2019 SANS Automation & Integration Survey - ThreatConnect
A SANS Survey2019 SANS Automation &Integration SurveyWritten by Barbara FilkinsMarch 2019Sponsored by:ThreatConnect 2019 SANS Institute
Executive SummaryAutomation balances machine-based analysis with human-based domain knowledgeto help organizations achieve optimal workflows in the face of staff shortages and alertfatigue, all caused by an increasing number of destructive threats. Yet, 59% of surveyrespondents indicate that their organizations use low levels or no automation of keysecurity and incident response (IR) tasks. In this newSANS survey, we wanted to understand and exploreActivities that Depend on Automationsome of the misconceptions versus facts aroundActivities dependent on well-known, structured data sources—such asnetwork packet and flow traffic—should be considered more maturethan those that support decision-based analysis, such as remediationor forensics. This reflects directly on the level of automation achieved.See Table 1.automation and what to do about it.Automation and its issues—although a relativelynew concept for security—have been around forgenerations, ever since the 1940s in the automotiveTable 1. Automation Levelsindustry. Unfortunately, broad misconceptions aboutautomation’s benefits have arisen that practicalexperience both negates and, ultimately, results inthe failure of the enterprise moving to processesthat truly provide a substantial cost-to-benefit ratio.Accomplishing effective automation meansunderstanding these common misconceptions,NIST Cyber SecurityFramework (CSF) Phase1Automation LevelKey ActivityMediumHighDetectSecurity monitoringand detection35.0%27.1%ProtectData protection andmonitoring32.1%17.1%IdentifyAsset and inventorymanagement31.4%10.7%determining how to overcome them, taking intoaccount the potential risks, and then workingthrough the resulting challenges. SANS presents several broad misconceptions aboutautomation that have arisen though the years, discussing them in light of our surveyresults, with the goal of avoidance by the cybersecurity community.Misconception #1: Anything can be automated.Integration requirements across the IT stack today are numerous, broad andcomplex, making it nearly impossible for operational teams to develop the uniqueplug-ins needed to orchestrate tasks across all the endpoints and security tools inplace within their infrastructure.Specifically, the IoT revolution limits the capability to provide enterprise automation,given the diversity of endpoints that inhibit interoperability. Given the rapidexplosion of these endpoints, there is a need for security orchestration, automationand response (SOAR) platforms that can handle the integration and the numbers.Don’t overlook the vulnerabilities these devices and sensors introduce!Misconception #2: Automation will replace people with machines or robots.Automation allows security experts to focus on more important aspects of thesecurity life cycle. In this survey, automation doesn’t appear to negatively affectstaffing. For the most part, respondents see automation as allowing them to explorenew areas and to concentrate on more strategic endeavors.1 4162018.pdf2019 SANS Automation & Integration Survey2
Misconception #3: Existing tools can be easily integrated to automate anything.The integration of disparate tools and technologies to achieve crucialinteroperability appears to be a more pressing concern for respondents thanstaffing. This can create risk and possible uncertainty in budgeting for automation,as the specific requirements for interoperability are not well-understood.Taxonomies are typically applied to data within security technology—this is a muchlarger issue than it is for automation alone, and there is no standardization in sight.The end customers interested in automation need to know that the tools they usecan typically be made to work regardless of the taxonomy, and other complexitiesaround integration—but the benefit may not be worth the effort, and there aresolutions with offerings that can help alleviate some of the pain of integration.Misconception #4: Automation is easy to measure.Although the use of automation for response is still in theplanning stages at most organizations, respondents feelpositive about its ability to enhance the performance ofSecOps and IR teams, such as improving alert monitoring/prioritization and eliminating alert fatigue. Organizationsdo, however, need to develop better metrics to