Applying Machine Learning Techniques to Measure Critical Security Controls
Implementing and measuring Critical Security Controls (CSC) requires analyzing all data types (structured, semi-structured and unstructured). This implementation can be a daunting task. One of the goals of effective implementation of Critical Security Controls is to automate as much as possible. Machine learning techniques can help automate many of the measurements in Critical Security Controls. This paper proposes a method to integrate all types of data into a single data repository, extract relationships between different entities and perform machine learning to automate the analysis. This solution provides the security team the ability to analyze the information, and make data-driven security decisions.
37247 (PDF, 4.56MB)
6 Sep 2016Related Content
SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes
Research PaperThis white paper offers invaluable knowledge to help you navigate the complexities of securing...
- 27 Aug 2024
- Kenneth G. Hartman
Shining a Light on AI: Ensuring Vendor Transparency in Data Sourcing and Delivery
Research PaperAmidst the proliferation of AI solutions, the focus lies in evaluating transparency, undisclosed...
- 29 Jan 2024
Recover an RSA Private Key from a TLS v1.2 session
Research PaperCyberattacks happen every day.Most organizations have administrative and technical controls...
- 22 Jun 2022
Recommendations for small/medium-sized businesses enabling incident response
Research PaperSecurity incidents are inevitable. While large businesses can afford security teams to prepare and...
- 17 Jan 2022
Are You Hitting the Mark with DMARC?
Research PaperAs organizations struggle to protect their end-users from email attacks despite pragmatic methods...
- 12 Feb 2020
Practical implementation of the Australian Signals Directorate Essential Eight Maturity Model to Level Three within residential University colleges.
Research PaperThe Australian Signals Directorate (ASD) Essential Eight Maturity Model is a subset of the ASDs...
- 21 Aug 2018
AI Hunting with the Cybereason Platform: A SANS Review
Research PaperSANS reviewed Cybereason's AI hunting platform, which offers a lightweight, behavior-focused model...
- 23 Jul 2018
- Dave Shackleford
Privacy and the Internet of Things
Research PaperThe Internet of Things has gotten a lot of attention over the past year or so, and for good reason....
- 25 Oct 2017
The Information We Seek
Research PaperWhether you are performing a penetration test, conducting an investigation, or are skilled attackers...
- 25 Oct 2016
Windows Installed Software Inventory
Research PaperThe 20 Critical Controls provide a guideline for the controls that need to be placed in our networks...
- 7 Sep 2016
- Jonathan Risto
Android Security: Web Browsers and Email Applications
Research PaperMobile devices are popular communication tools that allow people to stay connected in most places at...
- 29 Aug 2016
Simple Approach to Access Control: Port Control and MAC Filtering
Research PaperMany times businesses will spend time and money on 'Magic Bullet' security and focus on a single...
- 22 Aug 2016
Generating Hypotheses for Successful Threat Hunting
Research PaperThreat hunting is a proactive and iterative approach to detecting threats. Although threat hunters...
- 15 Aug 2016
- Robert M. Lee, David Bianco
Evaluating Cyber Risk in Engineering Environments: A Proposed Framework and Methodology
Research PaperEvaluating Cyber Risk in Engineering Environments: A Proposed Framework and Methodology
- 31 May 2016
Detecting a Targeted Data Breach with Ease: A SANS Product Review
Research PaperA product review by Jake Williams. It examines LightCyber Magna, focusing on itseffectiveness in...
- 21 Oct 2015
- Jake Williams
Case Study: Critical Controls that Sony Should Have Implemented
Research PaperOn November 24, 2014, an incident almost pulled right out of a 90's hacker movie transformed into a...
- 22 Jun 2015
The What, Where and How of Protecting Healthcare Data
Research PaperMitigating healthcare data-loss risk by understanding the What, Where, and How of Protecting...
- 6 Apr 2015
Let's face it, you are probably compromised. What next?
Research PaperLong live the operator! At a point in time, they were the backbone of the phone system, ensuring...
- 15 Dec 2014
MalwareD: A study on network and host based defenses that prevent malware from accomplishing its goals.
Research PaperThis SANS survey report explores how widely the CSCs are being adopted, as well as what challenges...
- 17 Sep 2014
Implementing Public Key Infrastructure (PKI) Using Microsoft Windows Server 2012 Certificate Services
Research PaperComputers pose a risk to companies due to the nature of the information they store. Most...
- 16 Sep 2014