The SANS Analyst Program produces leading analyst reports on emerging and mission-critical topics. An average of 11,500 people download SANS Analyst papers each month. Leading SANS analysts and instructors develop the content in the form of whitepapers, product reviews and surveys with accompanying webcasts that produce leads for sponsors. SANS Analyst Program content, paired with webcasts, helps sponsors drive topic awareness to a qualified audience of decision makers and influencers through insightful educational content that addresses problems readers need to solve today and in the future.
The SANS Analyst Program develops state-of-the-art reports on cutting-edge technology topics including:
- Security by Design
- Cloud & DevOps
- Access and Identity Management
- IoT/ICS Security
- Analytics & Intelligence
- Threat Hunting & IR
- SOC Trends
- Measuring Risk
Industry-specific papers are developed in the areas of:
- Health Care
- Financial Services
- Government
- Industrial IT
Spotlight Analyst Project
SANS DevOps Survey: Sneak Peak
See Frank Kim describe preliminary results of the Secure DevOps survey at the SANS Secure DevOps Summit & Information Security Training. In the video Frank Kim discusses the latest survey of industry practitioners and examines how the security and risk management leaders approach the collaborative, agile nature of DevOps.
Upcoming Analyst Papers and Research Sponsorship Opportunities
| A SANS 2020 Survey | Extending DevSecOps Security Controls into the CloudThis survey will explore how organizations are extending their DevSecOps security controls beyond their on-premises environments into the public cloud to secure their cloud networks, services and applications. | |||
| A SANS 2020 Survey | Risk-Based Vulnerability Survey This survey will focus on how organizations are analyzing and treating the vulnerabilities they identify. |
|||
| A SANS 2020 Report | Pervasive and Unrelenting: Ransomware Special Report This paper will explain why and how ransomware is spreading across vulnerable organizations and provide US-CERT advice on preventing these attacks and NIST guidance on detecting and recovering from them. |
|||
| A SANS 2020 Survey | Proactive vs. Reactive: Getting Real About Threat Hunting Survey This survey looks into why organizations aren't utilizing threat hunting to detect threats before they become incidents and how security departments can reap the benefits of proactive hunting. |
|||
| A SANS 2021 Survey | Cyber Threat Intelligence SurveyThis survey seeks to understand the role of cyber threat intelligence in organization's cybersecurity practices, identify use cases across intel generation and consumption, and guide best practices for the community. | |||
| A SANS 2021 Survey | Top CISO Issues in Vendor Risk Management & Data Privacy This survey will look into the concerns of CIOs, CTOs, CISOs, Data Privacy Officers, and the "Big Four' for their guidance, fears, and success worldwide with vendor risk management and data privacy. |
|||
| A SANS 2021 Report | SD-Wan ReportThis SANS report goes through the security baseline of SD WAN technology and standards and then drills down into the security and manageability tradeoffs for the most common implementation options. The report will be useful for security teams at enterprises that have already chosen a deployment method as well as those that are still evaluating alternatives. | |||
| A SANS 2021 Survey | Endpoint Monitoring in a Dispersed WorkforceThis survey will explore the importance of endpoint monitoring in modern enterprises and how endpoint monitoring contributes to asset identification, incident response, containment and more. | |||
| A SANS 2021 Survey | Cloud Security SurveyThis survey will explore the types of services organizations are using, what types of controls and tools provide the most value, and how effective cloud security brokering is for a range of use cases. | |||
| A SANS 2021 Report | Top Skills Analysts Need to MasterThis report will discuss the top skills security analysts need to master to be effective at defending organizations across endpoints, networks, and the cloud. | |||
| A SANS 2021 Survey | Password Management and 2 Factor Authentication Methods SurveyThis survey will explore how organizations are managing their passwords across users, apps and devices. | |||
| A SANS 2021 Report | Avoiding or Minimizing Ransomware Impact to the Bottom Line: When Does Cyber Insurance Make Sense?This report will provide cybersecurity practitioners with the tools to make strategic recommendations on the critical areas to improve security, to avoid or mitigate ransomware attacks and to enable them to participate in decisions around the use and value of various forms of cyber insurance. | |||
| A SANS 2021 Report | Making Visibility Definable and MeasurableThis report will capture best practices in defining and achieving business-relevant levels of security visibility. | |||
| A SANS 2021 Survey | Rethinking the Sec in DevSecOps: Security as Code Building on what SANS has learned in previous years, this survey will explore what the shift to security as code means for the modern enterprise and its security program and will provide valuable guidance both for the enterprise and the security professional. | |||
| A SANS 2021 Survey | Digital Forensics Essentials and Why Foundations Matter This survey will provide guidance on creating a solid digital forensics foundation. | |||
| A SANS 2021 Report | Top New Attacks and Threat ReportThis report will provide deeper insight into the threats highlighted during the SANS panel discussion at the 2021 RSA Conference. | |||
| A SANS 2021 Report | Securing Cell PhonesThis report will explore how users are protecting their phones at a device and/or application level and gain insights on how organizations secure their company-provided, enterprise devices. | |||
| A SANS 2021 Survey | MITRE ATT&CK® for ICS FrameworkThis survey and analysis will inform the SANS audience on the adoptions and experiences of the recently released ATT&CK for ICS framework. | |||
| A SANS 2021 Survey | Threat Hunting in Uncertain TimesThis survey would explore how threat hunting is working with embedded intelligence and security analytics for improved accuracy and outcome. | |||
| A SANS 2021 Report | Making Revolutionary Gains in Security on Your EndpointsThis report will detail a decision framework that security managers can use to map their existing IT management and security operations capabilities to the best mix of endpoint security tools and products. | |||
| A SANS 2021 Survey | Security Operations Center (SOC)This survey will have a special focus around changes in budgets and the impact of the explosion of both remote work and the use of cloud based systems on critical SOC functions and team operations. | |||
| A SANS 2021 Report | DFIR Cloud Report: Partly Cloudy with a Bunch of DFIRThis report will break down all you need to know about cloud data and why it matters in digital forensics and incident response. | |||
| A SANS 2021 Survey | Vulnerability Management – Impacts on Cloud and the Remote WorkforceThis survey will highlight trends in vulnerability management based on data SANS has gathered over the last two years. The survey will also look into how cloud and the expanding remote workforce are affecting vulnerability management. |
Featured Analyst Resources
- Product Review: Investigating Like Sherlock: A SANS Review of QRadar Advisor with Watson – Matt Bromiley
- Spotlight Paper: Thinking like a Hunter: Implementing a Threat Hunting Program
- Custom Survey: What Security Practitioners Really Do When It Comes to Security Testing – Matt Bromiley
- Whitepaper: Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome – Chris Dale
- Multi-Sponsor Survey: SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters – Mathias Fuchs and Joshua Lemon
- Infographic: 10 Endpoint Security Problems Solved by the Cloud
- Analyst Poll: Cloud Readiness
- Video Add-On to Custom Paper: Defeating Attackers with Preventive Security
- SANS Guide: SANS Guide: An Evaluator's Guide to Next-Gen SIEM
- Multi-Sponsored Report: Implementer's Guide to Deception Technologies – Kyle Dickinson
Interested in sponsoring an Analyst paper? Contact Us.
