Más contenido relacionado La actualidad más candente (20) Similar a Incidents, Indicators, Insights – the emergence of the Security Analytics Platform - IBA - SAS Event presented by Keith Swanson (20) Más de SAS Institute India Pvt. Ltd (20) Incidents, Indicators, Insights – the emergence of the Security Analytics Platform - IBA - SAS Event presented by Keith Swanson1. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Incidents, Indicators, Insights
Risk Based Mitigation Through Security Analytics Platform
Keith Swanson, Regional Director, Fraud, Financial Crimes &
Security Intelligence
SAS Institute
2. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Risk Based Approach to Security
CyberKill Chain
Recon Weaponize Exploitation Installation
Command &
Control
Actions on
Objective
IoAs:
Detect & Analyze
IoCs:
Contain,Eradicate, Recover
3. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Difficulty
Actioning
IoAs
!
Proliferationof point
analytics solutions
impeding holistic risk-
based approach
Inability toproactively
leverage dataassets in
a meaningful way
Identificationof more events without full
context todrive action
Analytics focusedsolely
on detectionvs.
acceleratingresponse
Lack of technology
integrationforcing
reactive posture
4. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Productivity PlatformOperational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
The Underlying Cause
A VI D S
I P S
U B A
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n
5. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Everyone’s Talking
About Analytics
Source: Panemon InstituteSurvey, 2017
6. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Operational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
Change Is Needed!
A VI D S
I P S
Analytics Platform
U B A
Productivity Platform
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n
7. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Everyone’s Trying
Analytics
8. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Is Analytics the Answer?
Unifying platform & approach across security
analytics required
• End-to-endsuiteof analyticscapabilities
• Providesfoundationof capabilityfor deeper insightsfromdata
• Facilitatesthreathunting
• Governed & managedprocesses
• Clearly defined roles & standards
• Feedbackloop
9. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Operational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
Change Is Needed!
A VI D S
I P S
Analytics Platform
U B A
Productivity Platform
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n
10. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Enterprise Strategy Group: SOAPA
11. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Transitioning from Reactive to Proactive Security Management
Multi-Dimensional,Data-Driven Insights
• Data enriched prior to detection
• Behavior simultaneously monitored across
key dimensions (triangulation)
• Context derived to streamlineand optimize
response
• Analytics extended to driveautomation
Threat
App IAM
EndpointNetwork
12. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Operational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
Analytic Layer Foundation
A VI D S
I P S
Analytics Platform
U B A
Productivity Platform
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n
D a t a
D i sc o ve r
D e p l o y
Security Threat
Detection
Analytic Management
Automation&
Collaboration
13. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Analytic Layer Foundation
Analytics Platform
Security Threat
Detection
Analytic
Management
Automation &
Collaboration
Deployed data ingest models & detection
analytics, supported by Triage / Investigation
End-to-end analytic lifecycle management
Enterprise risk visualization & analytics deployed
for driving efficiency in operational functions
Data Management – Discovery – Deployment
14. Com pa ny Conf ide nt ial – For Int er na l Use O nly
Copy r ig ht © S AS Inst itut e Inc. All r ig hts r e se r ve d.
Operational Platform
E P P
E D R
F W
D L P
W e b / Em a i l
G a t e way s
I A M
Sample of Analytic Techniques
A VI D S
I P S
Analytics Platform
U B A
Productivity Platform
R i sk
M g t .
I n v e st i g at i o n
S I EM
T i c ke t i n gO r c h e st ra t i o n
Comparison Analytics
(Analytic Measures)
Temporal Analytics
(Entropy of Analytic Measures)
Implicit Models
(Signatures, Complex Rules)
Specialized Models
(Threat Typology)
Unsupervised Models
Supervised Models
D a t a
D i sc o ve r
D e p l o y