Skip to main content

Applying Machine Learning Techniques to Measure Critical Security Controls

Implementing and measuring Critical Security Controls (CSC) requires analyzing all data types (structured, semi-structured and unstructured). This implementation can be a daunting task. One of the goals of effective implementation of Critical Security Controls is to automate as much as possible. Machine learning techniques can help automate many of the measurements in Critical Security Controls. This paper proposes a method to integrate all types of data into a single data repository, extract relationships between different entities and perform machine learning to automate the analysis. This solution provides the security team the ability to analyze the information, and make data-driven security decisions.

Download file

37247 (PDF, 4.56MB)

6 Sep 2016
ByBalaji Balakrishnan
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

From Alert to Evidence: Evaluating AI Agents for Cyber Forensic Triage

Research Paper

Cyber defense teams are beginning to experiment with large language models in security operations, but their usefulness in digital forensics and incident triage is still uncertain.

  • 11 Jun 2026
  • Connor Blackard

Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT

Research Paper

This paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.

  • 12 May 2026
  • Omar Zaman

AI-Driven SecOps: Unifying Controls, Automating Response, and Advancing the Modern SOC Using Cortex XSIAM

Research Paper

New research from IDC reveals the tangible business value of rigorous, practitioner-led training from SANS: faster threat detection and response, reduced operational risk, stronger team cohesion, and millions in annual cost savings.

  • 29 Jul 2025
  • Dave Shackleford

Trust But Verify: Evaluating the Accuracy of LLMs in Normalizing Threat Data Feeds

Research Paper

This paper examines whether Large Language Models (LLMs) can be reliably applied to the normalization of Indicators of Compromise (IOCs) into Structured Threat Information Expression (STIX) format.

  • 16 Jul 2025
  • Nicholas Peterson

Do AI Coding Assistants Make Bad Coders Worse? A Security Evaluation of GitHub Copilot

Research Paper

This paper examines whether the overall security posture of a project affects the quality of the code produced by Copilot.

  • 11 Jul 2025
  • Andrew Hannaford

Dropzone AI Can Make Internal SOC Teams More Effective

Research Paper

In this paper, SANS Certified Instructor Mark Jeanmougin examines how Dropzone AI can integrate into existing security stacks and help SOC teams stay focused on high-impact decisions.

  • 17 Jun 2025
  • Mark Jeanmougin

SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape

Research Paper

This paper explores results from the SANS 2025 CTI Survey, with insights into how cybersecurity...

  • 20 May 2025
  • Rebekah Brown, Andreas Sfakianakis

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

Research Paper

In February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated well-disguised backdoor targeting sshd processes running on systems with the backdoored package installed.

  • 13 May 2025
  • SANS Institute

AI-Driven Insecurity: Assessing Security Gaps in AI Generated IT Guidance

Research Paper

The increasing reliance on AI-generated technical guidance for IT system configuration introduces significant security risks. This study assesses these risks through a case study: setting up an Apache web server on a Rocky Linux system using instructions from seven AI models.

  • 13 May 2025
  • Edward Abbott

Leveraging Large Language Models for Security-Focused Code Reviews

Research Paper

This study investigates the potential application of Large Language Models (LLMs) in enhancing software security through automated vulnerability detection during the code review process.

  • 26 Mar 2025
  • Daniel McQuade

ARMO’s Behavioral Cloud Application Detection and Response (CADR) Platform

Research Paper

This paper explores how ARMO Platform is attempting to solve the challenge with the industry’s first behavioral cloud application detection and response (CADR) product.

  • 18 Mar 2025
  • Moses Frost

ASPM: Understanding the New Application Security Landscape

Research Paper

Malicious actors continue to prey on the challenges of rapid software development cycles and cloud computing adoption. This paper examines where an application security posture management (ASPM) solution comes in.

  • 18 Mar 2025
  • Chris Edmundson, SANS Institute

2025 ICS/OT Cybersecurity Budget: Spending Trends, Challenges, and the Future

Research Paper

This white paper explores the findings of the 2025 SANS Survey on ICS/OT Security Budgets.

  • 3 Mar 2025
  • Dean Parsons

2025 SANS Detection Engineering Survey: Evolving Practices in Modern Security Operations

Research Paper

To dive deep into understanding the current state and future trends of this critical field, SANS has partnered with Anvilogic to conduct a comprehensive survey of Detection Engineering professionals across various industries. Dive into the findings in this whitepaper.

  • 24 Feb 2025
  • Terrence Williams

MITRE ATT&CK Labeling of Cyber Threat Intelligence via LLM

Research Paper

This paper explores the effectiveness of various online and locally hosted LLMs in classifying an arbitrary statement as containing an MITRE ATT&CK Framework (MAF) technique or not and then producing the technique number if it does.

  • 7 Jan 2025
  • Terence O’Brien

Recover an RSA Private Key from a TLS v1.2 session

Research Paper

Cyberattacks happen every day.Most organizations have administrative and technical controls...

  • 22 Jun 2022
  • Johan Loos

Recommendations for small/medium-sized businesses enabling incident response

Research Paper

Security incidents are inevitable. While large businesses can afford security teams to prepare and...

  • 17 Jan 2022
  • Luke Pearson

Are You Hitting the Mark with DMARC?

Research Paper

As organizations struggle to protect their end-users from email attacks despite pragmatic methods...

  • 12 Feb 2020
  • Robert Mavretich

Practical implementation of the Australian Signals Directorate Essential Eight Maturity Model to Level Three within residential University colleges.

Research Paper

The Australian Signals Directorate (ASD) Essential Eight Maturity Model is a subset of the ASDs...

  • 21 Aug 2018
  • Damian Halloran

AI Hunting with the Cybereason Platform: A SANS Review

Research Paper

SANS reviewed Cybereason's AI hunting platform, which offers a lightweight, behavior-focused model...

  • 23 Jul 2018
  • Dave Shackleford

Subscribe to GIAC’s Monthly Newsletter

Receive expert insights, priority access to certifications, essential updates on regulatory changes and industry developments.