visualize andevaluate automation efforts.Misconception #5: Automation is quick to implement.Actually, automation takes a tremendous amount of effortto arrive at the point where it makes things look easy.Don’t underestimate the resources needed to definethe processes—in the light of more effective tools—andclose the semantic gaps in the data gathered. Effectiveautomation depends on the integration of people, processand technology. Automation of security processes will facebumps in the road—bumps that organizations can overcomeby reaching out to other industry sectors (such as documentmanagement) that have embraced automation across diverseplatforms and disparate technologies to understand andappropriately apply the “lessons learned.”Respondent population: 2 18 professionals, who attested they are engaged in thepractice of cybersecurity, specifically in the areas of howsecurity operations should interface with IR 7 0% security professionals- 47% security analysts, administrators and architects- 27% security management including C-levelmanagement roles (CSO, CISO or VP Security)The top five industries representing enablers ofautomation are:Banking and n is not a new concept. The term was first coinedcirca 1946 in the automobile industry. In the late 1980s, the termworkflow became synonymous with document imaging andmanagement processes. Early workflow automation systemsduring the 1990s successfully replaced basic paper-basedprocesses with electronic ones. As have other industries, thesecurity community has begun to embrace automation as asolution to handling tedious, repetitive tasks, allowing skilledstaff to focus on more strategic and advanced endeavors.2019 SANS Automation & Integration Survey30%40%Organizational size in terms of its workforce,inclusive of both employees and consultants:36.2%Small: 1,00020.2%Small to Medium: 1,001 to 5,00016.1%Medium: 5,001 to 15,000Automation in the Organization20%Medium to Large: 15,001 to 50,00010.1%17.4%Large: 50,000 or more0%10%20%30%40%Our survey dataset draws from global sources, weightedtoward North America, but with significant operationalpresence in Europe and Asia.HQOperationsUnited 3%3
SOAR, first defined by Gartner in 2015 as “security operations, analyticsand reporting,” has become a common acronym throughout the securitycommunity when referring to automation and integration solutions, with“response” substituted for “reporting.”2 Orchestration actually dependson these two concepts working together to achieve improvements inresponse, such as efficiency (increased numbers of incidents beingworked per analyst) and performance (decreased mean time toremediation from detection). (See sidebar.)Gauging the maturity of security automation within an organization isdifficult; its use within an enterprise tends to evolve organically, a naturalextension of individuals and teams trying to do their day jobs moreeffectively. The Carnegie Mellon Capability Maturity Model Integration(CMMI)—a well-respected approach to assessing organizational maturityin terms of people, process and technology—provides a perfect backdropfor seeing how automation and integration can work together. Figure 1shows such a road map for security automation.Key TermsOrchestrationOrchestration invokes and coordinates functionalityacross diverse technologies and independenttools to create an overall workflow. Orchestrationdepends on automation and integration.AutomationAutomation refers to the execution of a sequence oftasks without human intervention.IntegrationIntegration allows an automation platform to accessthe capabilities of other independent tools througha well-defined interface—preferably standardsbased (such as a RESTful API or messagingframework), and supporting a common taxonomyfor seamless data and process exchange across theconnected infrastructure.Figure 1. CMMI Applied to Security Automation, Integration and Response2 https://www.gartner.com/doc/reprints?id 1-4O4VC17&ct 180109&st sb2019 SANS Automation & Integration Survey4
