Empowering Responders with Automated Investigation
This white paper investigates how Binalyze’s AIR platform reduces the overhead of forensic investigations by automating the process of collecting artifacts, triaging the data, and identifying next steps. Download the paper now to learn how, with the right tooling, analysts of all backgrounds can effectively handle incidents and reduce he response time by removing the need for frequent escalation.
sans_empowering-responders_fonseca (PDF, 0.62MB)
18 Feb 2025Related Content
SANS 2025 Security Awareness Report
Research PaperNow in its 10th year, the SANS Security Awareness Report remains the definitive, practitioner-built resource for understanding and managing the human side of cybersecurity.
- 12 Aug 2025
- Lance Spitzner
Be a DLP Hero: How to Quickly Deliver Value from Your DLP Program and Set It Up for Future Success
Research PaperDownload this paper and learn how to launch or strengthen your data loss prevention (DLP) program.
- 3 Jun 2025
- Kevin Garvey
Resiliency and Business Continuity in the Cloud Era
Research PaperIn this white paper, Dave Shackleford unpacks today’s evolving cloud threat landscape.
- 21 May 2025
- Dave Shackleford
SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape
Research PaperThis paper explores results from the SANS 2025 CTI Survey, with insights into how cybersecurity...
- 20 May 2025
- Rebekah Brown, Andreas Sfakianakis
Collaborative Mobile App Security Development and Analysis
Research PaperIn this tactical, insight-rich review, Jeroen Beckers shares how to overcome mobile app security challenges and modernize your testing with Corellium’s virtual device platform—built for real-world conditions and faster results.
- 19 May 2025
- Jeroen Beckers
Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?
Research PaperIn February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated well-disguised backdoor targeting sshd processes running on systems with the backdoored package installed.
- 13 May 2025
- SANS Institute
Catching the Hand in the Cookie Jar: Canary Session Cookies
Research PaperThis project demonstrates how even applications secured with MFA are still vulnerable to hijacked session cookies. Given the persistent threats posed to organizations by stolen authentication cookies, this research proposes implementing Canary session cookies to detect the theft and malicious use of credentials.
- 17 Apr 2025
A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments
Research PaperLog fidelity is crucial for Incident Response Teams to investigate and contain cyber incidents but can be difficult to optimize in containerized environments.
- 17 Apr 2025
ARMO’s Behavioral Cloud Application Detection and Response (CADR) Platform
Research PaperThis paper explores how ARMO Platform is attempting to solve the challenge with the industry’s first behavioral cloud application detection and response (CADR) product.
- 18 Mar 2025
- Moses Frost
ASPM: Understanding the New Application Security Landscape
Research PaperMalicious actors continue to prey on the challenges of rapid software development cycles and cloud computing adoption. This paper examines where an application security posture management (ASPM) solution comes in.
- 18 Mar 2025
- Chris Edmundson, SANS Institute
SANS 2025 Threat Hunting Survey: Advancements in Threat Hunting Amid AI and Cloud Challenges
Research PaperThe 2025 SANS Threat Hunting Survey marks a decade of tracking how organizations evolve their threat hunting capabilities.
- 13 Mar 2025
- Josh Lemon
2025 ICS/OT Cybersecurity Budget: Spending Trends, Challenges, and the Future
Research PaperThis white paper explores the findings of the 2025 SANS Survey on ICS/OT Security Budgets.
- 3 Mar 2025
- Dean Parsons
Google SecOps: The SIEM’s Third Act
Research PaperDiscover how SecOps is ushering in the "SIEM's Third Act" by addressing the limitations of traditional SIEMs and empowering security teams with cutting-edge tools for threat-informed defense.
- 21 Jan 2025
- Mark Orlando
Unveiling the Dependency on Network Telemetry: Optimizing Lateral Movement Detection
Research PaperThis study investigates the dependency on network and endpoint telemetry for identifying lateral movement attacks, focusing on the Remote Services technique from MITRE ATT&CK.
- 17 Jan 2025
Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success
Research PaperThis paper defines one method of network security monitoring in an organization to find these existing indicators.
- 7 Jan 2025
Protecting the Poor: A Deep Dive into EBT Skimming and Solutions to Combat It
Research PaperThis paper examines why EBT cards are vulnerable to skimming and explores potential preventive measures.
- 23 Dec 2024
Threat Intelligence-Driven Attack Surface Management
Research PaperDefenders struggle to keep up with the pace of digital transformation in the face of an expanding...
- 9 Aug 2022
How to Build and Use an Incident Response Playbook Effectively
Research PaperAn effective incident response playbook provides structure and clarity during high-pressure security events.
- 25 Jul 2022
Windows 10 vs. Windows 11, What Has Changed?
Research PaperWindows 10 was released on July 29, 2015. It has since become the most installed desktop operating...
- 25 Jul 2022
Malware Function-based encryption technique
Research PaperRecent malware often uses techniques to evade detection by cybersecurity products. One of the...
- 22 Jun 2022