The document discusses implementing a security analytics platform to enable a proactive, risk-based approach to cybersecurity. It notes challenges with current point solutions that make holistic risk management difficult. The presentation argues that a unified analytics platform is needed to integrate data from multiple security tools and facilitate deeper insights through techniques like threat hunting. It presents SAS Institute's security analytics platform as a solution to transition organizations from reactive to proactive security management through multi-dimensional, data-driven insights.

1. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Incidents, Indicators, Insights
Risk Based Mitigation Through Security Analytics Platform
Keith Swanson, Regional Director, Fraud, Financial Crimes &
Security Intelligence
SAS Institute

2. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Risk Based Approach to Security
CyberKill Chain
Recon Weaponize Exploitation Installation
Command &
Control
Actions on
Objective
IoAs:
Detect & Analyze
IoCs:
Contain,Eradicate, Recover

3. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Difficulty
Actioning
IoAs
!
Proliferationof point
analytics solutions
impeding holistic risk-
based approach
Inability toproactively
leverage dataassets in
a meaningful way
Identificationof more events without full
context todrive action
Analytics focusedsolely
on detectionvs.
acceleratingresponse
Lack of technology
integrationforcing
reactive posture

4. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Productivity PlatformOperational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
The Underlying Cause
A VI D S
I P S
U B A
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n

5. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Everyone’s Talking
About Analytics
Source: Panemon InstituteSurvey, 2017

6. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Operational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
Change Is Needed!
A VI D S
I P S
Analytics Platform
U B A
Productivity Platform
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n

7. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Everyone’s Trying
Analytics

8. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Is Analytics the Answer?
Unifying platform & approach across security
analytics required
• End-to-endsuiteof analyticscapabilities
• Providesfoundationof capabilityfor deeper insightsfromdata
• Facilitatesthreathunting
• Governed & managedprocesses
• Clearly defined roles & standards
• Feedbackloop

9. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Operational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
Change Is Needed!
A VI D S
I P S
Analytics Platform
U B A
Productivity Platform
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n

10. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Enterprise Strategy Group: SOAPA

11. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Transitioning from Reactive to Proactive Security Management
Multi-Dimensional,Data-Driven Insights
• Data enriched prior to detection
• Behavior simultaneously monitored across
key dimensions (triangulation)
• Context derived to streamlineand optimize
response
• Analytics extended to driveautomation
Threat
App IAM
EndpointNetwork

12. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Operational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
Analytic Layer Foundation
A VI D S
I P S
Analytics Platform
U B A
Productivity Platform
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n
D a t a
D i sc o ve r
D e p l o y
Security Threat
Detection
Analytic Management
Automation&
Collaboration

13. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Analytic Layer Foundation
Analytics Platform
Security Threat
Detection
Analytic
Management
Automation &
Collaboration
Deployed data ingest models & detection
analytics, supported by Triage / Investigation
End-to-end analytic lifecycle management
Enterprise risk visualization & analytics deployed
for driving efficiency in operational functions
Data Management – Discovery – Deployment

14. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Operational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
Sample of Analytic Techniques
A VI D S
I P S
Analytics Platform
U B A
Productivity Platform
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n
Comparison Analytics
(Analytic Measures)
Temporal Analytics
(Entropy of Analytic Measures)
Implicit Models
(Signatures, Complex Rules)
Specialized Models
(Threat Typology)
Unsupervised Models
Supervised Models
D a t a
D i sc o ve r
D e p l o y