Most respondents (46%) reportedhaving minimal automation of keysecurity and IR processes. This surveyexplored some of the reasons whythis may be the case. See Figure 2.Platforms: Where IsAutomation Being Used?Not surprisingly, most systems subjectWhat is the current level of security automation within your organization?50%46.3%40%33.9%30%20%12.4%10%to some level of security automation0%are under the direct control of theorganization as opposed to systems/assets not owned by the organization.5.1%2.3%High(extensiveautomation of keysecurity and IRprocesses)Low(minimalautomation of keysecurity and IRprocesses)Medium(partial automationof key security andIR processes)UnknownNone(no automation ofkey security and IRprocesses)Figure 2. Level of Security AutomationOther systems lacking automation include industrial control systems, IoTdevices or sensors, and other examples of operational technology (OT) such assmart sensors and wearables. See Figure 3.Level of Automation by System Type (N-150)HighMediumServers (development, database, email, web, DNS)Network devices (routers, firewalls, switches)Laptops (employer-owned)Desktops (employer-owned)PrintersMobile devices (employer-owned; tablets, notebooks/iPads, smartphones)Cloud-based systems (emulated or virtualized)Physical perimeter security systems(electronic access controls, surveillance systems)Mobile devices (employee-owned; tablets, notebooks/iPads, smartphones)IoT devices or sensorsLaptops (employee-owned)3.3%Industrial control systems (SCADA, plant floor manufacturing)Smart sensorsWearablesSmart systems (cars, building %12.0%10.0%5.3%.7% 5.3%.7% 8.0%34.0%25.3%.7% 4.0%1.3%1.3%48.7%28.0%1.3%Environmental controls (HVAC, water treatment)Point of sale (POS) devicesLow20%40%60%80%Figure 3. Level of Automation by System Type2019 SANS Automation & Integration Survey5
In the 2018 SANS ICS survey, SANS noted that diagnostic and prognostic data in OT systemsare excellent indicators of normal vs. abnormal processes, indicating expected operationalproblems (reduced output, intermittent disruptions, premature wear) as well as accidental ormalicious tampering or the presence of a threat inside the system.3 Typically, most automatedsecurity tools do not use such process-oriented data to evaluate the security posture of asystem and determine whether that posture has changed. Diversity across IoT endpoints—eachwith its own unique connectivity, APIs and data formats—inhibits the needed interoperabilityfor pervasive automation. Efforts by academia, industry and standards bodies are underway,but a definitive road map to achieving the needed orchestration still remains unclear.4Process: How Is Automation Being Used?Automation supports numerous key activities that map into the overall security life cycle asdefined by the phases in the NIST Cyber Security Framework (CSF). Some activities used inthe survey do not map directly to CSF phases. The SANS crosswalk between the CIS SecurityControls and CSF5 was referenced for: Incident response—Belongs to both Detect and Respond phases P en-testing and red-teaming activities—Covered by CIS Control Family 20, mapped toRespond and Recover phasesTable 2 identifies those activities that this survey addressed in bold.Table 2. NIST CSF Version 1.1 Phases and CategoriesPhaseDefinitionAssociated CSF Categories61. IdentifyDevelop the organizational understanding to managecybersecurity risk to systems, assets, data and capabilitiesAsset Management (including inventory management)Business EnvironmentGovernance (including compliance)Risk Assessment (including threat intelligence)Risk Management Strategy2. ProtectDevelop and implement appropriate safeguards to ensuredelivery of critical infrastructure services (e.g., supports abilityto limit or contain impact of a potential cyber security event)Access ControlAwareness and TrainingData Security (includes data protection and monitoring)Information Protection Processes & ProceduresMaintenance3. DetectDevelop and implement the appropriate activities to identifythe occurrence of a security eventAnomalies and EventsSecurity & Continuous (24/7) MonitoringDetection ProcessesIncident Response4. RespondDevelop and implement the appropriate activities when facinga detected security eventResponse PlanningCommunicationsAnalysis (includes digital forensics)MitigationImprovementsIncident ResponsePen-Testing/Red-Teaming5. RecoverDevelop and implement the appropriate activities for resilienceand to restore any capabilities or services that were impaireddue to a security eventRecovery eaming3 ecurity-concerns-38505, p. 10.4 18-1089-95 ical-controls-poster-2016.pdf6 4162018.pdf2019 SANS Automation & Integration Survey6
