our review shows that Carbon Black’s Cb Defense does all this and more with a high degree of intelligence and analytics. Utilizing a cloud-based delivery system, it makes informed decisions on subtle user and system behaviors that we wouldn’t otherwise see with traditional antivirus tools. Importantly, it saved us time: Manual correlation and false positives are among the top 10 time-consuming tasks IT professionals hate, according to a recent article in Dark Reading.2 Rather than toggling between separate security systems, tra c logs and so on, we used a single cloud interface—through drill-down and pivot—to determine whether a threat was a false positive or real.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Asking the Right Questions: A Buyer's Guide to Dynamic Scanning to Secure Web Applications by Barbara Filkins - September 12, 2017 

  • Associated Webcasts: Asking the Right Questions about Dynamic Scanning to Secure Web Applications: A Buyer\'s Guide to App Sec Scanning Tools
  • Sponsored By: Veracode

  Securing a web apps across its lifecycle is fundamentally different than securing an app born inside a secure perimeter. The selection of tools designed to scan running applications is more complex and challenging select than are conventional tools as the threat these are designed to counter is also more intensive and more pervasive. This makes the choice of tool critical. We walk you through the various parameters involved in the decision-making process in this paper.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Sensitive Data at Risk: The SANS 2017 Data Protection Survey by Barbara Filkins - September 5, 2017 

  • Associated Webcasts: Sensitive Data Everywhere: Results of SANS 2017 Data Protection Survey
  • Sponsored By: Mcafee LLC InfoBlox

  Ransomware, insider threat and denial of service are considered the top threats to sensitive data by respondents to the 2017 SANS Data Protection Survey. User credentials and privileged accounts represented the most common data types involved in these breaches reported in the survey, spotlighting the fact that access data is prized by attackers. The experiences of respondents with compromised data provide valuable lessons for security professionals.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Efficiency of Context: Review of WireX Systems Incident Response Platform by Jerry Shenk - September 5, 2017 

  • Associated Webcasts: The Efficiency of Context: Review of WireX Network Forensics Platform
  • Sponsored By: WireX Systems

  WireX Systems officials think they have found the way to slash the time it takes to spot an intruder by making it easier for mere mortals to read and understand network traffic and identify early signs of a breach. Contextual Capture, a key feature of the WireX Network Forensics Platform, is designed to turn every SOC member into a valuable analyst by providing easy-to-use forensics history (for periods of months) using a unique and intuitive query interface. WireX NFP also creates investigation workflows that can be used by the entire security team to accelerate alert validation and incident response.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2017 Threat Landscape Survey: Users on the Front Line by Lee Neely - August 14, 2017 

  • Associated Webcasts: Security Whack-a-Mole: SANS 2017 Threat Landscape Survey Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
  • Sponsored By: Qualys Mcafee LLC FireEye Cylance

  Endpoints-and the users behind them-are on the front lines of the battle: Together they represent the most significant entry points for attackers obtaining a toehold into the corporate network. Users are also the best detection tool organizations have against real threats, according to the 2017 SANS Threat Landscape survey. Read on for more detail on the types of attacks occurring and their impact on organizations and their security.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Road Map to a Secure, Smart Infrastructure by Barbara Filkins - August 9, 2017 

  • Associated Webcasts: Roadmap to a Secure Smart Infrastructure
  • Sponsored By: Rapid7 Inc.

  This paper provides a multifaceted security approach for securing infrastructure systems that are being targeted by attackers and malware.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey by Eric Cole - July 31, 2017 

  • Associated Webcasts: The SANS 2017 Insider Threat Survey: Mounting an Effective Defense Against Insider Threat The SANS 2017 Insider Threat Survey: Mounting an Effective Defense Against Insider Threat
  • Sponsored By: Rapid7 Inc. Dtex Systems Haystax Technology

  It is easy, while evaluating attack vectors, researching competitors and gauging the threat from organized crime or foreign adversaries, to conclude that external attacks should be the primary focus of defense. This conclusion would be wrong. The critical element is not the source of a threat, but its potential for damage. This survey highlights the importance of managing internal threats as the key to winning at cyber security.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Automating Cloud Security to Mitigate Risk by Dave Shackleford - July 20, 2017 

  • Associated Webcasts: Automating Cloud Security to Mitigate Risk
  • Sponsored By: Skybox Security, Inc.

  As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. This paper explores the potential security challenges enterprises face as they migrate to any kind of cloud setup and offers guidance to ensure a smooth migration to new solutions.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing Industrial Control Systems-2017 by Bengt Gregory-Brown - July 11, 2017 

  • Associated Webcasts: The 2017 State of Industrial Control System Security-Part 1: Personnel, Threats and Tools The 2017 State of Industrial Control System Security—Part 2: Protection, Prevention and Convergence
  • Sponsored By: Tripwire, Inc. Tempered Great Bay Software PAS Nozomi Networks

  We annually gather and analyze raw data from hundreds of IT and industrial control systems (ICS) security practitioners. Our mission is to turn these inputs into actionable intelligence to support new developments and address trends in the field to inform the crucial business decisions. Here we report on these trends and other changes that make active use of ICS as a core enabler for business imperatives and provide actionable advice for today's security practitioners.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Complying with Data Protection Law in a Changing World by Benjamin Wright - June 27, 2017 

  • Associated Webcasts: Complying with Data Protection Law in a Changing World
  • Sponsored By: Forcepoint LLC

  Failure to meet legal and political expectations for data security can expose your enterprise to fines, lawsuits, negative publicity and regulatory investigations. These expectations are rapidly evolving across the world, making it difficult for enterprises to effectively protect their brands. This white paper reveals the major steps a large, multinational enterprise can take to assure the public, authorities and business partners that it is behaving responsibly and is on a commendable path of compliance.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Zero-Touch Detection and Investigation of Cloud Breaches: A Review of Lacework's Cloud Workload Security Platform by Matt Bromiley - June 27, 2017 

  • Associated Webcasts: Effortless Detection and Investigation of Cloud Breaches: A Review of Lacework\'s Zero Touch Cloud Workload Security Platform
  • Sponsored By: Lacework

  Today's increasingly dynamic cloud environments present new challenges to security practitioners. With security talent in short supply, tailoring old policy-and-logs approaches to the needs of an organization can require time and resources it just doesn't have. In this review, SANS analyst and instructor Matt Bromiley shares his experience using Lacework's new Zero Touch Cloud Workload Security Platform to mitigate these challenges.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Testing Web Apps with Dynamic Scanning in Development and Operations by Barbara Filkins - June 15, 2017 

  • Associated Webcasts: Using Dynamic Scanning to Secure Web Apps in Development and After Deployment
  • Sponsored By: Veracode

  Building secure web applications requires more than testing the code to weed out flaws during development and keeping the servers on which it runs up to date. Public-facing web apps remain the primary source of data breaches. To keep web apps secure, IT ops groups are increasingly adopting Dynamic Application Security Testing (DAST) tools. Learn how DAST tools can reduce dev costs and security flaws; how to avoid organizational gaps between dev and ops that can make remediation difficult; and other AppSec/vulnerability scanning issues.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Show Must Go On! The 2017 SANS Incident Response Survey by Matt Bromiley - June 12, 2017 

  • Associated Webcasts: SANS 2017 Incident Response Survey Results - Part 1: Attack, Response and Maturity SANS 2017 Incident Response Survey Results—Part 2: Threat Intelligence and Improving Incident Response Capabilities
  • Sponsored By: Guidance Software Mcafee LLC LogRhythm IBM AlienVault Anomali

  Overall, the results of 2017 Incident Response survey were very promising. Organizations are building IR teams that suit their environments and their unique set of issues. Malware still looms as the root cause of a large majority of incidents; and IR teams still suffer from a shortage of skilled staff, lack of ownership and business silo issues. Read on to examine the results of the survey and guidelines and feedback to spur improvements.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security by Design: The Role of Vulnerability Scanning in Web App Security by Barbara Filkins - June 7, 2017 

  • Associated Webcasts: The Role of Vulnerability Scanning in Web App Security
  • Sponsored By: Netsparker

  The growth in custom applications in the cloud has increased organizations' security exposure. Although more organizations want to test and remediate during development, this doesn't address the thousands of existing, potentially vulnerable, apps already online. Modern web scanners can help by highlighting areas of likely vulnerability. Their speed and automation can make them a valuable part of a multilayered scanning and monitoring program.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Using Cloud Deployment to Jump-Start Application Security by Adam Shostack - May 24, 2017 

  • Associated Webcasts: Choosing the Right Path to Application Security
  • Sponsored By: Veracode

  The cloud has significantly changed corporate application development. Now that releases come every few days rather than once or twice a year, AppSec is now squeezed into tiny windows of time. The speed, repetitiveness and changes in responsibility associated with these changes make it hard for traditional approaches to work. What are the choices and best practices for security within AppSec? How can you leverage the cloud to work for you? Attend this webcast and be among the first to receive access to the associated whitepaper developed by Adam Shostack.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Network Security Infrastructure and Best Practices: A SANS Survey by Barbara Filkins - May 23, 2017 

  • Associated Webcasts: Network Security Infrastructure and Best Practices: A SANS Survey
  • Sponsored By: NETSCOUT Systems, Inc.

  Network infrastructure is the key business asset for organizations that depend on geographically dispersed data centers and cloud computing for their critical line-of-business applications. Consistent performance across links and between locations must be maintained to ensure timely access to data, enabling real-time results for decision making. The following pages provide guidance on how to approach common challenges faced by both the network and security operational teams in managing interrelated security and performance problems.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Future SOC: SANS 2017 Security Operations Center Survey by Christopher Crowley - May 16, 2017 

  • Associated Webcasts: SOCs Grow Up to Protect, Defend, Respond: Results of the 2017 SANS Survey on Security Operations Centers, Part 1 Future SOCs: Results of the 2017 SANS Survey on Security Operations Centers, Part 2
  • Sponsored By: Tripwire, Inc. LogRhythm NETSCOUT Systems, Inc. Carbon Black ThreatConnect Endgame

  The primary strengths of security operations centers (SOCs) are flexibility and adaptability, while their biggest weakness is lack of visibility. Survey results indicate a need for more automation across the prevention, detection and response functions. There are opportunities to improve security operations, starting with coordination with IT operations. SOCs can improve their understanding how to serve the organization more effectively and their use of metrics.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Conquer Targeted Email Threats: SANS Review of Agari Advanced Threat Protection by Dave Shackleford - May 9, 2017 

  • Associated Webcasts: How to Conquer Targeted Email Threats: SANS Review of Agari Advanced Threat Protection
  • Sponsored By: AGARI

  Why are our traditional email and endpoint security tools failing us? First, most email deployments lack any authentication of outside senders. Given this vulnerability, it’s trivial to execute spoo ng and falsi ed email content that purports to come from a trusted entity the recipient knows and trusts. Second, attackers are using cloud-based email and “detection-busting” techniques such as fake identities, deceptive sender names and phony domains to beat defenses. Clearly, given the prevalence of email-borne threats, protecting email infrastructure and end users needs to be a high priority for all security teams today. To this end, SANS had the opportunity to review Agari Enterprise Protect and the Agari Email Trust Platform.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Deception Matters: Slowing Down the Adversary with illusive networks® by Eric Cole, PhD - May 1, 2017 

  • Associated Webcasts: Deception Matters: Slowing the Adversary with illusive networks
  • Sponsored By: Illusive Networks

  Deception is an effective defense against targeted attacks that leverages a false map of cyber assets to boost the odds of finding an adversary early and mitigate overall damage. The adversary is tricked into a cyber rabbit hole of fake systems with fake libraries and DNS servers, counteracting the attacker's every move. In this review, SANS Fellow Eric Cole recounts his review of illusive networks' deception and protection capabilities to show cyber deception in action.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• A New Era in Endpoint Protection by Dave Shackleford - April 26, 2017 

  • Associated Webcasts: A New Era in Endpoint Protection: A SANS Product Review of CrowdStrike Falcon Endpoint Protection
  • Sponsored By: CrowdStrike, Inc.

  Conventional antivirus solutions aren’t keeping pace with today's threats. There's a lot of fear, uncertainty and doubt around replacing antivirus with next-generation antivirus solutions, particularly in legacy environments. Learn what NGAV actually is; where it fits into the IT infrastructure; and how to easily utilize CrowdStrike's Falcon cloud-based services against a variety of threats first-generation AV normally wouldn't catch. SANS analyst Dave Shackleford explains and presents his findings.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Hunter Strikes Back: The SANS 2017 Threat Hunting Survey by Rob Lee and Robert M. Lee - April 25, 2017 

  • Associated Webcasts: Threat Hunting-Modernizing Detection Operations: The SANS 2017 Threat Hunting Survey Results | Part 1 Reducing Attacks and Improving Resiliency: The SANS 2017 Threat Hunting Survey Results | Part 2
  • Sponsored By: Rapid7 Inc. Anomali DomainTools ThreatConnect Sqrrl Data, Inc. Malwarebytes

  Threat hunting is a focused and iterative approach to searching out, identifying and understanding adversaries that have entered the defender’s networks. Results just in from our new SANS 2017 Threat Hunting Survey show that, for many organizations, hunting is still new and poorly defined from a process and organizational viewpoint.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Integrating Prevention, Detection and Response Work Flows: SANS Survey on Security Optimization by G.W. Ray Davidson, PhD - April 19, 2017 

  • Associated Webcasts: Impact of Isolated Cyber Security Functions: A SANS Survey
  • Sponsored By: ThreatConnect

  Are the prevention, detection, response and prediction functional groups operating in unison with shared data and workflow, or are they remaining true to the tradition of operational silos in most technology groups? In this survey, we analyze satisfaction with staffing levels, tools and management-support architectures to help provide best practices and guidance for IT security practitioners.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Speed and Scalability Matter: Review of LogRhythm 7 SIEM and Analytics Platform by Dave Shackleford - April 13, 2017 

  • Associated Webcasts: Speed and Scalability Matter: SANS Review of LogRhythm 7 SIEM and Analytics Platform

  Just how scalable, fast and accurate are SIEM tools when under load? To find out, we put the LogRhythm 7.2 Threat Lifecycle Management Platform to the test. We found that its clustered Elasticsearch indexing layer supported large log volumes of security and event data during simulated events that would require investigation and remediation.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SOC-as-a-Service: All the Benefits of a Security Operations Center Without the High Costs of a DIY Solution by Sonny Sarai - March 28, 2017 

  • Associated Webcasts: SOC in the Cloud: A review of Arctic Wolf SOC Services
  • Sponsored By: Arctic Wolf Networks

  Security Operations Centers are increasingly important in today's enterprises - they protect against intrusions, damaging DDoS attacks and data security breaches, as well as help with investigation and remediation. But how can midsize enterprises get the same SOC advantages as their large enterprise peers?

