Login
Login

SANS Institute

{{Short description|American security company}}

{{multiple issues|

{{More citations needed|date=March 2010}}

{{Update|inaccurate=y|date=June 2011}}

{{primary sources|date=November 2015}}

}}

{{for|the video game character|Sans (Undertale)}}

{{Infobox organization

|name = SANS Institute

|image = SANS Institute Logo.svg

|size =

|alt =

|abbreviation = SANS

|motto =

|formation = {{Start date and years ago|1989|}}

|extinction =

|type =

|status =

|headquarters =

|location = United States

|coords =

|membership =

|language =

|leader_title =

|leader_name =

|main_organ =

|num_staff =

|revenue =

|num_volunteers =

|budget =

|website = {{Plainlist|

  • {{URL|sans.org/}}
  • {{URL|sans.edu/}}}}

|remarks =

}}

The SANS Institute (officially the Escal Institute of Advanced Technologies) is a private U.S. for-profit company{{cite web |title=What is the SANS Institute? |url=http://www.sans.org/faq/#faq67 |work=SANS Frequently Asked Questions (faq): Security Training: General |access-date=2012-09-19 }} founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing.{{cite web |title=The SANS Institute Company Profile - Office Locations, Competitors, Revenue, Financials, Employees, Key People, Subsidiaries |url=https://craft.co/sans-institute|publisher=crafit.io}} The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs{{Cite web|url = http://media.scmagazine.com/documents/118/botn2015sm_29485.pdf|title = SC Magazine Awards 2015|website = SC Magazine|access-date = 2015-11-17|archive-date = 2018-08-07|archive-url = https://web.archive.org/web/20180807123108/https://media.scmagazine.com/documents/118/botn2015sm_29485.pdf|url-status = dead}} and certification programs.{{Cite web|title = 2014 SC Awards U.S. Winners|url = http://www.scmagazine.com/2014-sc-awards-us-winners/article/334892/4/|website = SC Magazine|access-date = 2015-11-17}} Per 2021, SANS is the world’s largest cybersecurity research and training organization.{{Cite news |last=Perlroth |first=Nicole |date=2021-11-15 |title=Alan Paller, a Mover on Cybersecurity Threat, Is Dead at 76 |work=The New York Times |url=https://www.nytimes.com/2021/11/15/technology/alan-paller-dead.html |access-date=2022-03-19}} SANS is an acronym for SysAdmin, Audit, Network, and Security.{{Cite web|url=https://www.pcmag.com/encyclopedia/term/50799/sans|title=SANS Definition from PC Magazine Encyclopedia|website=www.pcmag.com|access-date=2016-09-14}}

Programs

The SANS Institute sponsors the Internet Storm Center, an internet monitoring system staffed by a community of security practitioners, and the SANS Reading Room, a research archive of information security policy and research documents. SANS is one of the founding organizations of the Center for Internet Security.

SANS offers news and analysis through Twitter feeds and e-mail newsletters. Additionally, there is a weekly news and vulnerability digest available to subscribers.{{cite book|last1=Messier|first1=Ric|title=GSEC: GIAC Security Essentials Certification|date=2014|publisher=McGraw-Hill Education|location=New York|isbn=978-0-07-181962-6|page=7}}

Training

When originally organized in 1989,{{cite web|url=http://www.sans.org/about/sans.php|title=SANS Institute: About|work=sans.org|access-date=2008-12-16|archive-date=2013-04-12|archive-url=https://web.archive.org/web/20130412014412/http://www.sans.org/about/sans.php|url-status=dead}} SANS training events functioned like traditional technical conferences showcasing technical presentations. By the mid-1990s, SANS offered events which combined training with tradeshows. Beginning in 2006, SANS offered asynchronous online training (SANS OnDemand) and a virtual, synchronous classroom format (SANS vLive). Free webcasts and email newsletters (@Risk, Newsbites, Ouch!) have been developed in conjunction with security vendors. The actual content behind SANS training courses and training events remains "vendor-agnostic". Vendors cannot pay to offer their own official SANS course, although they can teach a SANS "hosted" event via sponsorship.

In 1999, the SANS Institute formed Global Information Assurance Certification (GIAC), an independent entity that grants certifications in information security topics.{{cite web|url=http://www.giac.org/|title=GIAC Information Security Certifications – Cyber Certifications|work=giac.org}}

It has developed and operates NetWars, a suite of interactive learning tools for simulating scenarios such as cyberattacks. NetWars is in use by the US Air Force{{Cite news|title = Stepped Up Cyberthreats Prompt Air Force To Rethink Training, Acquisitions|url = http://www.afcea.org/content/?q=stepped-cyberthreats-prompt-air-force-rethink-training-acquisitions|newspaper = Afcea International|access-date = 2015-11-17}} and the US Army.{{Cite web|title = Strengthening the nation's defense against hackers|url = http://www.cbsnews.com/news/strengthening-the-nations-defense-against-hackers/2/|website = www.cbsnews.com| date=26 April 2015 |access-date = 2015-11-17}}{{Cite news|title = CyberCity allows government hackers to train for attacks|url = https://www.washingtonpost.com/investigations/cybercity-allows-government-hackers-to-train-for-attacks/2012/11/26/588f4dae-1244-11e2-be82-c3411b7680a9_story.html|newspaper = The Washington Post|date = 2012-11-26|access-date = 2015-11-17|issn = 0190-8286|language = en-US|first = Robert Jr|last = O'Harrow}}

