Dropzone AI Can Make Internal SOC Teams More Effective
In this paper, SANS Certified Instructor Mark Jeanmougin examines how Dropzone AI can integrate into existing security stacks and help SOC teams stay focused on high-impact decisions.
SANS_Dropzone_AI_Make_Internal_SOC_Teams_More_Effective_Jun2025 (PDF, 0.42MB)
17 Jun 2025Related Content
A New Era in Vulnerability Management: A SANS Review of the Seemplicity Platform
Research PaperIn this paper, Dave Shackleford offers an inside look at Seemplicity, a vendor-agnostic remediation orchestration platform designed to unify vulnerability management across code, cloud, and infrastructure.
- 18 Aug 2025
- Dave Shackleford
Adopting an Offensive Security Posture: Strategies and Best Practices
Research PaperThis paper delves into essential concepts, and offers practical guidance for adopting an offensive security posture.
- 18 Aug 2025
- Jorge Orchilles
Enhanced Decisions with WatsonX: A Look at IBM QRadar Investigation Assistant
Research PaperThis paper examines IBM QRadar Investigation Assistant, an AI-powered tool that enhances SOC performance by streamlining incident triage, automating threat enrichment, and enabling natural language query capabilities.
- 6 Aug 2025
- Matt Bromiley
Balancing On-Prem and Cloud Security Strategic Considerations for Modern Organizations
Research PaperThis paper examines the strategic trade-offs between cloud and on-prem deployments, and the growing trend of consolidating tools into integrated security platforms.
- 30 Jul 2025
- Matt Bromiley
AI-Driven SecOps: Unifying Controls, Automating Response, and Advancing the Modern SOC Using Cortex XSIAM
Research PaperNew research from IDC reveals the tangible business value of rigorous, practitioner-led training from SANS: faster threat detection and response, reduced operational risk, stronger team cohesion, and millions in annual cost savings.
- 29 Jul 2025
- Dave Shackleford
Trust But Verify: Evaluating the Accuracy of LLMs in Normalizing Threat Data Feeds
Research PaperThis paper examines whether Large Language Models (LLMs) can be reliably applied to the normalization of Indicators of Compromise (IOCs) into Structured Threat Information Expression (STIX) format.
- 16 Jul 2025
Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing
Research PaperWhile most evaluations rely on vendor checklists and surface-level comparisons, this white paper takes a different approach: building and applying a hands-on testing framework grounded in NIST SP 800-207 and the CISA Zero Trust Maturity Model.
- 11 Jul 2025
Do AI Coding Assistants Make Bad Coders Worse? A Security Evaluation of GitHub Copilot
Research PaperThis paper examines whether the overall security posture of a project affects the quality of the code produced by Copilot.
- 11 Jul 2025
Defense in Depth: Multiple Layers of Protection Fortifying Your Cyber Defenses
Research PaperDownload this paper and learn how to implement and evolve a Defense-in-Depth (DiD) strategy tailored to your organization’s risk profile, infrastructure, and cloud environment.
- 10 Jul 2025
- Ted Demopoulos
Malware Function-based encryption technique
Research PaperRecent malware often uses techniques to evade detection by cybersecurity products. One of the...
- 22 Jun 2022
Detecting Unauthorized Behavior From Legitimate Accounts
Research PaperIncident Responders face an almost insurmountable amount of log events, and the move to the Cloud...
- 22 Jun 2022
Recover an RSA Private Key from a TLS v1.2 session
Research PaperCyberattacks happen every day.Most organizations have administrative and technical controls...
- 22 Jun 2022
Cyber Guardian Exercise: A Case Study in Brazil to Address Challenges in Cybersecurity and Protect Critical Infrastructure
Research PaperDiscussions of cybersecurity, in particular those associated with critical infrastructure (CI),...
- 22 Feb 2022
Recommendations for small/medium-sized businesses enabling incident response
Research PaperSecurity incidents are inevitable. While large businesses can afford security teams to prepare and...
- 17 Jan 2022
Black-Box Fuzzing for Android Native Libraries
Research PaperMany Android application developers are adopting C\C++ native language development in their Android...
- 12 Jan 2022
Machine Learning Techniques for Intrusion Detection
Research PaperThis paper aims to equip intrusion analysts with the basic techniques needed to apply machine...
- 9 Jun 2021
Detecting DLL Search Order Hijacking: How using a purple team approach can help create better defensive techniques and a more tactical SIEM
Research PaperMany SIEM analysts will recognize the feeling of being overwhelmed with security logs and alerts,...
- 4 May 2020
Corporate Information Governance with Business Wisdom
Research PaperWhether a secret ingredient used for a lemonade stand across the street or the business strategies...
- 4 May 2020
Automated Detection and Disinfection of Ransomware Attacks using Roadblock Software
Research PaperWe often hear about ransomware locking data and demanding the ransom. Ransomware is a kind of...
- 18 Mar 2020
Assisted Security Investigations Using Cognitive Computing
Research PaperThe purpose of this research is to illustrate the application of cognitive computing and machine...
- 3 Dec 2019