  This paper explores how Arctic Wolf Networks' CyberSOC can help midsize organizations roll out a SOC-as-a-Service, thereby leveraging the benefits of a SOC without the high costs of a DIY solution.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 by John Pescatore - March 20, 2017 

  • Associated Webcasts: 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

  Attackers are always changing their methods, but some cybersecurity trends are clear--and identifying these trends will help security professionals plan for addressing these issues in the coming year. Attacks will continue, and many will be successful. While security professionals should try to prevent a breach, it's far more critical to uncover breaches quickly and mitigate damage. Another significant trend for 2017: expanding current security measures to better protect data in the cloud and to address the security shortcomings of the Internet of Things. Even while fighting daily security fires, security managers can expect boards of directors to show more interest in their efforts. Board members are keenly aware that breaches can be high-profile catastrophes for companies, and they are also concerned that the organizations they oversee are in compliance with new and more stringent regulations. This whitepaper covers the latest and best security hygiene and common success patterns that will best keep your organization off the "Worst Breaches of 2017" lists.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing DNS Against Emerging Threats: A Hybrid Approach by John Pescatore - March 16, 2017 

  • Associated Webcasts: Protecting Business Mobility Against Emerging Threats
  • Sponsored By: InfoBlox

  This paper looks at the impact of mobility and new attack vectors on DNS-related risk and outlines use cases for securing DNS services more effectively. It also examines the use of a hybrid model of on-premises and cloud-based services to improve the security posture of organizations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cyber Threat Intelligence Uses, Successes and Failures: The SANS 2017 CTI Survey by Dave Shackleford - March 14, 2017 

  • Associated Webcasts: Cyber Threat Intelligence in Action-Skills and Implementations: Results of the 2017 Cyber Threat Intelligence Survey Part 1 Cyber Threat Intelligence in Action-Effectiveness of CTI Programs and Wish Lists for the Future: Results of the 2017 Cyber Threat Intelligence Survey Part 2
  • Sponsored By: Arbor Networks Rapid7 Inc. Lookingglass Cyber Solutions, Inc. Anomali DomainTools ThreatConnect

  Respondents' biggest challenges to effective implementation of cyber threat intelligence (CTI) are lack of trained staff, funding, time to implement new processes, and technical capability to integrate CTI, as well as limited management support. Those challenges indicate a need for more training and easier, more intuitive tools and processes to support the use of CTI in today's networks. These and other trends and best practices are covered in this report.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Preparing for Compliance with the General Data Protection Regulation (GDPR) A Technology Guide for Security Practitioners by Benjamin Wright - March 7, 2017 

  • Associated Webcasts: Complying with the General Data Protection Regulation: A Guide for Security Practitioners
  • Sponsored By: Skybox Security, Inc.

  The General Data Protection Regulation (GDPR) is the latest data security legislation in the European Union. When it goes into effect, it can apply widely to various organizations, including those without a physical presence in the European Union. What does this complex regulation mean and what does your organization need to do to comply? This paper explains these as well as how to identify a Data Protection Officer and what this person needs to know to be effective. It also provides a checklist for compliance with concise, practical information your organization can begin using now.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Next-Gen Endpoint Risks and Protections: A SANS Survey by G. W. Ray Davidson, PhD - February 27, 2017 

  • Associated Webcasts: Next-Gen Endpoints Risks and Protections: A SANS Survey Part 1: New Devices and Risks Next-Gen Endpoints Risks and Protections: A SANS Survey Part 2: Next-Gen Protection and Response
  • Sponsored By: Guidance Software Sophos Inc. Carbon Black IBM Malwarebytes Great Bay Software

  Results of this survey suggest that we may need to broaden the definition of an endpoint to include users, as the two most common forms of attack reported are directed at users. Lack of adequate patching programs also results in endpoint compromises, despite reported centralized endpoint management. Results also point to the need for improved detection, response, automation of remediation processes.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• DevSecOps Transformation: The New DNA of Agile Business by Dave Shackleford - February 21, 2017 

  This is an additional resource that accompanies the analyst paper, "The DevSecOps Approach to Securing Your Code and Your Cloud". To view the paper please click this link.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Moving Toward Better Security Testing of Software for Financial Services by Steve Kosten - February 7, 2017 

  • Associated Webcasts: Enhanced Application Security for the Financial Industry Enhanced Application Security for the Financial Industry
  • Sponsored By: Synopsys

  The financial services industry (FSI) maintains high-value assets and typically operates in a very complex environment. Applications of all types--web applications, mobile applications, internal web services and so forth--are being developed quickly in response to market pressures by developers with limited security training and with relatively immature processes to support secure application development. This combination presents a juicy target for attackers, and data shows that the FSI continues to be a top target. Attempts to introduce security into the application life cycle frequently face challenges such as a lack of available application security expertise, concerns about costs for tooling, and a fear among product owners that security processes might impede the development cycle and slow their response to market conditions. This paper explores why the applications are being targeted, what is motivating the attackers and what some inhibitors of application security are. Most important, this paper specifies some best practices for developing a secure development life cycle to safeguard applications in the FSI.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The DevSecOps Approach to Securing Your Code and Your Cloud by Dave Shackleford - February 7, 2017 

  • Sponsored By: CloudPassage

  DevSecOps, at heart, is about collaboration. More specifically, it is continual collaboration between information security, application development and IT operations teams. Having all three teams immersed in all development and deployment activities makes it easier for information security teams to integrate controls into the deployment pipeline without causing delays or creating issues by implementing security controls after systems are already running. Despite the potential benefits, getting started with DevSecOps will likely require some cultural changes and considerable planning, especially when automating the configuration and security of assets in the cloud. To help the shift toward a more collaborative culture, security teams need to integrate with the developers who are promoting code to cloud-based applications to show they can bring quality conditions to bear on any production code push without slowing the process. Security teams should also work with QA and development to define the key qualifiers and parameters that need to be met before any code can be promoted. This paper also has an additional resource titled, "DevSecOps Transformation: The New DNA of Agile Business". The resource can be accessed by clicking this link.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Digital Ghost: Turning the Tables by Michael J. Assante - February 1, 2017 

  • Associated Webcasts: Digital Ghost: Turning the Tables on Cyber Attacks in Industrial Systems
  • Sponsored By: GE

  The complex weave of digital technology relies heavily on hyperconnected systems to move data and unlock value through analytics. The benefits are real, but the stakes involved require a serious look at the potential downsides, including the risk of cyber attacks. Organizations embracing technology innovation should not focus solely on efficiency and productivity, for innovation done correctly can also reduce the risks that come with expanding digital touchpoints.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Back to Basics: Focus on the First Six CIS Critical Security Controls by John Pescatore - January 24, 2017 

  • Sponsored By: Tripwire, Inc.

  Rather than a lack of choices in security solutions, a major problem in cyber security is an inability to implement mature processes - many organizations lack a defined and repeatable process for selecting, implementing and monitoring the security controls that are most effective against real-world threats. This paper explores how the Center for Internet Security (CIS) Critical Security Controls has proven to be an effective framework for addressing that problem.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Countering Impersonation, Spearphishing and Other Email-Borne Threats: A Review of Mimecast Targeted Threat Protection by Jerry Shenk - January 24, 2017 

  • Associated Webcasts: Mimecast Targeted Threat Protection
  • Sponsored By: Mimecast Services Limited

  The FBI estimates that between October 2013 and August 2015, more than 7,000 U.S.-based organizations lost a total of $748 million to business email scams. Such scams rely on the same tricks as confidence artists in the real world: the appearance of legitimacy and the tendency of victims to go along with requests that appear to be on the up-and-up, without checking to be sure. In this whitepaper, SANS senior analyst Jerry Shenk evaluates Targeted Threat Protect, an email-security service from Mimecast that is focused on stopping sophisticated phishing attacks. Among its most difficult targets: “whaling” attacks that spoof high-level executives asking for sensitive data, access or the transfer of money to accounts owned by scammers.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Implementing the Critical Security Controls by Jim D. Hietala - January 24, 2017 

  • Associated Webcasts: Secure Configuration in Action (and How to Apply It)
  • Sponsored By: Tripwire, Inc.

  This paper serves as a how-to for organizations in various stages of implementing the controls and offers two real-world examples of CIS Control adoption. The case studies are based on real-time interviews with the people behind the efforts and includes the security environments before the implementation, the challenges experienced in adopting the controls and the benefits they’ve experienced.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Packets Don't Lie: LogRythm NetMon Freemium Review by Dave Shackleford - January 18, 2017 

  • Associated Webcasts: Packets Don’t Lie: What’s Really Happening on Your Network?
  • Sponsored By: LogRhythm

  With more traffic than ever passing through our environments, and adversaries who know how to blend in, network security analysts need all the help they can get. At the same time, data is leaking out of our environments right under our noses. This paper investigates how LogRhythm’s Network Monitor Freemium (NetMon Freemium) Version 3.2.3 provides intelligent monitoring, and helps organizations to identify sensitive data leaving the network and to respond when loss occurs.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS 2016 Security Analytics Survey by Dave Shackleford - December 6, 2016 

  • Associated Webcasts: Security Analytics in Action: SANS Fourth Annual Security Analytics Survey - Part 1 Part 2 | SANS Security Analytics Survey Results: What\'s Working? What\'s Not?
  • Sponsored By: LogRhythm Rapid7 Inc. AlienVault Lookingglass Cyber Solutions, Inc. Anomali

  Survey respondents have become more aware of the value of analytics and have moved beyond using them simply for detection and response to using them to measure and aid in improving their overall risk posture. Still, we’ve got a long way to go before analytics truly progresses in many security organizations. Read on to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Insider Threats and the Need for Fast and Directed Response by Dr. Eric Cole - December 1, 2016 

  • Associated Webcasts: Insider Threats and the Real Financial Impact to Organizations - A SANS Survey
  • Sponsored By: Veriato

  As breaches continue to cause significant damage to organizations, security consciousness is shifting from traditional perimeter defense to a holistic understanding of what is causing the damage and where organizations are exposed. Although many attacks are from an external source, attacks from within often cause the most damage. This report looks at how and why insider attacks occur and their implications.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Reducing Attack Surface: SANS’ Second Survey on Continuous Monitoring Programs by Barbara Filkins - November 14, 2016 

  • Associated Webcasts: Vulnerabilities, Controls and Continuous Monitoring: The SANS 2016 Continuous Monitoring Survey
  • Sponsored By: Forescout Technologies BV Qualys IBM RiskIQ

  Continuous monitoring is not a single activity. Rather, it is a set of activities, tools and processes (asset and configuration management, host and network inventories, and continuous vulnerability scanning) that must be integrated and automated all the way down to the remediation workflow. Although CM is shifting focus and slowly improving, it still has a way to go to attain the maturity needed to become a critical part of an organization’s business strategy.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Forcepoint Review: Effective Measure of Defense by Eric Cole, PhD - November 9, 2016 

  • Associated Webcasts: Taking Action: Effective Measures of Defense
  • Sponsored By: Forcepoint LLC

  Effective security is all about the quality of the solution, not the quantity of products. Indeed, buying more products can make the problem worse. All of the major breaches over the last several years have had one thing in common: Multiple products were issuing alerts, but there were too many alerts and not enough people charged with monitoring and responding to them. When that is the case, putting more products in place spreads current resources even thinner--the problem gets worse, not better. This paper explains the advantages of an integrated defense-in-depth approach to security and looks at how Forcepoint's integrated solution suite meets the needs of such an approach.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Out with the Old, In with the New: Replacing Traditional Antivirus by Barbara Filkins - November 2, 2016 

  • Associated Webcasts: Ready to Replace AV? Criteria to Evaluate NGAV Solutions
  • Sponsored By: Carbon Black

  Research over the past 10 years indicates that traditional antivirus products are rarely successful in detecting smart malware, unknown malware and malware-less attacks. This doesn’t mean that antivirus is “dead.” Instead, antivirus is growing up. Today, organizations look to spend their antivirus budget on replacing current solutions with next-generation antivirus (NGAV) platforms that can stop modern attacks. This paper provides a guide to evaluating NGAV solutions.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security in a Converging IT/OT World by Bengt Gregory-Brown and Derek Harp - November 1, 2016 

  • Associated Webcasts: The Fusion of IT and OT Security: What You Need to Know
  • Sponsored By: GE

