In this report, one clear finding from the survey was that it is important to test throughout the application lifecycle using a variety of methods. Although testing early continues to be important, having visibility into and being able to monitor and test deployed applications is still critical. Although security testing capabilities have also improved, the value of individual testing capabilities has changed in response to increased threats and changing application architectures.

In this report, the term security awareness program is used to describe a structured effort to engage, train, and secure your workforce and build a strong security culture. However, many organizations refer to such efforts using different terms, including security behavior and culture, security engagement and influence, security training and education, security communications, or human risk management.

The 2023 SANS Security Awareness Report analyzes data provided by nearly two-thousand security awareness professionals from around the world to identify and benchmark how organizations are managing their human risk. This data-driven report provides actionable steps and resources to enable organizations at any stage of their Awareness program to mature said programs and benchmark them against others.

In this, our seventh annual survey, we added many questions but didn’t really take any away. Our new areas of focus include operational threat hunting, threat intelligence, data ingestion into the SIEM, and SOAR, as well as more detailed questions relevant to staff hiring and retention.

The SANS 2022 Security Awareness Report analyzes data provided by more than a thousand security awareness professionals from around the world to identify and benchmark how organizations are managing their human risk. The goal of this data-driven report is to provide actionable steps and resources to enable organizations to mature their awareness programs and benchmark them against others.

For our survey, we targeted successful women working in varied roles in the cybersecurity community, and we queried them about everything from breaking into the field and gaining career momentum to choosing a specialty and finding ways to remain relevant. In this report, we provide lessons learned and advice on how a women in cybersecurity or a woman wanting to enter this field can lay a foundation to ensure success.

The SANS CTI survey shows that many CTI programs can meet the challenge. While some programs are just getting started due to increased cybersecurity needs and a growing, complex threat environment brought on by the rapid shift to remote work, organizations can rely on CTI providers and information-sharing groups to fill in the gaps as their programs mature.

In this white-paper, we address both high-level concepts: With respect to ransomware, what are the current adversary trends, and then what can organizations do to defend themselves (or better defend themselves)? The basic concept of ransomeware remains the same: Encrypt data and demand money for decryption.

The goal of the SANS 2022 Cloud Security Survey is to provide additional insight into how organizations are using cloud today, the threats security teams are facing in the cloud, and what we are doing to improve security posture in the cloud, as well. This year, we again had several hundreds respondents, who represented a number of industries.

The goal of the SANS 2021 Cloud Security Survey is to provide additional insights into how organizations are using the cloud today, the threats security teams are facing in the cloud, and what they’re doing to improve security posture in the cloud.

A survey of 450 individuals on cybersecurity spending plans, areas of investment, and workforce requirements.

Automation and integration is often hailed as a great enabler for the future. This survey identified how respondents are adopting systems, where their systems currently stand and what is on the planning horizon.

A lot of progress has been made in the past few years around requirements. Next steps in this area include identifying when and why to update intelligence requirements—even ad hoc adjustments can be planned for by identifying the circumstances under which they would need to be changed. It is also clear that there are numerous positive trends in the community, such as more organizations producing intelligence instead of just consuming it. But there are also many challenges, such as getting the appropriate staffing and training to conduct cyber threat intelligence. Tools and data sources are always going to be vital to the process, but the world of intelligence analysis is inherently analyst driven and a focus is rightfully placed there.

We annually gather and analyze raw data from hundreds of IT and industrial control systems (ICS) security practitioners across a variety of industries, people whose work places them in positions of responsibility to identify risks and safeguard control systems and networks from malicious and accidental actions. It is our mission to turn these inputs into actionable intelligence that can be used to support new developments and address ongoing trends in the field, to inform the crucial business decisions that determine allocation of resources, prioritization of protective measures on critical assets and systems, and planning of new initiatives.

A survey of over 300 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

This 2019 edition of the SANS Security Operations Center (SOC) Survey was designed to provide objective data to security leaders and practitioners who are looking to establish a SOC or optimize their existing SOCs. The goal is to capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and to highlight key areas on which SOC managers can focus to increase the effectiveness and efficiency of security operations.

This year’s SANS survey saw an increase in usage and interest in CTI, along with a diversification in how the intelligence is being used by organizations. While the use of CTI continues to grow, there is no one-size-fits-all approach. Organizations leverage different types of CTI to meet different needs. This survey focuses on how and why CTI is being used, how it is helping defenders, what data sources are being leveraged, and how data is converted into usable intelligence.

Automation balances machine-based analysis with human-based domain knowledge to help organizations achieve optimal workflows in the face of staff shortages and alert fatigue, all caused by an increasing number of destructive threats. Yet, 59% of survey respondents indicate that their organizations use low levels or no automation of key security and incident response (IR) tasks. In this new SANS survey, we wanted to understand and explore some of the misconceptions versus facts around automation and what to do about it.

This survey, the sixth in a series of annual studies by SANS on security practices in software development, is the first to explicitly focus on DevOps. The results of this study show that organizations are finding ways to keep up with rapid change through DevOp but they have a number of challenges they still need to deal with.

This report analyzes the data submitted by 1,718 security awareness professionals from around the world to identify and benchmark how organizations are managing their human cyber security risk. The analysis includes how factors such as security awareness program maturity, funding, and staffing combine to make successful programs.

This report is based on a survey, that is intended to provide a community perspective on what security operations centers (SOCs) look like within organizations across the globe, as well as data and guidance to enable organizations to build, manage, maintain and mature effective and efficient SOCs.