Faculty

The majority of SANS faculty are not SANS employees, but industry professionals and experts in the field of information security.{{cite web |url=https://cybersecurityminute.com/press-release/media-alert-cyber-security-expert-sans-instructor-robert-m-lee-host-webcast-analyzing-enhanced-analysis-grizzly-steppe-report/ |title=Instructor Expertise|author=Cyber Security Minute|date=15 February 2017 }}{{cite web |url=http://www.packetstan.com/2011/08/what-i-learned-at-camp.html |title=What I Learned At Camp|author=PacketStan}} The faculty is organized into six different levels: Mentors, Community, Certified Instructors, Principal Instructors, Senior Instructors, and Fellows.{{cite web |url=http://www.sans.org/instructors/ |title=Instructors|author=SANS Technology Institute}}

SANS Technology Institute

{{As of | 2006}}, SANS established the SANS Technology Institute, an accredited college based on SANS training and GIAC certifications. On November 21, 2013, SANS Technology Institute was granted regional accreditation by the Middle States Commission on Higher Education.{{Cite web |title=SANS Technology Institute, The - Statement of Accreditation Status |url=https://www.msche.org/institution/9185/ |access-date=2022-03-19 |website=Middle States Commission on Higher Education}}

SANS Technology Institute focuses exclusively on cybersecurity, offering a Master of Science degree program in Information Security Engineering (MSISE), five post-baccalaureate certificate programs (Penetration Testing & Ethical Hacking, Incident Response, Industrial Control Systems, Cyber Defense Operations, and Cybersecurity Engineering (Core), and an upper-division undergraduate certificate program (Applied Cybersecurity). SANS later launched a bachelor's degree program in Applied Cybersecurity as well.{{cite web|title=College Navigator-SANS Technology Institute, National Center for Education Statistics|url=https://nces.ed.gov/collegenavigator/?id=493895#general}}

SANS continues to offer free security content via the SANS Technology Institute Leadership Lab{{cite web|url=http://www.sans.edu/resources/securitylab|title=STI Information Security Laboratory|work=sans.edu|access-date=2007-07-14|archive-date=2010-12-20|archive-url=https://web.archive.org/web/20101220153435/http://www.sans.edu/resources/securitylab/|url-status=dead}} and IT/Security related leadership information.{{cite web|url=http://www.sans.edu/resources/leadershiplab|title=STI Information Security Leadership Laboratory|work=sans.edu|access-date=2007-05-10|archive-date=2010-12-16|archive-url=https://web.archive.org/web/20101216205851/http://www.sans.edu/resources/leadershiplab/|url-status=dead}}

Courses & Certifications

SANS offers more than 85 hands-on cyber security courses and certification programs.{{Cite web |title=Cybersecurity Courses & Certifications |url=https://www.sans.org/cyber-security-courses/ |access-date=2024-01-05 |website=sans}}