Overall, security monitoring and detection leads as the key activity supported byautomation (with 35% reporting a medium level of automation and 27% characterizingtheir automation as high). Monitoring and detection tools, especially in the networkrealm, have long relied on well-established tools for automated alerting. Data protectionand monitoring is next highest, also related to the use of automation for monitoringstructured data. Asset and inventory management also shows a definite investmentin automation, especially critical for large enterprises. Pen-testing and red-teamautomation ranked relatively low; surprising, since these activities have very automatedtoolkits available. See Table 3.Table 3. Level of Automation by ActivityLevel of AutomationActivityUsageManualKey Activity SupportedManualLowMediumHighDetectSecurity monitoring and detection97.9%7.9%27.9%35.0%27.1%Detect and on92.1%35.0%25.0%25.0%7.1%IdentifyThreat intelligence90.0%18.6%37.1%22.9%11.4%ProtectData protection and monitoring90.0%10.7%30.0%32.1%17.1%ProtectSecurity tal e support88.6%27.1%24.3%28.6%8.6%Respond and Asset and inventory management82.1%16.4%23.6%31.4%10.7%Respond and RecoverRed-teaming67.9%30.7%22.1%10.7%4.3%Digital forensics and remediation activities still depend on manualAutomated remediation tasks introduce risks thatnot every organization can safely take. Consider,however, the use of automation to expediteinvestigations and response by enriching data,performing lookups, and to kick off manualremediation assignments by notifying individualsand gaining necessary approvals.processes, areas where human insight is still largely necessary. Digitalforensics and incident response (DFIR)—a multidisciplinary professionfocused on identifying, investigating and remediating computernetwork exploitation—still relies on tedious processes, such as log andintelligence analysis, where analyst skill could be augmented throughautomation. DFIR automation is a thing that needs to happen.SOC’s Impact onAutomationLevel of Automation Versus Relationship Between SOC and IR TeamsHighThe level of collaboration20%achieved between theLowNone17.2%17.2%15.2%15%security operationscenter (SOC) and IR teamsappears to be a factor inorganizations’ adoption of6.2%5%2.1%0%that have fully integratedtheir IR team with their SOCshow the greatest adoption10.3%10%automation. Organizationsof medium- or high-levelMedium6.2%IR is independentof the SOC, anddoes its ownthing duringinvestigations.1.4%5.5%4.8%3.4%0.7%IR operatesunder the SOC,but is staffed byseparate teammembers.*1.4%1.4%IR is totallyoutsourced,but works withour SOC duringinvestigations.0.7%1.4%IR is a fullyintegrated partof our SOC, withcross-trainedteam members.1.4% 2.1%0.7%IR is a unit withinour SOC, withseparately trainedstaff and skills.*No respondents reported a high level of coordination when IR is totally outsourced.automation. See Figure 4.Figure 4. Level of Automation Versus SOC and IR Coordination2019 SANS Automation & Integration Survey7
How this dependency may affect future automation and integration plans remainsunclear. Whereas 52% foresee no change in status during the next 12 months, 25%remain unsure. For the 23% who anticipate change, several respondents noted thatthey are in the midst of defining the problem.Defining AutomationEffortsA significant portion of SOC actions focus on finding and validating security incidents—activities that are also key to IR. Fully integrating the SOC and IR teams can contribute“More information-sharing inday-to-day business, not justduring an incident [is needed].Cross-access to specialized tools[and b]etter, more standardizedpolicy, process and proceduredocumentation [are also needed]to make cross-training easier.”to the success of SOC automation. Consider addressing any cultural issues whenstarting to consider improving instrumentation—including working to improverelationships between the SOC and IR teams, and removing any silos that standbetween these groups.Platforms: What Are the Leading Tools?– Survey RespondentTable 4 shows that alerts and log analysis tools lead the advanced levels of automation.This may be in part due to the fact that the data sources for these tools tend to bebetter defined (normalized to a given schema) with less variation in understanding boththe syntactic (format) and semantic (meaning, definition) constraints than other sourcessuch as user activity monitoring.Table 4. Level of Automation for Key ToolsLevel of AutomationTotal UsedLowMediumHighBrowser and screen-capture tools48.9%31.4%14.6%2.9%Third-party tools specifically used for legal digital forensics50.4%29.2%13.9%7.3%Security case management systems51.8%23.4%19.0%9.5%User notification or complaints56.2%23.4%18.2%14.6%File integrity