reducing the hacker's information advantage: leveraging … · 2017-11-28 · the future of...

Reducing the Hacker’s Information Advantage: Leveraging Analytics to Improve Cybersecurity

Stu Bradley, Senior Business Director, Security Intelligence Practice, SAS

Bryan Harris, Director, Research and Development, Cyber Analytics Research and Development, SAS

Alan Webber, Research Director, Digital Government, IDC

Big Data and Predictive Analytics: On the Cybersecurity Front Line

Alan Webber

Global Research Director

National Security and Public Safety

The Nature of the Battle

“All advantages go to the offense in cyber. It just does. On the

defensive side, you have to say ‘I must defend all 100,000 machines

and all 50,000 employees.’ The offensive side thinks ‘I only need to

break into one and I’m on the inside.’”

Kevin Mandia

President, FireEye

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 3

How Bad Is It?

PwC estimated that there were 42.8 million attacks in 2014

That is over 117,000 every day

Successful attacks are expensive

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 4

Distribution of Targets

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 5

Source: http://hackmageddon.com/

3rd Platform – Channels and Targets Multiply

6

We have moved on to the 3rd

platform with millions of

apps, billions of users, and

trillions of things.

Each of these has a

vulnerability.

We still have the

vulnerabilities from the 1st

and second platform.

Innovation Accelerators Driving Disruption And More

Security Issues

7

Innovation Accelerators

come with positives

and negatives.

Specific areas of

concern are robotics,

IoT, and the expansion

of data.

Next generation

security will focus on

analytics and

behavioral analysis.

Key Areas of Risk

Lack of visibility

Mobility and mobile devices

Exponential growth of end points

Interconnected systems

Outdated systems (ex. SCADA)

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 8

Big Data and Analytics Are Key Security Tools

Benefits

Shift from reactive to proactive

Network visibility

Threat intelligence

Better precision

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 9

Big Data and Analytics Are Key Security Tools

Benefits

Shift from reactive to proactive

Network visibility

Threat intelligence

Better precision

Challenges

Scalability

Expertise

Integration

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 10

Everything (and Everyone) is a Target

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 11

The Future Of Cyber Security

“The potential for a cyber Pearl Harbor exists. Security professionals

and the U.S. government have predicted it. The question is, will

businesses take the threat of cyber warfare seriously and make it a

priority in their budgets? Fair warning…”

Gideon Rasmussen

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 12

Thank You

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 13

Join me and your peers and the conversations in

our IDC Government Insights Community

http://idc-insights-community.com/government

Alan WebberResearch Director, Digital Government Innovation and Transformation

IDC Government Insights

awebber@idc.com

@alanwebber

C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .

CYBERSECURITY

BRYAN HARRIS

C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .

9 Months

C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .

ANATOMY OF A

SOPHISTICATED

CYBER ATTACK

Customer

Data

Weakness in supply chain is used to gain

access to your network

Credentials of supplier was compromised

due to poor security implementation or poor

security processes

Mimic known “service accounts” to avoid

host-based detection

Compromised machine begins to perform

active network reconnaissance

A command and control point is established

on the network, with end nodes being the

POS

Install BlackPOS malware targeted POS

systems

Exfiltration of customer data via multiple

servers & monetization on black market

POS POSPOS

C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .

10 Billion

C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .

Contextually-Enriched, Priority-Ranked Security Alerts

Stream Processing

and

Behavioral Analytics

Firewalls, IPS, IDS, Malware,

Web Proxy Logs, DLP, SIEM

Firewalls, IPS, IDS, Malware,

Web Proxy Logs, DLP, SIEM

SAS

CYBERSECURITYDATA TYPES AND MONTHLY DATA VOLUMES

PCAP

Trillions

FLOW

Billions

POINT SOLUTION

ALERTS

Millions

Thousands

?

C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .

SAS BEHAVIORAL

ANALYTICS

APPROACH

?

Behavioral Analytics

On Massive VolumeMachine to Machine Interactions

Not Normal interaction

Not Normal interaction

Not Normal Throughput

Market Need: Detect changes in Machine-to-

Machine interactions using behavioral analytics

as it happens

Prioritized IP Address / Hostnames for

integration into Incident Management Process

C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .

KEY TAKEAWAYS

• Enrich network data with business context to detect risks based on specific

business workflows and peer groups

• Behavioral analytics across the real-time, “near-time” & “any-time”

continuum for better situational awareness

• Store only relevant, optimized data for ongoing analytic effectiveness

• Analytic-driven intelligence & data visualization to streamline investigations

• Leverage existing cybersecurity investments & threat feeds for holistic view

of risk

GAINING BETTER VISIBILITY OF NETWORK BEHAVIORS