  • SEC504: Hacker Tools, Techniques, and Incident Handling
  • SEC401: Security Essentials - Network, Endpoint, and Cloud
  • FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  • SEC275: Foundations: Computers, Technology, & Security
  • SEC560: Enterprise Penetration Testing
  • FOR578: Cyber Threat Intelligence
  • SEC301: Introduction to Cyber Security
  • LDR512: Security Leadership Essentials for Managers
  • SEC488: Cloud Security Essentials
  • FOR500: Windows Forensic Analysis
  • ICS410: ICS/SCADA Security Essentials
  • FOR509: Enterprise Cloud Forensics and Incident Response
  • LDR514: Security Strategic Planning, Policy, and Leadership
  • SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
  • FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
  • SEC503: Network Monitoring and Threat Detection In-Depth
  • SEC542: Web App Penetration Testing and Ethical Hacking
  • SEC540: Cloud Security and DevSecOps Automation
  • SEC588: Cloud Penetration Testing
  • SEC497: Practical Open-Source Intelligence (OSINT)
  • SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  • LDR414: SANS Training Program for the CISSP Certification
  • SEC510: Public Cloud Security: AWS, Azure, and GCP
  • ICS515: ICS Visibility, Detection, and Response
  • SEC450: Blue Team Fundamentals: Security Operations and Analysis
  • SEC573: Automating Information Security with Python
  • SEC566: Implementing and Auditing CIS Controls
  • SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
  • FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
  • LDR551: Building and Leading Security Operations Centers
  • SEC511: Continuous Monitoring and Security Operations
  • SEC555: SIEM with Tactical Analytics
  • SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
  • SEC522: Application Security: Securing Web Apps, APIs, and Microservices
  • FOR585: Smartphone Forensic Analysis In-Depth
  • SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
  • SEC501: Advanced Security Essentials - Enterprise Defender
  • FOR608: Enterprise-Class Incident Response & Threat Hunting
  • SEC565: Red Team Operations and Adversary Emulation
  • SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis
  • SEC575: iOS and Android Application Security Analysis and Penetration Testing
  • LDR516: Building and Leading Vulnerability Management Programs
  • SEC505: Securing Windows and PowerShell Automation
  • LDR521: Security Culture for Leaders
  • FOR518: Mac and iOS Forensic Analysis and Incident Response
  • FOR710: Reverse-Engineering Malware: Advanced Code Analysis
  • SEC617: Wireless Penetration Testing and Ethical Hacking
  • LDR525: Managing Cybersecurity Initiatives & Effective Communication
  • FOR498: Digital Acquisition and Rapid Triage
  • AUD507: Auditing Systems, Applications, and the Cloud
  • SEC760: Advanced Exploit Development for Penetration Testers
  • SEC556: IoT Penetration Testing
  • FOR528: Ransomware and Cyber Extortion
  • ICS612: ICS Cybersecurity In-Depth
  • SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
  • ICS456: Essentials for NERC Critical Infrastructure Protection
  • SEC549: Enterprise Cloud Security Architecture
  • ICS418: ICS Security Essentials for Managers
  • SEC388: Introduction to Cloud Computing and Security
  • SEC554: Blockchain and Smart Contract Security
  • SEC586: Security Automation with PowerShell
  • SEC467: Social Engineering for Security Professionals
  • SEC402: Cybersecurity Writing: Hack the Reader
  • SEC580: Metasploit for Enterprise Penetration Testing
  • SEC673: Advanced Information Security Automation with Python
  • SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control
  • SEC403: Secrets to Successful Cybersecurity Presentation
  • SEC405: Business Finance Essentials
  • SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling - Japanese
  • SEC401J: Security Essentials - Network, Endpoint & Cloud - Japanese
  • AIS247: AI Security Essentials for Business Leaders
  • FOR577: LINUX Incident Response and Threat Hunting
  • FOR589: Cybercrime Intelligence
  • ICS613: ICS Penetration Testing and Assessments
  • LDR419: Performing A Cybersecurity Risk Assessment
  • LDR433: Managing Human Risk
  • LDR520: Cloud Security for Leaders
  • LDR553: Cyber Incident Management
  • SEC406: Linux Security for InfoSec Professionals
  • SEC547: Defending Product Supply Chains
  • SEC568: Combating Supply Chain Attacks with Product Security Testing
  • SEC598: Security Automation for Offense, Defense, and Cloud

Awards Programs

SANS acknowledges the contributions made by exceptional information security professionals, through its annual awards programs.{{Cite web |title=Cybersecurity Awards {{!}} SANS Institute |url=https://www.sans.org/about/awards/ |access-date=2024-02-08 |website=www.sans.org}}

  • Difference Makers Awards (DMA) celebrates individuals or teams whose efforts and contributions have resulted in significant advancements in cybersecurity defense capabilities and who are contributing back to the information security community in ways that deserve recognition.{{Cite press release |last=Institute |first=SANS |title=SANS Announces the 2021 Winners of the Difference Makers Awards |url=https://www.prnewswire.com/news-releases/sans-announces-the-2021-winners-of-the-difference-makers-awards-301441165.html |access-date=2024-02-11 |website=www.prnewswire.com |language=en}}{{Cite web |date=2020-10-01 |title=Nominations Now Open for the SANS 2020 Difference Makers Awards |url=https://apnews.com/article/technology-computer-and-data-security-computing-and-information-technology-fca61e84994fb8a3850bca45600fcdc8 |access-date=2024-02-11 |website=AP News |language=en-US}}
  • Michael J. Assante ICS Security Lifetime Achievement Award acknowledges individuals who have made exceptional contributions to the security of Industrial Control Systems (ICS) on a global scale. Recipients are celebrated for their efforts to bridge the gap between IT and operational technology (OT), significantly enhancing awareness and implementations of cyber-secure ICS.{{Cite press release |last=JupiterOne |title=JupiterOne CISO and Head of Research Wins SANS Lifetime Achievement Award |url=https://www.prnewswire.com/news-releases/jupiterone-ciso-and-head-of-research-wins-sans-lifetime-achievement-award-301704675.html |access-date=2024-02-11 |website=www.prnewswire.com |language=en}}{{Cite web |title=Edwards is awarded SANS ICS Lifetime Achievement Award - ISA |url=https://www.isa.org/news-press-releases/2019/march/isa-director-marty-edwards-awarded-sans-award |access-date=2024-02-11 |website=isa.org |language=en}}

See also

References

{{Reflist}}

External links

  • {{Official website|http://www.sans.org/}}
  • [https://www.sans.edu SANS Technology Institute]
  • [https://web.archive.org/web/20061202082154/http://sdatcert3.resiusa.org/ucc-charter/DisplayEntity_b.asp?EntityID=T00178185&EntityName=SANS+INSTITUTE&TabNum=1 SANS Institute trade name information from Maryland Department of Assessments and Taxation]

{{Authority control}}

{{DEFAULTSORT:Sans Institute}}

Category:Computer security organizations

Category:Companies established in 1989

Category:Information technology qualifications