3 Days Left to Get MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.






Analyst Papers

Featuring 473 Papers as of April 28, 2021

To download the Analyst Papers, you must be a member of the SANS.org Community. Upon joining the community, you will have unlimited access to Analyst Papers and all associated webcasts, including the ondemand version where you can download the slides.

You must be a member of the SANS.org Community to view this paper

  • Understanding Your Attack Surface by Matt Bromiley - April 21, 2021 

    What does it mean to evaluate your attack surface? For many organizations, it may simply mean running a vulnerability scanner against their perimeter and hoping an attacker does not do the same. This legacy thinking leaves out all the nooks and crannies that attackers have become adept at finding. Your attack service should also include your system and network configurations, brand exposure, and knowledge of how your data is secured amongst numerous cloud providers. In this paper, we will provide our review of Netenrich's Attack Surface Intelligence (ASI) application. Offering unique insight into the aforementioned data points - and then some - Netenrich presents a novel way to examine enterprise exposure and evaluate potential risks. ASI provides the best of both worlds - a convenient, high-level point of view on organizational risk, while still providing the granular context that analysts need to analyze and remediate potential risks.

  • View All Analyst Papers

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.