monitoring (FIM)59.1%30.7%19.0%9.5%Network traffic archival and analysis tools59.1%27.0%19.0%13.1%Behavioral monitoring 19.7%12.4%SSL visibility (encryption/decryption) at the network boundary62.8%19.0%21.9%21.9%User activity monitoring tools62.8%33.6%15.3%13.9%Intelligence and analytics tools or services65.0%31.4%27.7%5.8%Services availability monitoring65.0%24.8%22.6%17.5%Homegrown tools for our specific environment (e.g., playbooks)67.9%34.3%21.2%12.4%Identity management70.1%23.4%32.8%13.9%Network packet capture or sniffer tools70.1%34.3%19.0%16.8%Host-based intrusion detection (HIDS) agent alerts71.5%28.5%26.3%16.8%Network-based scanning agents for signatures and detected behavior75.2%22.6%32.8%19.7%Network flow and anomaly detection tools75.2%31.4%23.4%20.4%Secure web gateway (on-premises and/or cloud proxy)78.1%24.8%27.7%25.5%Endpoint controls (e.g., network access control [NAC] or MDM)80.3%19.0%40.1%21.2%SIEM correlation and analysis83.2%24.8%28.5%29.9%Endpoint detection and response (EDR) capabilities86.1%27.7%38.0%20.4%24.1%Vulnerability management tools86.1%25.5%36.5%Log ed threat management (UTM) alerts92.0%21.9%40.1%29.9%2019 SANS Automation & Integration Survey8
Respondents approach tool integration in differentways, ranging from using no tools (21%) to bothacquiring dedicated platforms and integrating existingtools (26%), demonstrating the need to match theirapproach to technology with staff skills. See Figure 5.Respondents are looking to leverage existing tools, with34% involved in in-house integration and orchestrationefforts and another 26% acquiring automation toolsto aid their endeavor. Here, standard methods forintegration, such as standard data formats (JSON,XML and so forth), API functionality and messagingframeworks should be used.What is your current approach to automation tools?1.4% o automation or orchestrationNtools currently in useL everaging the services froman MSSP21.3%26.2%I ntegrating existing toolsthrough in-house integrationand orchestration efforts10.6% cquiring dedicated automationAtools from an independentsoftware vendor6.4%34.0% oth acquiring dedicatedBautomation tools andintegrating existing toolsSomething more may be needed as organizationslook to institutionalize security automation acrosstheir enterprises, as both SIEM and SOAR platforms depend on well-defined interfacesand common data taxonomies. Consider doubling up on using your SIEM schema indeploying your SOAR solution—you have already normalized the data you are collectinginto one consistent format. OtherFigure 5. Approach to Automationand Integration of ToolsOpen standards are developed and maintained via a collaborative and consensus-drivenprocess to facilitate interoperability and data exchange among different products orservices. These can help organizations better understand the risks and work involved inimplementation, as well as provide a common framework for vendors to standardize theirinterface offerings. The relevant integration standards that have emerged—such as NISTSecurity Content Automation Protocol (SCAP) 2.0 and OASIS Open Command and Control(OpenC2)—have a relatively low level of adoption, possibly because the automation theydefine is not a truly machine-definable problem, other than for the threat/responseactions. Additionally, commercial vendors are supporting messaging frameworks with atrend to fully use the framework as open source, providing it to the security communitywithout charge to improve interoperability across security products and tools.If most analysts are good atwriting scripts, don’t hesitateto develop an integrateddevelopment environment (IDE)with a variety of Python, Rubyor other tools. However, if themajority are noncoders, lookto leverage the strengths of aSOAR platform that has simpledrag-and-drop functionalityor even consider completelyoutsourcing development toa managed security serviceprovider (MSSP).Growth, Change and BudgetMore than 57% ofrespondents anticipatechanges to the focus of theiruse of automation in the next12 months, while another28% remain unsure. The topfive industries, all of whichsignificantly influence thesecurity market, show theyare definitely anticipating achange in their adoption ofautomation. See Figure 6.Change in Automation by Top Five Industries10%8%8.8% 8.8%7.6%6% Banking and finance4.7%4%5.3% Government3.5%2.9% 2.9%2.3% 2.3%1.8% 1.8%2%0% Cybersecurity5.3%1.8%0.6%YesNo Technology Telecommunications/ISPUnknown/UnsureFigure 6. Change in Automation Adoption: The Top Five Industries2019 SANS Automation & Integration Survey9
