Alumni: Overview


The challenges of information security are constantly evolving, and excellence in performance demands continuous monitoring of changes in threats, technology, and practices. SANS conducts an extensive research program that will help SANS Institute students and alumni maintain their edge in security. All of these services are available at no cost to SANS Institute alumni and students.

Critical Vulnerability Monitoring and Assessment Service

This three-level program helps SANS Institute alumni and their employers stay up-to-date on the most critical new security vulnerabilities that are discovered and exploited. It provides information on impact, remediation, and consensus information from leading organizations that help prioritize remediation efforts.

  • Weekly, you will receive a detailed assessment listing the most critical vulnerabilities, what software and hardware systems are impacted, how attackers can exploit them, what damage can be done, and what leading companies and government agencies have done to deal with each one. This weekly report also updates you when certain vulnerabilities reach a higher threat level because exploitation code is made available on the Internet.
  • Quarterly, we will publish for you the most important of the vulnerabilities covered in the weekly updates
  • Annually, with the US, Canadian, and United Kingdom governments, we make available to you and to all security professionals the annual summary of the most critical Internet security vulnerabilities, called the SANS 20 Critical Security Controls.

A fourth level occurs very infrequently. When SANS Internet Storm Center sensors warn us that a major new threat is growing rapidly, SANS issues a Flash Alert. The alerts go first to the DoD, NSA, FBI and DHS and their counterparts in other countries, and then immediately to SANS alumni.

Internet Storm Center: The Internet's Early Warning System and 24/7 Incident Handling Service

SANS, with the help of more than 2,000 volunteers, has constructed the largest open network of malicious traffic sensors in the world. By monitoring malicious traffic reaching more than 450,000 IP addresses across the world, SANS Internet Storm Center provides alumni with up-to-date assessments of what types of attacks are being launched. Alumni are also allowed to feed firewall logs and other data to Internet Storm Center and get back data about where attacks on their organization are originating, what services they are attacking, and whether those attacks are similar to the ones that are hitting other organizations.

Internet Storm Center also is the home of the 24-hour, 7-day a week, Internet Incident Handler Network. These experts, at least one of whom is on duty at all times, receive confidential reports of attacks that appear to have been launched against SANS alumni organizations and others, coordinate analysis of the attack and provide the most rapid publicly available analysis of these attacks available anywhere on the Internet. Tens of thousands of SANS alumni and government cyber defenders check Today's Diary first thing every morning.

News Summaries with Expert Commentary

Twice each week, SANS alumni receive SANS NewsBites, providing summaries of the major security news stories that have appeared in the past few days with analysis of the news by industry leaders from SANS, Gartner, and several other major organizations. The commentary helps you continually assess the news from an expert perspective.

Current Security Policy Templates

As the security landscape changes, new security policies are often required. SANS alumni have access to a constantly updated library of Security Policy Templates that they may use as is or as starting points for the new policies their organizations need.


The SCORE cooperative research program delivers authoritative checklists and tools that enable you to measure the effectiveness of the security of various aspects of your defensive arsenal.

SANS Web Briefings

Several times a month, SANS faculty and other Security experts provide up-to-date web briefings for SANS alumni on new threats seen at Internet Storm Center, new technologies that are emerging, and analysis of security trends. These web briefings are archived so you may listen to them at any time.

SANS WhatWorks

Choosing the right security software that actually does what the vendors claim is far more difficult than it should be. Many organizations end up with security tools that do not work effectively and their organizations and customer information are put unnecessarily at risk. SANS WhatWorks enables alumni and others who are using security tools to share their experience both good and bad in implementing security tools. They deliver that information to you as webcasts (available at all times), and textual case studies. The program allows you to eliminate months of trying to decide whether all the sales pitches you are getting reflect reality.

SANS Reading Room

SANS students and faculty research reports are posted (exclusively) at the SANS reading Room. More than 75,000 unique visitors read papers in the Reading Room every month and it has become the starting point for exploration of topics ranging from SCADA to wireless security, from firewalls to intrusion detection. Over 1,500 unique papers are sorted into approximately 75 categories.