  In this paper we look at the challenges in securing ICS environments and recommendations for effective ICS security. OT cyber security is a relatively young field with few experts, but a great deal can be judiciously drawn from IT experience. The fundamentals are the same: controlling access to devices and applications; monitoring networks to identify potential issues and direct appropriate responsive action; oversight and periodic reviews of controls and their effectiveness; securing the supply chain; and securing the human factor through awareness training. It is in the design and application of these basics to the particular considerations and technical nature of control systems and process control networks (PCNs) that things diverge the most, and it is here that we will focus.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Getting C-Level Support to Ensure a High-Impact SOC Rollout by John Pescatore - October 24, 2016 

  • Associated Webcasts: Prioritizing and Planning to Ensure a High-Impact SOC Rollout
  • Sponsored By: Leidos

  To security professionals, the need for an effective SOC is obvious. But to organizational management, security is just one of many groups asking for financial and personnel resources. Security leaders who simply promise management that a SOC will provide better security or help the company avoid attacks won’t get very far. The security team must define and communicate the business benefits of investing in, establishing and optimizing a SOC over the long term.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• From the Trenches: SANS 2016 Survey on Security and Risk in the Financial Sector by G. Mark Hardy - October 18, 2016 

  • Associated Webcasts: From the Trenches, the SANS 2016 Survey on Security and Risk in the Financial Sector: Part 1 Incidents, Risks and Preparedness From the Trenches, the SANS 2016 Survey on Security and Risk in the Financial Sector: Part 2 Securing Financial Environments
  • Sponsored By: Forescout Technologies BV Guidance Software Arbor Networks WhiteHat Security NSFOCUS

  The financial services industry is under a barrage of ransomware and spearphishing attacks that are rising dramatically. These top two attack vectors rely on the user to click something. Organizations enlist email security monitoring, enhanced security awareness training, endpoint detection and response, and firewalls/IDS/IPS to identify, stop and remediate threats. Yet, their preparedness to defend against attacks isn’t showing much improvement. Read on to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security and Accountability in the Cloud Data Center: A SANS Survey by Dave Shackleford - October 10, 2016 

  • Associated Webcasts: Security and Accountability in the Cloud, the SANS 2016 Cloud Security Survey: Part 2 - Changes in Cloud Security Security and Accountability in the Cloud, the SANS 2016 Cloud Security Survey: Part 1 - Breach Landscape and the Top Threats and Challenges
  • Sponsored By: Mcafee LLC Rapid7 Inc. IBM CloudPassage Bitglass

  Despite risk that is higher than more controlled on-premises traditional non-cloud systems, this survey found that almost a quarter of respondents (24%) are in organizations adopting a “cloud first” strategy. Using public cloud or on-premises applications as appropriate led the way, chosen by 46% of respondents, and 30% of respondents said they prefer on-premises applications. Read on to learn more about the state of cloud security and what we need to do to improve it.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Taking Action Against the Insider Threat by Eric Cole, PhD - October 5, 2016 

  • Associated Webcasts: Taking Action Against Insider Threats Taking Action Against Insider Threats
  • Sponsored By: Dtex Systems

  Most organizations tend to focus on external threats, but insider threats are increasingly taking center stage. Insider threats come not only from the malicious insider, but also from infiltrators and unintentional insiders as well. Why are insider threats so common and why do they have such a significant impact? What is the difference between the different types of insider threats and the degree of risk they can constitute?

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security Intelligence and the Critical Security Controls v6 by G. W. Ray Davidson, PhD - September 29, 2016 

  • Sponsored By: LogRhythm

  Security data is everywhere—in our logs, feeds from security devices (IDS/IPS/ rewalls, whitelists, etc.), network and endpoint systems, anomaly reports, access records, network tra c data, security incident and event monitoring (SIEM) systems, and even in applications hosted in the cloud. All of this data—and the processes that use them— combine to form an organization’s security intelligence ecosystem. The major challenge of managing this ecosystem of security data is tying all these bits of data together and automating their correlation and use, with the goal of faster detection, prevention, continued security improvement and ultimately, reduced risk.1 The key to success is through automation and integration, according to the CIS Critical Security Controls, which is now in version 6.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Threat Intelligence: What It Is, and How to Use It Effectively by Matt Bromiley - September 19, 2016 

  • Sponsored By: NSFOCUS

  In today’s cyber landscape, decision makers constantly question the value of their security investments, asking whether each dollar is helping secure the business. Meanwhile, cyber attackers are growing smarter and more capable every day. Today’s security teams often nd themselves falling behind, left to analyze artifacts from the past to try to determine the future. As organizations work to bridge this gap, threat intelligence (TI) is growing in popularity, usefulness and applicability.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Data Breaches: Is Prevention Practical? by Barbara Filkins - September 13, 2016 

  • Associated Webcasts: Breach Detected! Could It Have Been Prevented?
  • Sponsored By: Palo Alto Networks

  Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches – and what security and IT practitioners actually are, or are not, implementing for prevention.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Intelligent Network Defense by Jake Williams - September 8, 2016 

  • Associated Webcasts: Intelligent Network Security
  • Sponsored By: ThreatSTOP

  When an army invades a sovereign nation, one of the defenders’ first goals is to disrupt the invader’s command and control (C2) operations. The same is true when cyber attackers invade your network. Network defenders must prevent adversary communication, stopping the attack in its tracks while alerting the incident response (IR) team to the point of compromise and nature of the attack. Read on to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Hunting with Prevention by Dave Shackleford - August 24, 2016 

  • Associated Webcasts: Using an Attacker Technique-Based Approach for Prevention
  • Sponsored By: Endgame

  Traditional endpoint protection such as antivirus, while effective in some cases, is no match for the ever-changing techniques that attackers use to get past defenses, according to multiple SANS surveys.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Protect the Network from the Endpoint with the Critical Security Controls by G. W. Ray Davidson, PhD - August 22, 2016 

  • Sponsored By: Forescout Technologies BV

  The endpoint is rapidly evolving and often the first vector of attack into enterprises, according to the SANS 2016 State of Endpoint Security Survey. As such, all endpoints should be considered potentially hostile.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Generating Hypotheses for Successful Threat Hunting by Robert M. Lee and David Bianco - August 15, 2016 

  Threat hunting is a proactive and iterative approach to detecting threats. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated. One of the human’s key contributions to a hunt is the formulation of a hypotheses to guide the hunt. This paper explores three types of hypotheses and outlines how and when to formulate each of them.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The SANS State of Cyber Threat Intelligence Survey: CTI Important and Maturing by Dave Shackleford - August 15, 2016 

  • Associated Webcasts: The State of Cyber Threat Intelligence: Part 1: How Cyber Threat Intelligence Is Consumed and Processed The State of Cyber Threat Intelligence: Part 2: The Value of CTI
  • Sponsored By: Arbor Networks Hewlett Packard NETSCOUT Systems, Inc. Rapid7 Inc. AlienVault Anomali

  It’s 2016, and the attacks (and attackers) continue to be more brazen than ever. In this threat landscape, the use of cyber threat intelligence (CTI) is becoming more important to IT security and response teams than ever before. This paper provides survey results along with advice and best practices for getting the most out of CTI.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Exploits at the Endpoint: SANS 2016 Threat Landscape Survey by Lee Neely - August 10, 2016 

  • Associated Webcasts: 2016 Threat Landscape Survey Report: Europe Edition 2016 Threat Landscape Survey Report
  • Sponsored By: Check Point Software Technologies, Inc.

  The perfect storm it is upon us: Users with their many devices are falling victim to phishing and ransomware at alarming rates, with user actions at the endpoint representing the most common entry points allowing threats into organizations. Results reveal that ransomware, which spreads by phishing and web downloads, is the No. 1 type of malware making its way into organizations. Read on to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Healthcare Provider Breaches and Risk Management Road Maps: Results of the SANS Survey on Information Security Practices in the Healthcare Industry by Barbara Filkins - July 19, 2016 

  • Associated Webcasts: Health Care Provider Breaches and Risk Management Roadmaps: Part 2 - Health Care Security from the Top Down
  • Sponsored By: Forescout Technologies BV WhiteHat Security Carbon Black Trend Micro Inc. Anomali Great Bay Software

  The number of attack surfaces continues to rise as the use of mobile medical- and health-related apps grows and as electronic health records (EHR) become ever more embedded in clinical settings. As this survey shows, many attacks stem from insiders with access, whether through simple negligence, malicious intent or just plain curiosity. To get the specifics, read on …

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Decision Criteria and Analysis for Hardware-Based Encryption by Eric Cole, PhD - July 13, 2016 

  • Associated Webcasts: Decision Criteria and Analysis for Hardware-Based Encryption
  • Sponsored By: THALES e-Security

  Organizations trying to balance the risk of data breaches against the inconvenience, latency and cost of encrypting every bit of valuable data often balk at the trade-off. But with the volume of digital data growing and computing environments becoming more complex and accessible, the ratio of cost to benefit has improved and encryption is now far more common in organizations that rely heavily on Internet- or cloud-connected applications for significant business functions.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Case for PIM/PAM in Today's Infosec by Barbara Filkins - June 30, 2016 

  • Associated Webcasts: The Case for PIM/PAM in Today's Infosec
  • Sponsored By: CA, Inc.

  To see how serious a threat the misuse of privileged credentials represents, look no further than the astonishing scope of the breach discovered in 2015 at the United States Office of Personnel Management (OPM). To realize how often similar threats become real, look no further than the 2016 Verizon Data Breach Incident Report (DBIR), which found that privilege misuse was the second-most frequent cause of security incidents and the fourth-most common cause of breaches.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS 2016 State of ICS Security Survey by Derek Harp and Bengt Gregory-Brown - June 28, 2016 

  • Associated Webcasts: Where Are We Now?: The SANS 2016 ICS Survey
  • Sponsored By: Arbor Networks Carbon Black Anomali Belden

  Analysis of survey data collected between January and April 2016 indicates that security for ICSes has not improved in many areas and that many problems identified as high-priority concerns in our past surveys remain as prevalent as ever. In this report we focus on identifying and prioritizing recommendations to address the greatest concerns.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey by Barbara Filkins - June 20, 2016 

  • Associated Webcasts: Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey
  • Sponsored By: PivotPoint Risk Analytics

  Results of this survey, conducted in conjunction with Advisen, Ltd., make it clear that the effort to achieve a common understanding of cyber insurance and derive value from it will require focused attention from all sides. This study also sets a direction toward a common, achievable goal: reducing the risk of financial loss from a cyber incident. The gaps identified in this survey come together to form the building blocks needed to achieve this goal.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Infographic: Financial Apps at Risk by - June 7, 2016 

  • Sponsored By: Veracode

  View the associated whitepaper here: https://www.sans.org/reading-room/whitepapers/analyst/understanding-security-regulations-financial-services-industry-37027

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Incident Response Capabilities in 2016: The 2016 SANS Incident Response Survey by Matt Bromiley - June 7, 2016 

  • Associated Webcasts: Incident Response Capabilities in 2016 - Part 1: The Current Threat Landscape and Survey Results Incident Response Capabilities in 2016 - Part 2: Emerging Trends in Incident Response and Survey Results
  • Sponsored By: IBM Security Mcafee LLC Arbor Networks LogRhythm NETSCOUT Systems, Inc. HP Enterprise Security AlienVault Veriato

  Results of the 2016 Incident Response Survey indicate that the IR landscape is ever changing. Advanced industries are able to maintain effective IR teams, but as shown in this report, there are still hurdles to jump to increase the efficiency of many IR teams. Read this report to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Understanding Security Regulations in the Financial Services Industry by David Hoelzer - June 3, 2016 

  • Sponsored By: Veracode

  View the associated infographic here: https://www.sans.org/reading-room/whitepapers/analyst/infographic-financial-apps-risk-37042

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Blueprint for CIS Control Application: Securing the SAP Landscape by Barbara Filkins - May 26, 2016 

  • Associated Webcasts: A Blueprint to Secure SAP Applications Using CIS Controls As a Guide
  • Sponsored By: Onapsis

  Any data breach can be expensive, but the potential cost rises with the value or exploitability of the data targeted in an attack.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Assessing Application Security: A Buyer's Guide by Barbara Filkins - May 23, 2016 

  • Sponsored By: Veracode

  Organizations realize that application security (AppSec) is key to protecting their data and the IT assets that contain it.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2016 State of Application Security: Skills, Configurations and Components by Johannes Ullrich, PhD - April 26, 2016 

  • Associated Webcasts: Managing Applications Securely: A SANS Survey
  • Sponsored By: WhiteHat Security Veracode Checkmarx Inc.

