Skip to main content

Dropzone AI Can Make Internal SOC Teams More Effective

In this paper, SANS Certified Instructor Mark Jeanmougin examines how Dropzone AI can integrate into existing security stacks and help SOC teams stay focused on high-impact decisions.

Download file

SANS_Dropzone_AI_Make_Internal_SOC_Teams_More_Effective_Jun2025 (PDF, 0.42MB)

17 Jun 2025
ByMark Jeanmougin
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP

Research Paper

Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP

  • 4 Jun 2026
  • Matt Bromiley

Bridging the Gap Between Threat Intelligence and Business Risk

Research Paper

The importance of the threat intelligence function has grown significantly over the years to become a cornerstone of any cybersecurity group.

  • 29 May 2026
  • Kevin Garvey

Secure By Design: An Exploration of the Application of Generative AI in Threat Modeling Technical Design Documents

Research Paper

This paper explores the efficacy of large language models (LLMs) for creating comprehensive threat models by analyzing technical design documents, particularly when provided with additional contextual information about the product's underlying infrastructure and deployment environment.

  • 27 May 2026
  • Mark Oswald

2026 SANS Cyber Threat Intelligence (CTI) Survey Insights

Research Paper

Every year, the SANS CTI Survey gets sharper. This year, it takes a step the field has needed for a while. For the first time, the 2026 survey includes a dedicated module for security executives, capturing responses from 67 CISOs and CSOs.

  • 15 May 2026
  • Rebekah Brown, Andreas Sfakianakis

Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT

Research Paper

This paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.

  • 12 May 2026
  • Omar Zaman

Autonomous Defense Induced Disruption: How AI-Driven Automated Response Can Be Manipulated to Disrupt Enterprise Operations

Research Paper

The research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption.

  • 12 May 2026
  • Marcio Enriquez

Your Sensitive Data Has Left the Chat: LLMs as Sensitive Data Detectors

Research Paper

This paper seeks to evaluate the hypothesis that language models, large and small, can perform well at sensitive data classification and to offer a solution for companies trying to detect contextually sensitive data in their AI workflows.

  • 12 May 2026
  • Colten Davis

Untested: An Overlooked Link in the Software Supply Chain

Research Paper

This research explores test code as an attack surface and takes a first step toward creating a tool to help analysts detect and mitigate malware lurking in test libraries.

  • 16 Apr 2026
  • Evan Ottinger

Cyber Risk Intelligence and Security Posture (CRISP): From Compliance to Threat-Informed Intelligence

Research Paper

This paper presents CRISP (Cyber Risk Intelligence & Security Posture), a platform that automates the transformation of STIG compliance data into threat-informed security intelligence.

  • 7 Apr 2026
  • Eric Kaden

Leveraging Generative AI for Password Cracking Efficiency Under Resource Constraints

Research Paper

The purpose of this research is to investigate whether generative AI can alleviate the hardware and financial burdens of password cracking (password recovery) while maintaining or even improving cracking success rates.

  • 20 Mar 2026
  • Wesley Keller

Enhancing Linux Threat Detection: A Sysmon - Based Approach to Identifying Sandworm TTPs

Research Paper

Linux systems have become foundational across modern IT enterprises. Threat actors are increasingly targeting Linux systems, including well - known advanced persistent threats (APTs) such as Sandworm.

  • 20 Mar 2026
  • Joshua Keller

Open-Source National Security Infrastructure for Sweden’s National Security Apparatus

Research Paper

This paper investigates whether core IT infrastructure implemented using open-source software and infrastructure-as-code techniques can achieve compliance with selected information security requirements defined in Chapter 4 of PMFS 2022:1.

  • 18 Mar 2026
  • Fredrik Bolinder

Detecting AI Pickling

Research Paper

This study examines whether static analysis is a dependable "certification gate" for ingesting third-party, pickle-based AI model artifacts from open-source model hubs into a trusted internal registry.

  • 12 Mar 2026
  • Bryan Nice

How Many LLMs Does it Take to Classify a Suspicious Email?

Research Paper

This study examines the accuracy, reliability, and operational behavior of three widely available LLMs using a dataset of 2000 human-written emails containing both legitimate and suspicious messages.

  • 12 Mar 2026
  • Bridget Bartell

Autonomous Threat Emulation and Detection Using Agentic AI

Research Paper

Traditional threat emulation frameworks struggle to capture the dynamic and adaptive behaviours of modern Advanced Persistent Threats (APTs), leaving defenders reliant on static tests that quickly become obsolete.

  • 10 Mar 2026
  • Marcus Dillion Yin

Evaluating Configurations for Reducing Problematic Emotional Engagement in Enterprise LLM Deployments: Implications for Insider Threat Risk

Research Paper

The risks of Large Language Models (LLMs) include triggering psychological drivers associated with malicious insider threat behavior. This study utilized AWS Bedrock to demonstrate that specific system-level configurations and guardrails can effectively mitigate these risks by reducing problematic human-AI engagement.

  • 2 Mar 2026
  • J. Wolfgang Goerlich

Configuring Windows 11 Workgroup Computers to CIS Windows 11 L1 and BitLocker Baseline Recommendations Using PowerShell DSC

Research Paper

Endpoints are often the first points of cyberattacks. Enterprises would often try to harden them according to established security baselines, such as those published by the Center for Internet Security (CIS).

  • 24 Feb 2026
  • Tan Gui De

Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement

Research Paper

This study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.

  • 5 Dec 2025
  • Garland Brown

No-Cost Detection of Endpoint Hard Drive Removal

Research Paper

This paper analyzes low-cost detection methods, using existing hard drive counters from Self-Monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) and the Windows Registry, for their fidelity in detecting hard drive removal.

  • 19 Nov 2025
  • Ryan A. Graham

Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains

Research Paper

This research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.

  • 19 Nov 2025
  • Thomas Gorman