Got GIAC? Free GIAC Cert Attempt Included with OnDemand 5 or 6 Day Training thru July 7

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Analyst Papers

Featuring 480 Papers as of June 16, 2021

To download the Analyst Papers, you must be a member of the Community. Upon joining the community, you will have unlimited access to Analyst Papers and all associated webcasts, including the ondemand version where you can download the slides.

You must be a member of the Community to view this paper

  • 20/20 Vision for Implementing a Security Operations Center by Christopher Crowley - November 18, 2020 

    Organizations want to transform the Security Operations Center (SOC) with automation and orchestration. Threat intelligence needs to be ingested, defense expenditures need to be optimized based on attacker tactics and techniques, new technology needs to be implemented, cloud resources and other external resources are taking the place of traditional on-premises systems, and skilled staff are scarce. To accomplish this modernization in stream with existing operations, a clear strategy for the capabilities and implementation is needed. How will you develop this strategic vision? Most organizations will look to the industry standards and reference implementations to determine a strategy before proceeding. This paper and webcast will help you explore what those models are. It will identify and discuss several models of what a SOC is. The relative merits and shortcomings will be identified, and value propositions will be offered. Your strategic outlook and your implementation will be substantially improved as a result.

  • View All Analyst Papers

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact

All papers are copyrighted. No re-posting or distribution of papers is permitted. Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.