  Survey results reveal that it is critical for an overall enterprise security program to coordinate efforts among developers, architects and system administrators—particularly since many software vulnerabilities are rooted in configuration issues or third-party components, not just in code written by the development team. Read on to learn more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Improving Application and Privilege Management: Critical Security Controls Update by John Pescatore - April 25, 2016 

  • Associated Webcasts: Overcome Privilege Management Obstacles with CSC v. 6
  • Sponsored By: Appsense

  •  Login
  •  Join SANS.org

• ---

• Threat Hunting: Open Season on the Adversary by Dr. Eric Cole - April 12, 2016 

  • Associated Webcasts: Open Season on Cyberthreats: Part 2- Threat Hunting Methodologies and Tools Open Season on Cyberthreats: Part I- Threat Hunting 101
  • Sponsored By: HPE Carbon Black DomainTools Endgame Sqrrl Data, Inc. Malwarebytes

  Nearly 86% of organizations responding to the survey want to be doing the hunting, albeit informally, as more than 40% do not have a formal threat hunting program in place. Results indicate that hunting is providing benefits, including finding previously undetected threats, reducing attack surfaces and enhancing the speed and accuracy of response by using threat hunting. They also suggest that organizations want to improve their threat-hunting programs and realize more benefits from threat hunting.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Can We Say Next-Gen Yet? State of Endpoint Security by G. W. Ray Davidson, PhD - March 16, 2016 

  • Associated Webcasts: SANS 2016 Endpoint Security Survey Part 1: The Evolving Definition of Endpoints SANS 2016 Endpoint Security Survey Part 2: Can We Say Next-Gen Yet?
  • Sponsored By: Guidance Software IBM Security Sophos Inc. Malwarebytes Great Bay Software

  The survey results show that although conventional devices such as desktops and servers represent the largest segment of endpoints connected to the network, the variety of endpoints is growing quickly. Read this survey results paper for insight into endpoint management strategies and processes.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Using Metrics to Manage Your Application Security Program by Jim Bird - March 14, 2016 

  • Associated Webcasts: Benchmarking AppSec: A Metrics Pyramid
  • Sponsored By: Veracode

  In this paper, we’ll look at the first steps in measuring your AppSec program, starting with how to use metrics to understand what is working and where you need to improve, to identify and solve problems, and to build a case for making further investments in your program. Ultimately, the goal is to make AppSec part of the organization’s culture, and ensure it’s relevant to business units and meaningful to executives.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Active Breach Detection: The Next-Generation Security Technology? by Dave Shackleford - March 11, 2016 

  • Associated Webcasts: Is Active Breach Detection the Next-Generation Security Technology?
  • Sponsored By: EastWind Networks

  A SANS Whitepaper written by Dave Shackleford

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• A DevSecOps Playbook by Dave Shackleford - March 8, 2016 

  • Associated Webcasts: A DevSecOps Playbook
  • Sponsored By: CloudPassage

  Enterprise computing is going through a major transformation of infrastructure and IT delivery models, one that is at least as disruptive as the move from mainframe computing to client/server (Internet) architectures. With client/server architectures, the change in hardware was the most obvious difference, but the more meaningful transformation was IT organizations’ new ability to build custom systems and software much more quickly, with far greater flexibility and at lower cost than had been possible during the mainframe era.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Who, What, Where, When, Why and How of Effective Threat Hunting by Robert M. Lee and Rob Lee - March 1, 2016 

  • Associated Webcasts: Threat Hunting
  • Sponsored By: Sqrrl Data, Inc.

  The chances are very high that hidden threats are already in your organization’s networks. Organizations can’t afford to believe that their security measures are perfect and impenetrable, no matter how thorough their security precautions might be. Having a perimeter and defending it are not enough because the perimeter has faded away as new technologies and interconnected devices have emerged. Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools by, for example, making their attacks look like normal activity.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Quantifying Risk: Closing the Chasm Between Cybersecurity and Cyber Insurance by Barbara Filkins - February 25, 2016 

  • Sponsored By: PivotPoint Risk Analytics

  Sponsored by PivotPoint Risk Analytics, in conjunction with Advisen.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Getting Started with Web Application Security by Gregory Leonard - February 10, 2016 

  • Associated Webcasts: Getting Started with Web Application Security
  • Sponsored By: Veracode

  •  Login
  •  Join SANS.org

• ---

• Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices by Lee Neely - February 9, 2016 

  • Associated Webcasts: Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices
  • Sponsored By: Skycure

  The ubiquitous use of mobile devices results in a mixture of corporate and personal data stored on devices that are online continuously, seamlessly connecting to the closest available network, downloading and uploading data whenever possible, and carried with users continuously. This trend has radically changed the landscape of data protection.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Using Analytics to Predict Future Attacks and Breaches by Dave Shackleford - February 9, 2016 

  • Associated Webcasts: Predicting Future Attacks and Breaches: Analytics in Action
  • Sponsored By: SAS INSTITUTE INC

  The pace and sophistication of data breaches is growing all the time. Anyone with valuable secrets can be a target, and likely already is. According to the Privacy Rights Clearinghouse, at the time of this writing, 884,903,517 records were breached in 4,621 incidents documented since 2005. This number is just an estimate based on publicly disclosed and well-documented incidents; the real number is likely much higher. According to data available from datalossdb.org, the size of the major breaches over the past several years has grown significantly.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Eliminating Blind Spots: A New Paradigm of Monitoring and Response by Dave Shackleford - February 4, 2016 

  • Associated Webcasts: A New Paradigm of Monitoring and Response
  • Sponsored By: Raytheon | Websense

  •  Login
  •  Join SANS.org

• ---

• IT Security Spending Trends by Barbara Filkins - February 2, 2016 

  • Associated Webcasts: SANS 2016 IT Security Spending Strategies Survey
  • Sponsored By: Arbor Networks Gigamon

  This paper assumes security budgeting occurs as part of each organization's yearly cost management cycle. Readers will explore the what, why, where and how of IT security spending and will get advice on how to better meet the challenge of aligning security spending processes with organizational needs.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Why You Need an Application Security Program by Johannes B. Ullrich, PhD - January 28, 2016 

  • Associated Webcasts: Why You Need Application Security
  • Sponsored By: Veracode

  •  Login
  •  Join SANS.org

• ---

• Guarding Beyond the Gateway: Challenges of Email Security by Barbara Filkins - January 6, 2016 

  • Associated Webcasts: Guarding Beyond the Gateway: Modern Challenges of Email Security
  • Sponsored By: Mimecast Services Limited

  Learn how to maximize the trustworthiness of email services through changes to infrastructure and how to use your systems to improve the performance of the human firewall.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cleaning Up After a Breach Post-Breach Impact: A Cost Compendium by Barbara Filkins - December 14, 2015 

  • Associated Webcasts: Post-Breach Impact: A Cost Compendium
  • Sponsored By: Spirion

  Read this report to explore the factors that influence the financial impact on the organization in the post-breach environment: forensic analysis, system repair and data recovery, legal and insurance considerations, additional controls, customer support and losses to brand and reputation.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• LogRhythm 7 Review: Reducing Detection and Response Times by Dave Shackleford - December 10, 2015 

  • Associated Webcasts: Scaling Big Data Analytics: SANS Review of LogRhythm 7 Analytics and Intelligence Upgrades
  • Sponsored By: LogRhythm

  Although we have made progress in the use of analytics and intelligence, the latest SANS Security Analytics survey shows 26 percent of respondents feel they still cant understand and baseline normal behavior in their IT environments, with a majority citing a lack of people and dedicated resources as an impediment.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Advancing Endpoint Protection and Compliance with Promisec Endpoint Manager by Jake Williams - December 10, 2015 

  • Associated Webcasts: Ensuring Compliance and Detecting Suspicious Activity with Promisec Endpoint Manager
  • Sponsored By: Promisec

  A review by SANS analyst and instructor Jake Williams of Promisec Endpoint Manager (PEM). It discusses PEMs effectiveness in detecting and remediating endpoint issues.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Intrusion Prevention with HPE TippingPoint by Dave Shackleford - December 7, 2015 

  • Associated Webcasts: New Frontiers in Intrusion Protection
  • Sponsored By: Hewlett Packard

  A review by Dave Shackleford of HPEs TippingPoint 2600NX IPS and its management platform. It examines the device's analytic and operational features and discusses the integration of such devices with security information and event management (SIEM) systems as wells as external threat information.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Protect Against Advanced Email-Borne Malware, Phishing and Social Media Fraud: A SANS Guide by Jerry Shenk - December 2, 2015 

  • Sponsored By: ProofPoint

  Organizations are constantly under attack. Nearly every week comes a news headline of another breach affecting millions of people. Organizations that experience 'small' breaches spend hundreds of thousands of dollars on forensic examinations, infrastructure upgrades and identity monitoring. Those that get hit by a large breach spend millions.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing SSH with the CIS Critical Security Controls by Barbara Filkins - November 30, 2015 

  • Associated Webcasts: Securing SSH Itself with the Critical Security Controls
  • Sponsored By: Venafi, Inc

  A SANS Analyst Program whitepaper by Barb Filkins. It discusses how the Critical Security Controls—coupled with good configuration management processes—can support the effort required to avoid the risks inherent to SSH.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2015 Analytics and Intelligence Survey by Dave Shackleford - November 10, 2015 

  • Associated Webcasts: Security Analytics Maturation Curve: Part 1 of the 3rd Annual SANS Security Analytics and Intelligence Survey Moving up the Analytics Maturation Curve: Part 2 of the 3rd Annual SANS Security Analytics and Intelligence Survey
  • Sponsored By: LogRhythm AlienVault Lookingglass Cyber Solutions, Inc. SAS INSTITUTE INC Anomali DomainTools

  Although survey results indicate slow and steady progress in the use of analytics and intelligence, most analytics programs lack maturity. Read this survey to understand what is missing and learn where most organizations plan to invest funds to drive improvement.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security Automation: Security Nirvana or Just a Fad? by Jerry Shenk - November 3, 2015 

  • Associated Webcasts: Security Automation: Security Nirvana or Just A Fad?
  • Sponsored By: Symantec

  Security breaches have become so frequent that often, they don’t even make news.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Expanding Role of Data Analytics in Threat Detection by Barbara Filkins - October 27, 2015 

  • Associated Webcasts: The Expanding Role of Data Analytics in Threat Detection
  • Sponsored By: Vectra Networks Inc.

  •  Login
  •  Join SANS.org

• ---

• What Are Their Vulnerabilities?: A SANS Survey on Continuous Monitoring by David Hoelzer - October 27, 2015 

  • Associated Webcasts: What Are Their Vulnerabilities? A SANS Continuous Monitoring Survey
  • Sponsored By: Tenable Arbor Networks HP AlienVault

  This report offers an analysis of the survey findings and recommendations for improving practices. It also offers a definition of what a mature program should look like now and in the future. The goal, ultimately, is to provide a metric by which organizations can gauge their own progress in an objective way.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Behind the Curve? A Maturity Model for Endpoint Security by G. Mark Hardy - October 22, 2015 

  • Associated Webcasts: Behind the Curve? Getting Started on Endpoint Security Maturity

  •  Login
  •  Join SANS.org

• ---

• Detecting a Targeted Data Breach with Ease: A SANS Product Review by Jake Williams - October 21, 2015 

  • Associated Webcasts: Implementing Active Breach Detection

  A product review by Jake Williams. It examines LightCyber Magna, focusing on its effectiveness in detecting reconnaissance, lateral movement, data exfiltration and other threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The State of Dynamic Data Center and Cloud Security in the Modern Enterprise by Dave Shackleford - October 13, 2015 

  • Associated Webcasts: Dynamic Data Center Security
  • Sponsored By: Illumio

  As organizations' data centers become more dynamic and the need to scale quickly in complex architectures grows, security will need to adapt accordingly. Read this survey results paper to learn the challenges hybrid data centers face, along with some of the steps you can take to update current practices to enhance security for the dynamic data centers in use today.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Automating the Hunt for Hidden Threats by Eric Cole, PhD - October 1, 2015 

  • Associated Webcasts: Automating the Hunt for Network Intruders
  • Sponsored By: Endgame

  An Analyst Program whitepaper by Dr. Eric Cole. It defines the process of automating the hunt for threats, and discusses how to deploy a continuous threat-hunting process while preparing a team to analyze threats to protect critical processes and data.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Orchestrating Security in the Cloud by Dave Shackleford - September 22, 2015 

  • Sponsored By: HP Intel CloudPassage Evident.io

  Survey results indicate a strong need to keep security close to the data as it traverses cloud systems. Findings also indicate a need to integrate monitoring capabilities across hybrid environments and partnership with public cloud providers for full-spectrum visibility and response. Learn more by in this survey report focusing on cloud security.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Combatting Cyber Risks in the Supply Chain by Dave Shackleford - September 9, 2015 

  • Associated Webcasts: Combatting Cyber Risks in the Supply Chain
  • Sponsored By: Raytheon | Websense

  By some estimates, up to 80% of breaches may originate in the supply chain. Read this paper to get some guidance on best practices to protect your organization from vulnerabilities introduced by your vendors and suppliers.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Retail Security: Third-Party Interaction by Eric Cole, PhD - September 4, 2015 

  • Associated Webcasts: Retail Security: PCI DSS and Third Party Interactions
  • Sponsored By: Tenable

  •  Login
  •  Join SANS.org

• ---

• A Proactive Approach to Incident Response by Jake Williams - August 31, 2015 

  • Associated Webcasts: A Proactive Approach to Incident Response
  • Sponsored By: Blue Coat Systems, Inc.

