Dropzone AI Can Make Internal SOC Teams More Effective
In this paper, SANS Certified Instructor Mark Jeanmougin examines how Dropzone AI can integrate into existing security stacks and help SOC teams stay focused on high-impact decisions.
SANS_Dropzone_AI_Make_Internal_SOC_Teams_More_Effective_Jun2025 (PDF, 0.42MB)
17 Jun 2025Related Content
From Alert to Evidence: Evaluating AI Agents for Cyber Forensic Triage
Research PaperCyber defense teams are beginning to experiment with large language models in security operations, but their usefulness in digital forensics and incident triage is still uncertain.
- 11 Jun 2026
- Connor Blackard
Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP
Research PaperRisk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP
- 4 Jun 2026
- Matt Bromiley
2026 SANS Cyber Threat Intelligence (CTI) Survey Insights
Research PaperEvery year, the SANS CTI Survey gets sharper. This year, it takes a step the field has needed for a while. For the first time, the 2026 survey includes a dedicated module for security executives, capturing responses from 67 CISOs and CSOs.
- 15 May 2026
- Rebekah Brown, Andreas Sfakianakis
Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT
Research PaperThis paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.
- 12 May 2026
- Omar Zaman
A New Era in Vulnerability Management: A SANS Review of the Seemplicity Platform
Research PaperIn this paper, Dave Shackleford offers an inside look at Seemplicity, a vendor-agnostic remediation orchestration platform designed to unify vulnerability management across code, cloud, and infrastructure.
- 18 Aug 2025
- Dave Shackleford
Adopting an Offensive Security Posture: Strategies and Best Practices
Research PaperThis paper delves into essential concepts, and offers practical guidance for adopting an offensive security posture.
- 18 Aug 2025
- Jorge Orchilles
Enhanced Decisions with WatsonX: A Look at IBM QRadar Investigation Assistant
Research PaperThis paper examines IBM QRadar Investigation Assistant, an AI-powered tool that enhances SOC performance by streamlining incident triage, automating threat enrichment, and enabling natural language query capabilities.
- 6 Aug 2025
- Matt Bromiley
Balancing On-Prem and Cloud Security Strategic Considerations for Modern Organizations
Research PaperThis paper examines the strategic trade-offs between cloud and on-prem deployments, and the growing trend of consolidating tools into integrated security platforms.
- 30 Jul 2025
- Matt Bromiley
AI-Driven SecOps: Unifying Controls, Automating Response, and Advancing the Modern SOC Using Cortex XSIAM
Research PaperNew research from IDC reveals the tangible business value of rigorous, practitioner-led training from SANS: faster threat detection and response, reduced operational risk, stronger team cohesion, and millions in annual cost savings.
- 29 Jul 2025
- Dave Shackleford
Trust But Verify: Evaluating the Accuracy of LLMs in Normalizing Threat Data Feeds
Research PaperThis paper examines whether Large Language Models (LLMs) can be reliably applied to the normalization of Indicators of Compromise (IOCs) into Structured Threat Information Expression (STIX) format.
- 16 Jul 2025
- Nicholas Peterson
Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing
Research PaperWhile most evaluations rely on vendor checklists and surface-level comparisons, this white paper takes a different approach: building and applying a hands-on testing framework grounded in NIST SP 800-207 and the CISA Zero Trust Maturity Model.
- 11 Jul 2025
- Derron Carstensen
Do AI Coding Assistants Make Bad Coders Worse? A Security Evaluation of GitHub Copilot
Research PaperThis paper examines whether the overall security posture of a project affects the quality of the code produced by Copilot.
- 11 Jul 2025
- Andrew Hannaford
Defense in Depth: Multiple Layers of Protection Fortifying Your Cyber Defenses
Research PaperDownload this paper and learn how to implement and evolve a Defense-in-Depth (DiD) strategy tailored to your organization’s risk profile, infrastructure, and cloud environment.
- 10 Jul 2025
- Ted Demopoulos
Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?
Research PaperIn February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated well-disguised backdoor targeting sshd processes running on systems with the backdoored package installed.
- 13 May 2025
- SANS Institute
AI-Driven Insecurity: Assessing Security Gaps in AI Generated IT Guidance
Research PaperThe increasing reliance on AI-generated technical guidance for IT system configuration introduces significant security risks. This study assesses these risks through a case study: setting up an Apache web server on a Rocky Linux system using instructions from seven AI models.
- 13 May 2025
- Edward Abbott
Validating the Effectiveness of MITRE Engage and Active Defense
Research PaperThis research examines the impact of Active Defense compared to a traditional security posture when an adversary employs common tactics and techniques to identify high-value targets or exfiltrate sensitive data.
- 29 Mar 2025
- Mark Stephens
Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components
Research PaperThe research presented in this paper demonstrates that companies can shift the detection and awareness of developers using vulnerable components left in the early development stages.
- 26 Mar 2025
- Wellington Rampazo
Leveraging Large Language Models for Security-Focused Code Reviews
Research PaperThis study investigates the potential application of Large Language Models (LLMs) in enhancing software security through automated vulnerability detection during the code review process.
- 26 Mar 2025
- Daniel McQuade
Strolling Through the STIG
Research PaperThis research demonstrates how a new tool, Stroll, avoids the additional hardware requirements by living off the land.
- 7 Mar 2025
- Seth R. Butler
Building Resilient IoT Devices: Binary Hardening with Yocto and Clang
Research PaperThis paper addresses the critical need for enhanced security in Internet of Things (IoT) devices by evaluating the implementation of binary hardening techniques using Clang security features within the Yocto build environment.
- 3 Mar 2025
- William Terwilliger