This change is undoubtedly due to a growth in automation. Allocations for automationInteroperabilityas a percentage of an organization’s present security budget for the next 12 months areInteroperability is the ability ofcomputer systems or softwareto exchange and make use ofinformation.increasing over current levels, along with the uncertainty. See Table 5.Table 5. Budget for terthan 10%Current37.7%18.0%18.0%6.6%6.6%1.6%11.5%Next 12 4%3.3%2.5%3.3%3.3%ResponseFactors influencing investmentdecisions around automation canbe considered as both direct andindirect. Direct factors are thecommon leading ones: budget andmanagement support along withstaffing concerns, i.e., the overallnumber of staff and how therequired skills are being acquiredand/or kept current through trainingand certification. See Figure 7.Indirect factors include thechallenges of making toolsinteroperate in an automatedenvironment; correlating datato obtain useful, actionableinformation for decision making;and establishing collaborationbetween the SecOps and IT teams.Understanding these factors allowsan organization to develop asolid approach—regarding scope,schedule and resources—uponwhich the direct factors can berealistically evaluated.Perception: What Are theRisks in Getting There?Most respondents (59%) are lookingto automation for improvements inthreat investigations, followed bythe ability to automate workflowsand policy execution (53%) andbeing able to correlate incidentsmore effectively for proactiveanalysis (42%). See Figure 8.What factors affect your organization’s decision to support that level of investment?Select your top three.Budget and management support61.7%Skills required to integrate and operate tools53.1%Amount of skilled staff49.2%Automation and interoperability across existing tools31.3%Correlating data into useful information30.5%Integration and coordination between security and IToperations teamsEstablishing policy that allows automation of itsmanagement and executionEase of acquiring needed %60%Figure 7. Factors Influencing Automation InvestmentWhat do you consider the top three essential automation requirements?Select the top three.Increase speed and quality of threat investigations byautomating data collection and analyticsAutomate workflows and policy execution aroundsecurity operationsCorrelate incidents more effectively for proactiveanalysis58.5%52.6%42.2%Reduce false positives34.8%Generate reports and dashboards that can addressconcerns specific to the organizationProvide journaling to record information about thehistory of an incident31.1%21.5%Utilize threat intelligence from a variety of sourcesProvide libraries of common practices and bestpractices that can be used for easy automationLeverage forensics in analyzing activities thatoccurred pre- and post-breachSupport improved exchange of information betweenoperational teams and external stakeholders2019 SANS Automation & Integration re 8. Top Essential Automation Requirements10
Respondents realize that efficiencyWhat do you perceive as potential risks in security automation?Select all that apply.comes at a price. An upfrontinvestment of both dollars andBudget constraintsresources is needed to reap theResource constraintsbenefits of automation. The risksassociated with the integrationprocess are also a leading concern,both in terms of overall interfacestandards and limitations in currenttools, as shown in Figure 9.59.8%59.1%Dependency on other IT operations processes andtools that can impede key processesLack of integration standards across tools(e.g., ability to interface systems, correlate data)57.5%53.5%Limited capability of current tools for integration45.7%Overall market direction and related impacts that canaffect investment in automation tools and technologies15.8%Current processes do not need to be automatedMaking things look easy usuallyOthertakes hard work. Developing and10.2%4.7%0%deploying effective automation10%can be demanding, particularly20%30%40%50%60%Figure 9. Automation Risksto get the processes “right” and the interfaces semantically “correct.” And it can oftentake longer than anticipated, regardless of the technology being used to achieve theautomation. Accenture Plc, the global consulting firm, took five years to develop thesoftware and services it uses to streamline and automate processes in such areas asfinance and accounting, marketing and procurement. The