  •  Login
  •  Join SANS.org

• ---

• Using Hardware-Enabled Trusted Crypto to Thwart Advanced Threats by John Pescatore - August 28, 2015 

  • Associated Webcasts: Thwarting Advanced Threats with Trusted Crypto
  • Sponsored By: THALES e-Security

  •  Login
  •  Join SANS.org

• ---

• Protecting Third Party Applications with RASP Infographic by - August 27, 2015 

  • Associated Webcasts: Protecting Third Party Applications with RASP

  •  Login
  •  Join SANS.org

• ---

• Detect, Contain and Control Cyberthreats by Eric Cole, PhD - August 20, 2015 

  • Associated Webcasts: Detect, Contain, and Control Cyberthreats
  • Sponsored By: Raytheon | Websense

  An Analyst Program whitepaper by Dr. Eric Cole. It discusses the value of prioritizing mitigation efforts based on known risks and high- value targets, and how doing so can reinforce network defenses.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Race to Detection: A Look at Rapidly Changing IR Practices by Alissa Torres - August 19, 2015 

  • Associated Webcasts: The Race to Detection: IR Trends, Tools and Processes That Close the Gap
  • Sponsored By: Carbon Black

  With the rapidly changing risk environment, those assigned to protect their organizations must be agile in adapting technology to meet the challenges presented to them. Read this paper to learn what leading incident response practices are doing, and what they plan for the future.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Insider-Focused Investigation Made Easier by Dave Shackleford - August 18, 2015 

  • Associated Webcasts: The Value of Real-Time Pattern Recognition
  • Sponsored By: Raytheon | Websense

  A review by SANS analyst and instructor Dave Shackleford of Raytheon|Websense SureView Insider Threat. It discusses the product's ability to assist security teams in their efforts to mitigate the threats posed by trusted insiders.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Maturing and Specializing: Incident Response Capabilities Needed by Alissa Torres - August 17, 2015 

  • Associated Webcasts: Part 1: Incident Response - What Is (and Isn't) Working Today Part 2: Incident Response - How Can We Be More Proactive for the Future?
  • Sponsored By: Mcafee LLC Arbor Networks Hewlett Packard Rapid7 Inc. Carbon Black AlienVault

  Survey results reveal an increasingly complex response landscape and the need for automation of processes and services to provide both visibility across systems and best avenues of remediation. Read this paper for coverage of these issues, along with best practices and sage advice.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Observation and Response: An Intelligent Approach by J. Michael Butler - August 7, 2015 

  • Associated Webcasts: Tracking and Observation-How-To and What To Watch For
  • Sponsored By: Anomali

  A SANS Analyst Program whitepaper by J. Michael Butler. It discusses how properly focused observation and tracking efforts provide intelligence from inside the enterprise by monitoring for indicators of compromise such as odd point-in-time activities on the network, unusual machine-to-machine communications, outbound transfers, connection requests and many other suspicious activities.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Beyond the Point of Sale: Six Steps to Stronger Retail Security by Robert L. Scheier - July 28, 2015 

  • Associated Webcasts: Analyst Webcast: Securing Retail Beyond the Cash Register--Insider Threats and Targeted Attacks
  • Sponsored By: Palo Alto Networks

  A whitepaper by Robert Scheier. It addresses the complex nature of IT in the retail environment and outlines a six-step process for enhancing security of small shopkeepers as well as big-box chains.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The State of Security in Control Systems Today by Derek Harp and Bengt Gregory-Brown - June 24, 2015 

  • Associated Webcasts: The State of Security in Control Systems Today: A SANS Survey Webcast
  • Sponsored By: Tenable SurfWatch Labs

  By reading this report, ICS professionals will gain insight into the challenges facing peers, as well the approaches being employed to reduce the risk of cyberattack.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security Spending and Preparedness in the Financial Sector: A SANS Survey by Jaikumar Vijayan - June 23, 2015 

  • Associated Webcasts: SANS 2nd Financial Sector Security Survey
  • Sponsored By: Arbor Networks LogRhythm VSS Monitoring, Inc. AlienVault

  Financial services organizations are being breached too often. Find out how the threat landscape and the tools to secure data are changing in the 2015 SANS Financial Services Survey.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Six Steps to Stronger Security for SMBs by Eric Cole, PhD - June 23, 2015 

  • Associated Webcasts: Six Steps to Stronger Security for SMBs
  • Sponsored By: Qualys

  An Analyst Program whitepaper by Dr. Eric Cole. It describes a six-step approach that small and medium-size businesses can use as a template for enhancing their overall security posture.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Enabling Big Data by Removing Security and Compliance Barriers by Barbara Filkins - June 17, 2015 

  • Associated Webcasts: Big Data: Identifying Major Threats and Removing Security and Compliance Barriers
  • Sponsored By: Cloudera

  The rewards that big data can bring are widely recognized: scientific insight, competitive intelligence and improved fraud detection, as well as the benefits derived from sophisticated analyses of vast sets of transactional and behavioral data.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Conquering Network Security Challenges in Distributed Enterprises by John Pescatore - June 11, 2015 

  • Associated Webcasts: Conquering Network Security Challenges in Distributed Enterprises
  • Sponsored By: Palo Alto Networks

  Enterprises continue to have difficulties detecting, blocking and responding to threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• New Critical Security Controls Guidelines for SSL/TLS Management by Barbara Filkins - June 4, 2015 

  • Associated Webcasts: Meeting New CSC Guidelines for SSL Certificate Management
  • Sponsored By: Venafi, Inc

  Security flaws like Heartbleed, POODLE, BEAST and a series of high-profile certificate thefts and misappropriations have shaken public confidence in "secure" SSL/TLS certificates. It is possible for organizations to safeguard themselves and retain most of the benefits of using the web's most common authentication system, however, as long as they're rigorous about setting and enforcing the right policies on who do trust among many questionable nodes in the global network of trust.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Improving Detection, Prevention and Response with Security Maturity Modeling by Byron Acohido - May 29, 2015 

  • Associated Webcasts: The Value of Adopting and Improving Security Maturity Models
  • Sponsored By: HP

  An Analyst Program whitepaper written by Byron Acohido. It discusses various security maturity models and how organizations can use them to improve their defense posture while reducing the time needed to respond to incidents and contain the damage.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing Portable Data and Applications for a Mobile Workforce by Jaikumar Vijayan - May 13, 2015 

  • Associated Webcasts: Securing Portable Data and Applications on Enterprise Mobile Workspaces: A SANS Survey
  • Sponsored By: Ironkey by Imation

  Explore the challenges of securing a mobile workforce while enabling a desktop environment for mobile workers.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2015 State of Application Security: Closing the Gap by Jim Bird, Eric Johnson, Frank Kim - May 12, 2015 

  • Associated Webcasts: 2015 Application Security Survey, Part 2: Builder Issues 2015 Application Security Survey, Part 1: Defender Issues
  • Sponsored By: Qualys WhiteHat Security Hewlett Packard Veracode Waratek

  Explore the current state of application security through the lens of both builders and defenders and find out how much progress has been made in securing applications over the last 12 months.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Case for Visibility: SANS 2nd Annual Survey on the State of Endpoint Risk and Security by Jacob Williams - May 5, 2015 

  • Associated Webcasts: Assume Compromise and Protect Your Endpoints: SANS 2nd Survey on Endpoint Security
  • Sponsored By: Guidance Software

  Read the results of the 2015 Endpoint Security Survey to find out whether organizations assume risk, whether their perimeter defenses protect their endpoints, how much progress we are making on automation, how long it takes to remediate each compromised endpoint, and much more.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Protection from the Inside: Application Security Methodologies Compared by Jacob Williams - April 27, 2015 

  • Associated Webcasts: Analyst Webcast: RASP vs. WAF: Comparing Capabilities and Efficiencies
  • Sponsored By: HP

  A SANS Analyst Program review by Jacob Williams. This webcast will explore the relative capabilities and efficiencies of RASP and WAF technologies, and discuss a blind, vendor-anonymous review of a representative product in each category.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Building a World-Class Security Operations Center: A Roadmap by Alissa Torres - April 15, 2015 

  • Sponsored By: RSA

  Explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6 by Dave Shackleford - April 1, 2015 

  • Associated Webcasts: Analyst Webcast: Simplifying Compliance and Forensic Requirements with HP ArcSight Logger
  • Sponsored By: Hewlett Packard

  A review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Creating an SOC by Alissa Torres - March 31, 2015 

  • Associated Webcasts: Creating a Roadmap for Dramatically Improving Your Strategic Security Operations
  • Sponsored By: RSA

  Graphically explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Enabling Large-Scale Mobility with Security from the Ground Up by Jaikumar Vijayan - March 30, 2015 

  • Associated Webcasts: Analyst Webcast: Enabling Enterprise Mobility With Security From The Ground Up
  • Sponsored By: Symantec

  A SANS Analyst Program whitepaper written by Jaikumar Vijayan and advised by SANS Analyst G. Mark Hardy. It discusses the state of enterprise mobility and the challenges posed to information technology groups by the massive influx of personal and corporate-owned mobile devices in the workplace in recent years.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Enabling Large-Scale Mobility with Security from the Ground Up Infographic by Jaikumar Vijayan - March 30, 2015 

  • Associated Webcasts: Analyst Webcast: Enabling Enterprise Mobility With Security From The Ground Up
  • Sponsored By: Symantec

  A SANS Analyst Program infographic based on the whitepaper, Enabling Large-Scale Mobility with Security from the Ground Up. It offers a graphical interpretation of the paper's keytakeaways and supplemental data.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Automation in the Incident Response Process: Creating an Effective Long-Term Plan by Alissa Torres - March 4, 2015 

  • Associated Webcasts: Automating the Incident Response Process
  • Sponsored By: Carbon Black

  With the right resources in place, attackers can be detected more accurately and efficiently, mitigating damage and data loss from inevitable network attacks. This paper presents a proper process and procedure for incident response that includes the use of automation tools.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Who's Using Cyberthreat Intelligence and How? by Dave Shackleford - February 16, 2015 

  • Associated Webcasts: Who's Using Cyberthreat Intelligence and How? Part 1: Definitions, Tools and Standards Who's Using Cyberthreat Intelligence and How? Part 2: Best Practices to Improve Incident Detection and Response
  • Sponsored By: Arbor Networks Carbon Black BeyondTrust AlienVault SurfWatch Labs Anomali

  In the last several years, we've seen a disturbing trend-attackers are innovating much faster than defenders are. We've seen the "commercialization" of malware, with attack kits available on underground forums for anyone who wants to perpetrate a variety of attacks.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Critical Security Controls: What's NAC Got to Do with IT? by Deb Radcliff, Editor - February 4, 2015 

  • Associated Webcasts: Mapping Next-Generation NAC to the Critical Security Controls
  • Sponsored By: Forescout Technologies BV

  •  Login
  •  Join SANS.org

• ---

• Protecting Access to Data and Privilege with Oracle Database Vault by Pete Finnigan - January 29, 2015 

  • Associated Webcasts: Analyst Webcast: Securing Oracle Databases Made Easy
  • Sponsored By: Oracle

  A review of Oracle Database Vault 12c by security expert Pete Finnigan. Oracle Database Vault takes advantage of built-in features of the Oracle ecosystem, and provides a holistic approach to data security management.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• New Threats Drive Improved Practices: State of Cybersecurity in Health Care Organizations by Barbara Filkins - December 9, 2014 

  • Associated Webcasts: SANS 2nd Survey on the State of Information Security in Health Care Institutions: Part 2 SANS 2nd Survey on the State of Information Security in Health Care Institutions: Part 1
  • Sponsored By: Qualys Tenable Cigital, Inc. FireEye CloudPassage Trend Micro Inc. RiskIQ

  See the results of the 2014 SANS Health Care Cybersecurity survey.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing Personal and Mobile Device Use with Next-Gen Network Access Controls by Deb Radcliff, executive editor - November 24, 2014 

  • Associated Webcasts: Securing Personal and Mobile Device Use with Next-Gen Network Access Controls
  • Sponsored By: Forescout Technologies BV

  An updated SANS Analyst Program whitepaper. It covers the essentials of applying NAC to secure guest networking, as well as leveraging NAC for BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device) situations and ensuring endpoint compliance with network policy.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Point of Sale Systems and Security: Executive Summary by Wes Whitteker - November 20, 2014 

  • Sponsored By: Carbon Black

  The last year has seen scores of point of sale (POS) systems compromised by bad actors. In many cases, these environments were PCI-DSS compliant at the time of compromise. Executives seeking to protect their organizations and POS systems from compromise need to look beyond PCI-DSS and adopt a proactive "offense must inform defense" approach to POS security.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing DNS to Thwart Advanced Targeted Attacks and Reduce Data Breaches by John Pescatore - November 12, 2014 

  • Associated Webcasts: Protecting DNS: Securing Your Internet Address Book

  Internet traffic is severely affected when critical DNS services are not reliable or are compromised by cyber attacks. However, DNS services can be secured with the right configuration and deployment of appropriate solutions.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Be Ready for a Breach with Intelligent Response by James Tarala - November 5, 2014 

  • Associated Webcasts: Be Ready for a Breach with Intelligent Response
  • Sponsored By: Mcafee LLC

  By preparing a careful plan and resilient response infrastructure before an attack, organizations can limit both data loss and the reactive, post-incident expenses. The result: greatly reduced impact and costs associated with events.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Data Center Server Security Survey 2014 by Jacob Williams - October 29, 2014 

  • Associated Webcasts: Data Center Server Security: A SANS Survey
  • Sponsored By: IBM Security Mcafee LLC

  Learn how organizations are tackling the difficult problem of data center security, explore their best practices and consider improvements needed for data centers to meet compliance demands while reducing overall risk and management complexity.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Detect, Investigate, Scrutinize and Contain with Rapid7 UserInsight by Jerry Shenk - October 23, 2014 

  • Associated Webcasts: Detecting Risky Activity "Wherever" Before It Becomes A Problem
  • Sponsored By: Rapid7 Inc.

