This report collects and analyzes the results of the SANS 2018 SOC Survey. It provides a detailed look at how Security Operations Centers work today, their biggest dissatisfactions with security products, and areas of low hanging fruit for SecOps improvement, based on a survey of a large, global subset of SecOps professionals.

This white paper discusses methods for prioritizing critical assets so that security analysts and technologies focus on protecting the most important things, while leveraging automation to handle less urgent monitoring & response tasks.

This white paper details proactive techniques used by real-world professional threat hunters to detect advanced threats and malicious behaviors like reconnaissance, lateral movement, and data exfiltration in some of the world's most sensitive environments.

Internal threat activities (priilege escalation, lateral movement, etc.) are difficult if not impossible to detect using endpoint and perimeter protection alone. ExtraHop Reveal(x) provides network traffic analysis that helps security analysts efficiently detect and investigate these late-stage threats, as well as proactively improve security hygiene.

SANS Institute put the product through its paces to evaluate the following:

• Intuitiveness of the user interface
• Breach detection and response capabilities
• Proactive hunting of internal threats
• Ability to support hygiene and compliance initiatives

Read the report to learn why SANS Instructor Dave Shackleford says Reveal(x) "does [detecting and investigating threats in east-west traffic] well, and so much more."

"By emphasizing ease of use, deep analytics capabilities, built-in intelligence and search tools and rapid event triage, many SOC teams could hit the ground running quickly with Reveal(x)."
- Dave Shackleford, SANS Institute Instructor

Learn how Reveal(x), cloud-native network detection and response for the hybrid enterprise, addresses the following core security areas as identified by the SANS Institute in this 12-page product review:

• Deployment model and flexibility
• Broad visibility and context
• Machine learning
• Depth and breadth of Layer 7 protocol analysis
• Decryption

The SANS team was provided with a review environment configured with a number of compromised systems exhibiting mock attack activity. The review details their experience with several security use cases, including Detection/Response, Proactive Threat Hunting, and Hygiene and Compliance.

Complex configurations don't mix well with rapidly spun-up components, and when your company uses multiple cloud providers to host your critical assets, the odds of a major security event get that much higher.

So how do you close visibility gaps and integrate conflicting datasets from different providers, and how do you adjust your current incident response strategies to respond to cloud-specific threats?

Read the report from SANS Instructor Dave Shackleford to learn how your peers across tech, finance, cybersecurity, and other industries address the following questions and more:

• What's the most dangerous cloud security vulnerability that you might think is only hype?
• What are the biggest challenges in adapting IR and forensics analysis to the cloud?
• What are the most effective security controls for the cloud, and how can you avoid common implementation roadblocks?

Curious about the state of incident response worldwide? Interested in expert recommendations for improving your incident team's performance?

Download a copy of the SANS 2019 Incident Response Survey: It's Time for a Change.

In this report, you'll dive deeper into survey results and get suggestions on how to boost breach detection, investigation and remediation by focusing on:

• Eliminating gaps in visibility
• Automating responses to security threats
• Improving communication between SecOps and NetOps teams

As you go through the guide, you will learn how Reveal(x) can help your organization increase efficiency and confidence through unprecedented visibility, definitive insights, and immediate answers.

The MITRE ATT&CK Framework has rapidly become popular among security teams looking to take a structured and proactive approach to improving threat detection.

For many security professionals, using the ATT&CK Framework means taking a close look at each of the hundreds of tactics, techniques, and procedures (TTPs) and trying to figure out which tool in their patchwork of solutions is most likely to detect or block any given threat. MITRE provides an evaluation framework for Endpoint Detection and Response (EDR) platforms to test their standard deployments against a subset (56) of the TTPs listed. However, no such evaluation yet exists for network traffic analysis (NTA) products.

Read the white paper for a high-level view of how enterprise NTA with ExtraHop Reveal(x) detects and enables investigation of a broad range of the TTPs catalogued by MITRE ATT&CK!

Over the past year, the percentage of organizations supporting their business via the public cloud has grown by almost 50 percent. The benefits are clear, but when it comes to cloud security, vendors, consumers, and threat actors alike have had to learn by doing.

Which security tools and workflows can easily adapt themselves to the cloud? Where are the new blind spots and threat vectors? What does cloud actually mean in terms of the breakdown of responsibility between a security vendor and a client?

In this report, IDC compiles learnings and best practices for cloud security under the Shared Responsibility Model, where a public cloud provider secures the underlying cloud infrastructure but users must secure their own operating systems, middleware, applications and data.

You'll learn:
• Which pieces of cloud security fall to service providers vs. users under the Shared Responsibility Model?
• What are the suggested security practices for cloud customers?
• Which technology solutions does IDC recommend for cloud security?

And finally, to help you strategize in real time, the report provides a checklist with questions to ask any cloud security technology solution vendor to help you narrow down which products and services are right for your business.