software and services sit ontop of existing databases and record-keeping systems. Interestingly, this automation didnot result in any loss of employment for Accenture staff; the 40,000 affected workershave been redeployed.7Perception: What Is the Impact on Staffing?People often view automation with fear: “My job will be replaced by a machine!”However, results show that organizations with medium or greater levels of automationactually have higher staffing levels than those with low automation levels. See Table 6. N o change:“Do more with the same staff.”Table 6. Level of Automation Versus Staffing (N 142)1 or less2–56–1011–25Over 25Medium .5%31.0%14.8%15.5%16.9%Automation does not necessarily mean a reduction in staffing. It may, in fact, enableexisting staff to be more effective, using technology to allow individuals to focus onmore important aspects of work and life. Respondents do not appear concerned aboutautomation taking away jobs. Most feel that there will be no change in staffing levelsand are actually looking forward to a change in focus—or a new adventure entirely.7Respondents SpeakOut on Staffing andAutomation C hange in focus:“Enable existing staff to spendmore time on higher valuesecurity activities like threathunting.” N ew adventure:“More time to focus more onthe ‘real’ and ‘exciting’ stuffrather than doing triagemonitoring for alerts thatmight as well be automated.” software-that-allowed-it-to-cut-40-000-jobs2019 SANS Automation & Integration Survey11
Implementation of effective automation often requires an initial surge inTable 7. Change in Security Staffing:Top Five Industriesstaff to get the kinks worked out, but it is almost invariably accompaniedby a redirection, not reduction, of the existing workforce. The top fiveAmount of Change (%)industries anticipate
Automation allows security experts to focus on more important aspects of the security life cycle. In this survey, automation doesn't appear to negatively affect staffing. For the most part, respondents see automation as allowing them to explore new areas and to concentrate on more strategic endeavors. 2019 SANS Automation & Integration Survey
PSI AP Physics 1 Name_ Multiple Choice 1. Two&sound&sources&S 1∧&S p;Hz&and250&Hz.&Whenwe& esult&is:& (A) great&&&&&(C)&The&same&&&&&
SANS 1200 A General SANS 1200 C Site Clearance SANS 1200 DB Earthworks (Pipe Trenches) SANS 1200 G Concrete Works SANS 1200 L Medium-Pressure Pipelines SANS 1200 LB Bedding (Pipes) SANS 1200 MJ Segmented Paving SANS 1200 MK Kerbing and Channeling SANS 1200 MM Ancillary Roadworks These standardised specifications are available from the South .
SANS 10400: Part W - 2011 SANS 10087: Part 1 - 2013 SANS 10087: Part 3 - 2008 SANS 10087: Part 7 - 2013 SANS 10087: Part 10 - 2012 SANS 10089: Part 1 - 2008 SANS 10089: Part 2 - 2007 SANS 10089: Part 3 - 2010 SANS
Argilla Almond&David Arrivederci&ragazzi Malle&L. Artemis&Fowl ColferD. Ascoltail&mio&cuore Pitzorno&B. ASSASSINATION Sgardoli&G. Auschwitzero&il&numero&220545 AveyD. di&mare Salgari&E. Avventurain&Egitto Pederiali&G. Avventure&di&storie AA.&VV. Baby&sitter&blues Murail&Marie]Aude Bambini&di&farina FineAnna
The program, which was designed to push sales of Goodyear Aquatred tires, was targeted at sales associates and managers at 900 company-owned stores and service centers, which were divided into two equal groups of nearly identical performance. For every 12 tires they sold, one group received cash rewards and the other received
THE SANS PROMISE At the heart of everything we do is the SANS Promise: Students will be able to use their new skills as soon as they return to work. REGISTER FOR SANS TRAINING Learn more about SANS courses, and register online, at sans.org Test drive 45 SANS courses For those new to SANS or unsure of the subject area or skill level
SABS 767-1 SANS 767-1 rl1: Fixed earth leakage protection cireu -breakers 1982 2 SABS 767-2 SANS 767-2 rt 2: Sing!e-phase,portable units 1983 2 SABS77D SANS 770 1982 1 SAB5776 SANS 776 valves -HeaVf duly 2000 3 SAB5777 SANS 777 1986 3 SABS778 SANS 718 2002 3,02 SABS779 SANS
Based on the results obtained, it can be concluded that learning by using guided inquiry-based chemistry module is effective in improving students' character and concept understanding. Keywords: T. he effectiveness of learning ,Character Guided Inquiry Module Concept Understanding Classical Completeness Criteria . 1. Introduction . Chemistry is one of the subjects that is closely related to .