  A review of Rapid7 UserInsight by SANS senior analyst Jerry Shenk. It discusses a tool that highlights user credential misuse while tracking endpoint system details that would be valuable to an incident response team.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Breaches Happen: Be Prepared by Stephen Northcutt - October 14, 2014 

  • Associated Webcasts: Breaches Happen: Be Prepared
  • Sponsored By: Symantec

  A whitepaper by SANS Analyst and Senior Instructor Stephen Northcutt. It describes how improved malware reporting and gateway monitoring, combined with security intelligence from both internal and external resources, helps organizations meet the requirements of frameworks such as the Critical Security Controls.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Hardening Retail Security by John Pescatore - October 10, 2014 

  • Associated Webcasts: Hardening Retail Security: Why and How to Prevent Breaches and Attacks
  • Sponsored By: LogRhythm

  Read this article and learn what IT security staff in the retail industry say about their security budgets, behavioral baselining, and endpoint forensics practices.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Analytics and Intelligence Survey 2014 by Dave Shackleford - October 8, 2014 

  • Associated Webcasts: 2nd Annual Analytics and Intelligence Survey 2nd Annual Analytics and Intelligence Survey - Pt 2. Future State: Improving Intelligence and Threat Protection
  • Sponsored By: Mcafee LLC HP LogRhythm Rapid7 Inc. AlienVault Anomali

  This paper explores the use of analytics and intelligence today and exposes the impediments to successful implementation.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Ninth Log Management Survey Report by Jerry Shenk - October 3, 2014 

  • Associated Webcasts: Log and Event Management Survey
  • Sponsored By: VMWare, Inc

  Using the results of the 2014 Log Management Survey, this paper identifies strengths and weaknesses in log management systems and practices, and provides advice for improving visibility across systems with proper log collection, normalization and analysis.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Critical Security Controls: From Adoption to Implementation by James Tarala - September 18, 2014 

  • Associated Webcasts: The Critical Security Controls: From Adoption to Implementation A SANS Survey
  • Sponsored By: Qualys Tripwire, Inc. Mcafee LLC EiQnetworks

  This SANS survey report explores how widely the CSCs are being adopted, as well as what challenges adopters are facing in terms of implementation of the controls and what they are looking for to improve their implementation practices.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Data Encryption and Redaction: A Review of Oracle Advanced Security by Dave Shackleford - September 15, 2014 

  • Associated Webcasts: Simplifying Data Encryption and Redaction Without Touching the Code
  • Sponsored By: Oracle

  A review of Oracle Advanced Security for Oracle Database 12c by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including transparent data encryption (TDE) and effortless redaction of sensitive data, that seamlessly protect data without any developer effort from unauthorized access.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Insider Threats in Law Enforcement by Dr. Eric Cole - September 4, 2014 

  • Associated Webcasts: Solving Insider Threats in Law Enforcement
  • Sponsored By: Raytheon | Websense

  Based on the valuable information they have at their disposal, law enforcement agencies are among those that are prime targets for advanced attacks. While network protection can be extensive and sophisticated, the exploitation of insiders poses a serious threat for illegal access to these agencies.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Under Threat or Compromise - Every Detail Counts by Jake Williams - August 20, 2014 

  • Associated Webcasts: Under Threat or Compromise: Every Detail Counts
  • Sponsored By: Blue Coat Systems, Inc.

  This paper outlines five major components of a life-cycle approach to defense and how companies can adopt this model to maximize security in the current threat landscape.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Incident Response: How to Fight Back by Alissa Torres - August 13, 2014 

  • Associated Webcasts: Incident Response Part 1: Incident Response Techniques and Processes: Where We Are in the Six-Step Process Incident Response Part 2: Growing and Maturing An IR Capability
  • Sponsored By: Mcafee LLC AccessData Corp. Arbor Networks HP Carbon Black AlienVault

  A spate of high-profile security breaches and attacks means that security practitioners find themselves thinking a lot about incident response. A new SANS incident response survey explores how practitioners are dealing with these numerous incidents and provides insight into incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Continuous Diagnostics and Mitigation : Making it Work by John Pescatore - August 6, 2014 

  • Associated Webcasts: Continuous Diagnostics and Mitigation for Government Agencies: Is It Working? A SANS Survey
  • Sponsored By: Forescout Technologies BV IBM Security Symantec Firemon

  Security professionals in federal, state and local agencies face many unique challenges in protecting critical systems and information. The CDM program has tremendous potential for both increasing the security levels at those agencies and reducing the cost of demonstrating compliance. However, to be successful, the program must address the following: lack of awareness, low inspector general awareness and lack of information on how to use the program. For use of the program to result in better security, additional staffing and skills are needed, as are success stories to guide organizations attempting to implement CDM.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Killing Advanced Threats in Their Tracks: An Intelligent Approach to Attack Prevention by Tony Sager - July 29, 2014 

  • Associated Webcasts: Need to defeat APTs? Tony Sager Explains Where We're At With Live Threat Detection Automation
  • Sponsored By: Palo Alto Networks

  All attacks follow certain stages. By observing those stages during an attack progression and then creating immediate protections to block those attack methods, organizations can achieve a level of closed-loop intelligence that can block and protect across this attack kill chain. This paper explains the many steps in the kill chain, along with how to detect unknown attacks by integrating intelligence into sensors and management consoles.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Advanced Network Protection with McAfee Next Generation Firewall by Dave Shackleford - June 19, 2014 

  • Associated Webcasts: Analyst Webcast: Advanced Network Protection with McAfee Next Generation Firewall
  • Sponsored By: Mcafee LLC

  A review of McAfee Next Generation Firewall by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including clustering and redundancy, numerous varieties of VPN access, policy options and features such as end-user identification and advanced anti-evasion tools

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Higher Education: Open and Secure? by Randy Marchany - June 16, 2014 

  • Associated Webcasts: Higher Education: Open and Secure? A SANS Survey
  • Sponsored By: Tenable Trend Micro Inc. AlienVault

  •  Login
  •  Join SANS.org

• ---

• Practical Threat Management and Incident Response for the Small- to Medium-Sized Enterprises by Jacob Williams - June 12, 2014 

  • Associated Webcasts: Practical Threat Management and Incident Response for the Small- to Medium-Sized Enterprise
  • Sponsored By: AlienVault

  If you work in a small- to medium-sized enterprise (SME),1 you know how challenging securing your technology assets can be.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cybersecurity Professional Trends: A SANS Survey Advisors: John Pescatore, Barb Filkins, Tracy Lenzner and SANS GIAC - May 8, 2014 

  • Associated Webcasts: SANS 2014 Salary Survey: The State of Security Professionals Today
  • Sponsored By: Arbor Networks

  Survey results on evolving roles of security professionals worldwide, including new roles, titles, managerial functions, and existing and planned certifications broken out by industry and geography.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Combining Security Intelligence and the Critical Security Controls: A Review of LogRhythm's SIEM Platform by Dave Shackleford - April 23, 2014 

  • Associated Webcasts: SIEM, Security Intelligence and the Critical Security Controls
  • Sponsored By: LogRhythm

  Review of LogRhythm’s security information and event management (SIEM) platform with new security intelligence features built in for compliance.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2014 Trends That Will Reshape Organizational Security by John Pescatore - April 22, 2014 

  • Associated Webcasts: The 2014 Security Trends Forecast: What Does 2014 Hold for Security and Its Impact on Business Professionals?
  • Sponsored By: Cisco Systems Inc.

  Information for security managers to facilitate focusing their investments on the areas that are mostly likely to impact their organizations and customers over the next several years.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Improving Security Management with Real-Time Queries by Dave Shackleford - April 2, 2014 

  • Associated Webcasts: The Value of On-Demand Endpoint Visibility
  • Sponsored By: Mcafee LLC

  Product review McAfee Real Time Command with a focus on features and ease of use. Examination of its security-related features found the product to be surprisingly intuitive.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Breaches on the Rise in Control Systems: A SANS Survey by Matthew Luallen - April 1, 2014 

  • Associated Webcasts: SANS Survey on Control Systems Security
  • Sponsored By: Qualys Cisco Systems Inc. Tenable Raytheon | Websense

  Survey shows SCADA breaches on rise from 2013, and more targeted.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Risk, Loss and Security Spending in the Financial Sector: A SANS Survey by Mark Hardy - March 26, 2014 

  • Associated Webcasts: Risks, Threats and Preparedness: Part I of the SANS Financial Services Survey
  • Sponsored By: Forescout Technologies BV Cisco Systems Inc. Tenable Blue Coat Systems, Inc. Raytheon | Websense FireEye

  Survey identified key areas in which financial service employees and endpoints were most at risk, with direct losses resulting from internal abuse, spearphishing and botnet infections.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• DDoS Attacks Advancing and Enduring: A SANS Survey by John Pescatore - March 20, 2014 

  • Associated Webcasts: SANS Survey on Distributed Denial of Service
  • Sponsored By: Corero

  Survey on the state of DDoS readiness reveals more frequent and sophisticated DDoS attacks as well as lack of preparedness in many enterprises.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Finding Advanced Threats Before They Strike: A Review of Damballa Failsafe Advanced Threat Protection and Containment by Jerry Shenk - March 18, 2014 

  • Associated Webcasts: Finding Advanced Threats Before They Strike: Advanced Threat Protection and Containment
  • Sponsored By: Damballa, Inc.

  Review of Damballa Failsafe's ability to collect and analyze evidence and presents precise information about infected devices.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Case for Endpoint Visibility by Jacob Williams - March 13, 2014 

  • Associated Webcasts: Visibility at the Endpoint: The SANS 2014 Survey of Endpoint Intelligence
  • Sponsored By: Guidance Software

  Information to help security professionals track trends in endpoint protection and identify how their organization’s capabilities compare with the survey base.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Champagne SIEM on a Beer Budget by Jerry Shenk - March 12, 2014 

  • Associated Webcasts: Making Log and Event Management Easy for SMBs
  • Sponsored By: SolarWinds

  Review of SolarWinds' Log & Event Manager (LEM) ability to provide small-to-medium-size businesses the forensic intelligence, compliance and security information necessary to manage operations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Server Security: A Reality Check by Jake Williams - March 11, 2014 

  • Associated Webcasts: Server Security: A Reality Check
  • Sponsored By: Carbon Black

  Why servers are still vulnerable despite layers of security in place today.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Health Care Cyberthreat Report: Widespread Compromises Detected, Compliance Nightmare on Horizon by Barbara Filkins - March 6, 2014 

  • Associated Webcasts: Exposing Malicious Threats to Health Care IT
  • Sponsored By: Norse

  The use of threat intelligence to improve the security of information systems in the health care industry.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Calculating Total Cost of Ownership on Intrusion Prevention Technology by J. Michael Butler, Dave Shackleford - February 17, 2014 

  • Sponsored By: Cisco Systems Inc.

  Calculate the value of specific automation features in NGIPSes with which organizations can achieve savings in total cost of ownership TCO

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Protecting Virtual Endpoints with McAfee Server Security Suite Essentials by Dave Shackleford - February 14, 2014 

  • Associated Webcasts: Security Without Scanning for Today's Hybrid Datacenter
  • Sponsored By: Mcafee LLC

  A review of McAfee’s Server Security Suite Essentials that address some of the emerging challenges of securing virtual platforms and cloud environments.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Survey on Application Security Programs and Practices by Jim Bird, Frank Kim - February 12, 2014 

  • Associated Webcasts: Application Security Programs On the Rise, Skills Lacking: A SANS Survey
  • Sponsored By: Qualys Hewlett Packard Veracode

  Survey shows application security programs on the rise but skill are lacking.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing the “Internet of Things” Survey by John Pescatore - January 15, 2014 

  • Associated Webcasts: SANS Analyst Webcast: SANS Survey on Securing The Internet of Things
  • Sponsored By: Codenomicon Norse

  Survey reveals the risks introduced by an increasing array of "smart" things with wireless or Internet connections.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Database Activity Monitoring and Audit: A Review of Oracle Audit Vault and Database Firewall by Tanya Baccam - January 14, 2014 

  • Sponsored By: Oracle

  Review of Oracle Audit Vault and Database Firewall (AVDF). A platform for organizations looking to increase security with enterprise wide database activity monitoring, auditing and reporting.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Industrial Control System (ICS) Cybersecurity Response to Physical Breaches of Unmanned Critical Infrastructure Sites by Scott D. Swartz and Michael J. Assante - January 1, 2014 

  • Sponsored By: Alert Enterprise

  Physical break-ins and other unauthorized entries into unmanned critical infrastructure locations have historically been viewed only as traditional property crimes.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Fear and Loathing in BYOD by Joshua Wright - December 10, 2013 

  • Associated Webcasts: SANS Survey Results on BYOD Security Policies and Practices
  • Sponsored By: Trusted Computing Group

  Survey on mobile device security trends and techniques organizations are adopting to mitigate threats associated with mobile devices and BYOD.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Layered Security: Why It Works by Jerry Shenk - December 9, 2013 

  • Associated Webcasts: Layered Security: Why It Works
  • Sponsored By: Symantec

  How a layered approach to security provides better protection of your organization’s IT assets.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Managing Threats and Compliance While Automating the CSCs: EiQ SecureVue Review by Jerry Shenk - November 11, 2013 

  • Associated Webcasts: Managing Threats and Compliance While Automating the CSCs: EiQ SecureVue Review
  • Sponsored By: EiQnetworks

  Product review of EiQ SecureVue - a solution to provide advanced log management and security information and event management (SIEM) capabilities for the SMB-sized organizations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Finding Hidden Threats by Decrypting SSL by Michael Butler - November 8, 2013 

  • Associated Webcasts: Finding Hidden Threats by Decrypting SSL/TLS
  • Sponsored By: Blue Coat Systems, Inc.

  Paper describes the role of SSL, the role SSL decryption/inspection tools play in security, options for deploying inspection tools, and how the information generated by such inspection can be shared with other security monitoring systems.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Inaugural Health Care Survey by Barbara Filkins - October 30, 2013 

  • Associated Webcasts: The SANS Survey of IT Security in Health Care
  • Sponsored By: Tenable Oracle Trend Micro Inc. Redspin

  This survey reveals aspects of security in the health care arena from the perspective of IT security staff—managers, analysts, and executives.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Not Your Father's IPS:SANS Survey on Network Security Results by Rob VandenBrink - October 29, 2013 

  • Associated Webcasts: Analyst Webcast: Not your Father's IPS: SANS Survey on Network Security Results
  • Sponsored By: Hewlett Packard

  Survey of security professionals on network security practices today, use of IPS, technical and management capacities, and how IPS will be integrated into overall security strategy for the future.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing Web Applications Made Simple and Scalable by Gregory Leonard - October 10, 2013 

  • Associated Webcasts: Securing Web Applications Made Simple and Scalable
  • Sponsored By: Hewlett Packard

  Evaluation of HP Fortify WebInspect 10.10, an application security testing (DAST) tool.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Correlating Event Data for Vulnerability Detection and Remediation by Jacob Williams - October 8, 2013 

  • Associated Webcasts: Correlating Real-Time Event Data with SIEM for Forensics and Incident Handling
  • Sponsored By: Mcafee LLC

  Examination of how 2012 Saudi Aramco “spearphishing” attacks could have been thwarted with the help of a SIEM platform that combines the power of historical data with real-time data from network data sources and security policies.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Application Security: Tools for Getting Management Support and Funding by John Pescatore - October 4, 2013 

  • Associated Webcasts: John Pescatore Analyst Webcast - Actionable Tools for Convincing Management to Fund Application Security
  • Sponsored By: WhiteHat Security

  This paper provide tools and techniques that demonstrate the need for better application security and the appropriate level of investment.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Security Analytics Survey by Dave Shackleford - October 1, 2013 

  • Associated Webcasts: SANS Analytics and Intelligence Survey Results Part I: The Risk Landscape
  • Sponsored By: Guidance Software LogRhythm Hewlett Packard SolarWinds Hexis Cyber Solutions

  Survey on next generation of security tools shows that market is in need of analytics and intelligence wrapped around the data that is being/can be collected in organizations.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Real-World Testing of Next-Generation Firewalls by Dr. Eric Cole - September 13, 2013 

  • Associated Webcasts: Testing Next Gen Firewalls
  • Sponsored By: Fortinet, Inc. Ixia

  Advice on what to expect from a next-generation firewall, features and business needs to consider, and a test methodology for IT and business professionals to use to enhance their investments in security through enhanced firewall capabilities.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm's Security Analytics Platform by Dave Shackleford - September 10, 2013 

  • Associated Webcasts: Under Pressure: Scaling Analytics to Meet Real-Time Threats
  • Sponsored By: LogRhythm

  Evaluation of LogRhythm’s real-time analytics capabilities.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How DDoS Detection and Mitigation Can Fight Advanced Targeted Attacks by John Pescatore - September 5, 2013 

  • Associated Webcasts: How to Fight the Real DDoS Threat
  • Sponsored By: Arbor Networks

  Exploration of how DDoS is used as part of advanced targeted attacks (ATAs) and description of how DDoS detection and prevention tools and techniques can also be used against ATAs.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Simplifying Cloud Access Without Sacrificing Corporate Control: A Review of McAfees Integrated Web and Identity Solutions by Dave Shackleford - August 21, 2013 

  • Associated Webcasts: Managing Identities in the Cloud Without Sacrificing Corporate Control: A Review of McAfee
  • Sponsored By: Mcafee LLC

  Review of McAfee Web Gateway version 7.3, McAfee Cloud Single Sign On (CSSO) version 4.0 and McAfee One Time Password version 4.0, with Pledge Software Token (Pledge) version 2.0.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The SANS Survey of Digital Forensics and Incident Response by Paul Henry, Jacob Williams, and Benjamin Wright - July 18, 2013 

  • Associated Webcasts: Digital Forensics in Modern Times: A SANS Survey
  • Sponsored By: Guidance Software FireEye Carbon Black Cellebrite

  2013 Digital Forensics Survey to identify the nontraditional areas where digital forensics techniques are used.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The SANS 2013 Help Desk Security and Privacy Survey by Barbara Filkins - July 16, 2013 

  • Sponsored By: RSA

  Survey/report will serve as a starting point to promote awareness and help bridge the educational gap between what a help desk is and what a secure help desk should be.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Network and Endpoint Security "Get Hitched" for Better Visibility and Response by Jerry Shenk - July 10, 2013 

  • Associated Webcasts: Network and Endpoint Security "Get Hitched" for Better Visibility and Response
  • Sponsored By: Carbon Black

  How endpoint visibility, coordinated with network intelligence, can help identify threats not discovered by other means, determine the level of threat, recognize previously unknown threats and follow up with more accurate information for regulators and investigators.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS 2013 Critical Security Controls Survey: Moving From Awareness to Action by John Pescatore - June 25, 2013 

  • Sponsored By: Tenable Symantec EiQnetworks FireEye IBM

  Survey to determine how well the CSCs are known in government and private industry, how they are being used and what can we learn from CSC implementations to date.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Implementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age by Gal Shpantzer - June 18, 2013 

  • Associated Webcasts: Implementing Hardware Roots of Trust
  • Sponsored By: Trusted Computing Group

  Discussion of trends that are driving adoption of TPM, with advice on how to take advantage of this increasingly commonplace technology without disrupting your security infrastructure.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Reducing Risk Through Prevention: Implementing Critical Security Controls 1-4 by James Tarala - June 12, 2013 

  • Associated Webcasts: Leveraging the First Four Critical Security Controls for Holistic Improvements
  • Sponsored By: Tripwire, Inc.

  Examination of actual threats facing organizations today, methods dedicated attackers use to compromise systems using the “intrusion kill chain” as a model and specific defenses organizations can use to mitigate threat.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Need for Speed: Streamlining Response and Reaction to Attacks by Michael Butler - June 7, 2013 

  • Sponsored By: Mcafee LLC

  Exploration of how to correlate information from disparately managed systems and bring visibility to their behavior with accurate, actionable reporting in as near-real time as possible.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• 2013 SANS Mobile Application Security Survey by Kevin Johnson, James Jardine - June 6, 2013 

  • Sponsored By: SAP Global Marketing Veracode Box

  Survey to assess organizational awareness and the procedures around mobile application risk.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2 by Dave Shackleford - May 22, 2013 

  • Associated Webcasts: Advanced Intelligence in Action: Review of McAfee Enterprise Security Manager 9.2

  Review of McAfee’s Enterprise Security Manager (ESM) 9.2 with focus on fundamental SIEM features and capabilities to meet business demand for security and threat intelligence.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Your Pad or Mine? Enabling Secure Personal and Mobile Device Use On Your Network by Mark Kadrich - May 7, 2013 

  • Sponsored By: Forescout Technologies BV

  This paper discusses policies and approaches for using NAC to support guest networking and BYOD to complement and enable other mobile security controls such as Mobile Device Management (MDM).

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• The Critical Security Controls: What's NAC Got to Do with IT? by Mark Hardy - May 3, 2013 

  • Associated Webcasts: NAC Applied to the Critical Security Controls
  • Sponsored By: Forescout Technologies BV

  This paper reveals what NAC can do today, how it stacks up to many of the CSCs and what strategies are needed for successfully leveraging NAC to reduce risk, improve compliance and meet the key automation and integration requisites cited in the controls.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Next-Generation Datacenters = Next-Generation Security by Dave Shackleford - May 1, 2013 

  • Associated Webcasts: Datacenter Virtualization from a Security Perspective
  • Sponsored By: Mcafee LLC

  Whitepaper breaks down the foundations of a virtual infrastructure, examines pros and cons of security tools and controls available for risk layers, present the pros and cons of different approaches, and looks at new technology to implement protection models in virtual and cloud-based data centers.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Results of the SANS SCADA Security Survey by Matthew Luallen - February 20, 2013 

  • Associated Webcasts: Results of the SANS SCADA Security Survey
  • Sponsored By: Splunk ABB Industrial Defender

  In-depth survey of SCADA system operators to determine their risk awareness and security practices.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security Intelligence in Action: A Review of LogRhythm's SIEM 2.0 Big Data Security Analytics Platform by Dave Shackleford - December 12, 2012 

  • Sponsored By: LogRhythm

  Review of LogRhythm's SIEM 2.0 Big Data Security Analytics Platform -- the fundamental capabilities and the innovative new features.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Survey on Application Security Programs and Practices by Jim Bird, Frank Kim - December 6, 2012 

  • Sponsored By: Qualys WhiteHat Security NT Objectives, Inc Veracode

  Application security survey to understanding what works in appsec and why.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• What Is Your Mobile Content Policy? A Checklist for Content Risk Mitigation by Barbara Filkins - November 3, 2012 

  • Sponsored By: SAP Global Marketing

  Content management policies must adapt to the mobile user and the cloud, provide protection to information being accessed and processed, look at the context in which it is used and validate compliance.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Institute Product Review: Self-Service Provisioning Made Simple: A Review of Oracle Identity Manager 11g R2 by Dave Shackleford - October 22, 2012 

  • Sponsored By: Oracle

  Review of Oracle Identity Manager (OIM) 11g R2, an enterprise IAM product that offers end users a personalized experience through a friendly interface, while managing workflow approvals and executing changes at both the user and administrator levels.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Survey on Mobility/BYOD Security Policies and Practices by Kevin Johnson, Tony DeLaGrange - October 15, 2012 

  • Sponsored By: Mcafee LLC F5 Networks, Inc. Oracle RSA MobileIron Box

  Survey to determine the level of policy and controls around emerging threats against mobile devices.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Beyond Continuous Monitoring: Threat Modeling for Real-time Response by Mark Hardy - October 13, 2012 

  • Sponsored By: SecurityCoverage

  Threat modeling, through timely and accurate inputs, can be used by enterprises to mitigate and defeat attack scenarios before they fully unfold.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Own Your Network with Continuous Monitoring by Jerry Shenk - September 10, 2012 

  • Sponsored By: Tripwire, Inc.

  A look at what continuous monitoring is and how organizations can devise a solution that works for them.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing Data Center Servers: A Review of McAfee Data Center Security Suite Products by Jim Hietala - August 18, 2012 

  • Sponsored By: Mcafee LLC

  This paper explores threats to data center servers, along with key security controls required to electively protect them, and reviews how the McAfee portfolio of server products aligns with these controls.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Secure Configuration Management Demystified by Dave Shackleford - August 2, 2012 

  • Sponsored By: Tripwire, Inc.

  Paper shows how to use secure configuration concepts to reduce the overall attack surface, bring better coordination among groups within IT and elsewhere, and ultimately reduce the risk to your business by continuously improving the IT environment.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• When Breaches Happen: Top Five Questions to Prepare For by Dave Shackleford - June 17, 2012 

  • Sponsored By: Solera Networks

  This paper explores how to create processes to sort through data in the event of a breach that enable IT security and operations teams to respond immediately with actionable information.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Streamline Risk Management by Automating the SANS 20 Critical Security Controls by James Tarala - June 12, 2012 

  • Sponsored By: FireEye

  Practical considerations for automating the 20 Critical Security Controls to create a more defensible network against these increasingly automated, persistent attacks.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Eighth Annual 2012 Log and Event Management Survey Results: Sorting Through the Noise by Jerry Shenk - May 9, 2012 

  • Sponsored By: HPE Tripwire, Inc. LogLogic, Inc. LogRhythm TrustWave Corporation Splunk

  SANS’ Eighth Annual Log and Event Management Survey highlights inability of many organizations to separate normal log data from actionable events

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Reducing Federal Systems Risk with the SANS 20 Critical Controls by G. Mark Hardy - April 22, 2012 

  • Sponsored By: Tripwire, Inc. Patriot Technologies

  The 20CSCs: are they a better approach than the ten-year-old FISMA? And how will adoption ultimately enhance security and operations overall?

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Institute Product Review: Demystifying External Authorization: Oracle Entitlements Server Product Review by Tanya Baccam - April 20, 2012 

  • Sponsored By: Oracle

  Product review of Oracle Entitlements Server (OES) -- a solution that provides flexibility in access control allowing for dynamic changes, understands multiple systems and applies complex rules in a flexible manner.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Mobility/BYOD Security Survey by Kevin Johnson - March 5, 2012 

  • Sponsored By: Bradford Networks HP Enterprise Security MobileIron

  Survey determines the type of mobile device usage allowed for enterprise applications and the level of policies and controls applied to this type of usage.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Oracle Audit Vault by Tanya Baccam - March 4, 2012 

  • Sponsored By: Oracle

  Review of Oracle Audit Vault, which provides database log centralization, management, alerting and reporting across multiple databases.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Privileged Password Sharing: "root" of All Evil by J. Michael Butler - February 12, 2012 

  • Sponsored By: Quest Software

  This paper addresses the issue of managing privileged accounts and offers advice on how to move toward better centralization of privileged account management.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• NetIQ Sentinel 7 Review by Jerry Shenk - January 28, 2012 

  • Sponsored By: NetIQ

  A functional review of the latest NetIQ offering in the SEIM space that effectively addresses issues organizations are having with log collection and management.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Needle in a Haystack? Getting to Attribution in Control Systems by Matthew E. Luallen - January 17, 2012 

  • Sponsored By: Tripwire, Inc. LogRhythm Splunk

  In control system protection, mechanisms for achieving attack attribution must be implemented across physical, cyber and operational controls using additional tools.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Oracle Data Masking by Tanya Baccam - January 4, 2012 

  • Sponsored By: Oracle

  This review of Oracle Data Masking, investigates the process of implementing and using data masking to mask specific confidential data types within Oracle Database 11g.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Oracle Advanced Security by Tanya Baccam - December 9, 2011 

  • Sponsored By: Oracle

  Review of Oracle Advanced Security encryption covers important product capabilities including network encryption for data in flight and Transparent Data Encryption (TDE) for data at rest.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Critical Control System Vulnerabilities Demonstrated - And What to Do About Them by Matthew E. Luallen - November 29, 2011 

  • Sponsored By: NitroSecurity

  A study of four common infrastructures (agriculture and food, transportation, water and wastewater, and physical facilities) demonstrates what vulnerabilities could be found in specific control systems and how they might be exploited and protected.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• APT Dot Gov: Protecting Federal Systems from Advanced Threats by G. Mark Hardy - October 31, 2011 

  • Sponsored By: F5 Networks, Inc.

  This paper describes advanced threats against federal and other governmental systems and provides advice on how to identify and protect the data at risk.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Adding Enterprise Access Management to Identity Management by J. Michael Butler - October 4, 2011 

  • Sponsored By: FoxT

  This paper discusses the difference between IDM and EAM and explains how these two enterprise functions can work together for better control of access to operating systems, applications and related data.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Integrating Security into Development, No Pain Required by Dave Shackleford - September 20, 2011 

  • Sponsored By: IBM Security

  This paper looks at software development from both the security and development perspectives, and then evaluates what tools and techniques can help integrate security into development cycles without slowing down the process or creating too much overhead.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cloudy with a Chance of Better Health Care: Security and Compliance Fundamentals for Protecting e-Health Data by Barbara Filkins - September 6, 2011 

  • Sponsored By: ArcSight, an HP Company Ping Identity, Inc.

  This paper explores challenges and considerations for the use of cloud computing in health care, paying particular attention to security and compliance issues related to cloud computing.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Institute Review: Oracle Database Vault by Tanya Baccam - August 27, 2011 

  • Sponsored By: Oracle

  Review of Oracle Database Vault with Oracle Database Enterprise Edition 11g Release 2demonstrates strong performance, while making it easy to add, change and modify rules and groups. as well as gain visibility into user activity through a variety of audit and compliance reports available through the Oracle Database Vault application.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Optimized Network Monitoring for Real-World Threats by Dave Shackleford - July 1, 2011 

  • Sponsored By: VSS Monitoring, Inc.

  This paper explores current threats today’s networks face that impact monitoring capabilities, the types of gaps that exist in many current monitoring architectures, and ways that network and security monitoring can be improved through advances in traffic capture and delivery technologies such as intelligent distributed taps.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Security of Applications: It Takes a Village by Dave Shackleford - June 20, 2011 

  • Sponsored By: Adobe Systems Inc.

  This paper discusses the role of vendors and consumers in protecting against client-side application attacks.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Continuous Monitoring: What It Is, Why It Is Needed, and How to Use It by E. Eugene Schultz, Ph.D. - June 17, 2011 

  • Sponsored By: Tripwire, Inc.

  A review of continuous monitoring as defined by the NIST 800-137 guidelines.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Network Security: Theory Versus Practice by James Tarala - May 6, 2011 

  • Sponsored By: BreakingPoint

  Survey makes it clear that network security personnel are not consistent about validating the resiliency – performance, security, and stability – of the devices and systems that go into their network and data center infrastructures.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Seventh Annual Log Management Survey Report by Jerry Shenk - April 30, 2011 

  • Sponsored By: LogLogic, Inc. ArcSight, an HP Company LogRhythm Splunk Trustwave

  This annual survey has consistently identified areas in which organizations are focusing their log management initiatives and continues to provide a roadmap to the industry for future improvement.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Extending Role Based Access Control by J. Michael Butler - April 29, 2011 

  • Sponsored By: FoxT

  This paper discusses advantages and disadvantages of RBAC, along with options to consider when planning to extend RBAC to allow for centralization and standardization in a heterogeneous environment of multiple, diverse operating systems.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Implementing the 20 Critical Controls with Security Information and Event Management (SIEM) Systems by James Tarala - April 5, 2011 

  • Sponsored By: ArcSight, an HP Company

  This paper examines the top 20 controls, with advice on how to get started and an explanation of how SIEM systems can provide a central role in implementing the 20 critical controls effectively.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Managing Insiders in Utility Control Environments by Matthew E. Luallen - March 17, 2011 

  • Sponsored By: ArcSight, an HP Company Waterfall Security Industrial Defender

  This paper discusses techniques attackers use to exploit missing insider controls and offers a cohesive set of cyber, operational and physical controls to manage a range of user access types for better security and compliance in utility control environments.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• A Real-Time Approach to Continuous Monitoring by James Tarala - February 12, 2011 

  • Sponsored By: Splunk NetWitness

  The paper identifies the components of a comprehensive CM program and how organizations can use this approach to decrease risk and improve efficiency.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Compliance and Security Challenges with Remote Administration by Dave Shackleford - January 3, 2011 

  • Sponsored By: Netop

  This paper focuses on remote administration of systems with regulated data falling under the Payment Card Industry Data Security Standard (PCI DSS).

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Building a Better Bunker: Securing Energy Control Systems Against Terrorists and Cyberwarriors by Jonathan Pollet - December 9, 2010 

  • Sponsored By: Mcafee LLC NitroSecurity

  This paper, the second in the series, explains the advanced persistent threats being aimed at SCADA and utility control systems, followed by advanced measures to take against these threats.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Enabling Social Networking Applications for Enterprise Usage by Eric Cole, PhD - December 1, 2010 

  • Sponsored By: Palo Alto Networks

  Businesses must define a secure social networking policy and educate employees about the risks associated with using social networking sites.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• PCI 2.0: What's New? What Matters? What's Left? by Dave Hoelzer - November 12, 2010 

  • Sponsored By: Dell SecureWorks

  This paper discusses what’s new and what still needs more attention in the PCI DSS 2.0 standard, including gaps in storage encryption, wireless networking, and physical security that carry over from version 1.2.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• How to Choose a Qualified Security Assessor by Dave Shackleford - November 9, 2010 

  • Sponsored By: Dell SecureWorks

  An overview of new guidance for Qualified Security Assessors as a result of the new Payment Card Industry Data Security Standard (PCI DSS v2.0).

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Cloud Security and Compliance: A Primer by Dave Shackleford - August 6, 2010 

  • Sponsored By: Mcafee LLC Catbird

  A quick guide to cloud computing that address areas of mobility and multi-tenancy, identity and access management, data protection and incident response and assessment.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• McAfee Total Protection for Server Review by Dave Shackleford - June 17, 2010 

  • Sponsored By: Mcafee LLC

  This paper is a review of the type of security and compliance coverage McAfee Total Protection for Server provides for server endpoints.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Log Management Survey: Mid-Sized Businesses Respond by Jerry Shenk - June 5, 2010 

  • Sponsored By: RSA

  Annual log management survey on how organizations collect and use their logs; what they aren’t currently using their log for but would like to; what they see as the biggest problems; and the impact Log Management issues have on small- and mid-sized businesses.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• A Guide to Virtualization Hardening Guides by Dave Shackleford - May 20, 2010 

  • Sponsored By: VMWare, Inc

  A guide to the virtualization hardening guides that includes key configuration and system security settings for VMware ESX and vSphere/Virtual Infrastructure with key control areas organizations need to consider.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Keys to the Kingdom: Monitoring Privileged User Actions for Security and Compliance by Dave Shackleford - May 2, 2010 

  • Sponsored By: LogRhythm

  This paper explores some of the types of insider threat organizations face today and discusses monitoring and managing privileged user actions and the role this level of monitoring plays in today's compliance reporting efforts.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Oracle Database Security: What to Look for and Where to Secure by Tanya Baccam - April 10, 2010 

  • Sponsored By: Oracle

  This paper discusses four risk management basics that must be addressed to protect databases and their sensitive data.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Transparent Data Encryption: New Technologies and Best Practices for Database Encryption by Tanya Baccam - April 7, 2010 

  • Sponsored By: Oracle

  A look at the basics of encryption with a discussion the pros and cons of leading encryption architectures available today.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Sixth Annual Log Management Survey Report by Jerry Shenk - April 1, 2010 

  • Sponsored By: LogLogic, Inc. netForensics, Inc. ArcSight, an HP Company RSA TrustWave Corporation Novell

  Results of the annual log management survey.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Managing Operating System (OS) Lock Down by Dave Shackleford - March 17, 2010 

  • Sponsored By: Trusted Computing Group

  Review of a tool specific to OS lock down from Trusted Computer Solutions (TCS) called Security Blanket, which automates OS configuration for a wide variety of UNIX and Linux platforms.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Calculating TCO on Intrusion Prevention Technology by Eugene E. Schultz, Ph.D. - March 7, 2010 

  • Sponsored By: Cisco Systems Inc.

  This paper attempts to calculate the value of specific automation features in advanced IPSs with which organizations can achieve savings in total cost of ownership (TCO).

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Smart Strategies for Securing Extranet Access by Dave Shackleford - March 1, 2010 

  • Sponsored By: Oracle

  This paper discusses how to use risk-based authentication and entitlement management to enforce authentication security and achieve granular authorization using centralized role-based policies.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Sentinel Log Manager Review by Jerry Shenk - January 5, 2010 

  • Sponsored By: Novell

  This paper is a review of the stand-alone Sentinel Log Manager and how it stands up to key concerns that survey respondents raised about log managers, including collection, storage and searching/reporting capabilities.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• New Tools on the Bot War Front by Jerry Shenk - December 12, 2009 

  • Sponsored By: FireEye

  This paper discusses the bot problem and its impact on enterprises, followed by a review of how FireEye's 4200 appliance catches bot installers and bot traffic on the network.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Making Database Security an IT Security Priority by Tanya Baccam - November 11, 2009 

  • Sponsored By: Oracle

  A discussion of security strategy and the key controls that should be considered to database security and protection of an organization’s information assets.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Securing a Smarter Grid: Risk Management in Power Utility Networks by Matthew E. Luallen - October 17, 2009 

  • Sponsored By: NitroSecurity

  This paper will address the security issues facing smarter grid operators and will provide policy advice points.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Application Whitelisting: Enhancing Host Security by Dave Shackleford - October 7, 2009 

  • Sponsored By: Mcafee LLC

  Whitelisting provides a lighter means to protect end points, is useful for securing legacy applications and systems, as well as embedded systems and kiosks, and a helpful addition for any robust end point security plan.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• IT Audit for the Virtual Environment by J. Michael Butler, Rob Vandenbrink - September 6, 2009 

  • Sponsored By: VMWare, Inc

  This paper will help IT managers and auditors come together and understand the virtualization process and the new risk and audit areas this technology presents.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Top Virtualization Security Mistakes (and How to Avoid Them) by Jim D. Hietala - August 9, 2009 

  • Sponsored By: Mcafee LLC Catbird

  This paper explores practical security issues that can arise when virtualization technologies are deployed without proper planning and controls and offers advice on how to avoid making mistakes in critical areas of deployment and management.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Data Protection Requirements by Barbara Filkins - July 20, 2009 

  • Sponsored By: Mcafee LLC

  An interactive Data Protection Requirements Worksheet to map business needs against technological challenges.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Data Protection Requirements Checklist by Barbara Filkins - July 10, 2009 

  • Sponsored By: Mcafee LLC

  A Prospective Vendor Checklist will help organizations map business needs and procure technical solutions.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Review: McAfee's Total Protection for Data by Dave Shackleford - June 2, 2009 

  • Sponsored By: Mcafee LLC

  McAfee’s Data Protection suite, Total Protection for Data, allows several data protection tools to work in tandem.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• SANS Annual 2009 Log Management Survey by Jerry Shenk - April 17, 2009 

  • Sponsored By: LogLogic, Inc. ArcSight, an HP Company Intellitactics, Inc.

  Annual log management survey shows companies far more successful collecting log data, but indicate concerns around normalization, indexing and access, creating reports and log management lifecycle.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Benchmarking Security Information Event Management (SIEM) by J. Michael Butler - February 12, 2009 

  • Sponsored By: NitroSecurity

  SIEM is benchmarked by setting one baseline environment with equations for organizations to extrapolate benchmark requirements.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• ArcSight Logger Review by Jerry Shenk - January 1, 2009 

  • Sponsored By: ArcSight, an HP Company

  ArcSight Logger 7100 v.3.0 can help organizations get valuable usage from log collection.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Real-Time Adaptive Security by Dave Shackleford - December 17, 2008 

  • Sponsored By: Cisco Systems Inc.

  With security actions based on context, intrusion systems can adapt to real-time threats like these while giving visibility into what to investigate, where to investigate, and even take or recommend action based on preset rules.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Log Management in the Cloud: A Comparison of In-House versus Cloud-Based Management of Log Data by Jerry Shenk - October 28, 2008 

  • Sponsored By: Alert Logic, Inc.

  Organizations have many questions to consider regarding business needs before switching to log management in-the-cloud (otherwise known as Software as a Service or SaaS.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Monitoring Security and Performance on Converged Traffic Networks by Dave Shackleford - April 23, 2008 

  • Sponsored By: NIKSUN

  For security teams to be effective within today’s converged networks, network performance and security monitoring need to converge as well.

  •  Overview
  •  Login
  •  Join SANS.org

• ---

• Leveraging Event and Log Data for Security and Compliance