Upload File

how to tune your cybersecurity radar(2) with security ... · #analyticsx c o p y r ig ht © 201 6,...

  • Home
  • Documents
  • How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected
23
#AnalyticsX Copyright © 2016, SAS Institute Inc. All rights reserved. How to Tune Your Cybersecurity RADAR 2 With Security Analytics Mark Dobeck Professor Cleveland State University Stu Bradley Vice President, Cybersecurity Solutions SAS

Upload: others

Post on 21-Aug-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

#AnalyticsXC o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

How to Tune Your Cybersecurity RADAR2 With Security Analytics

Mark DobeckProfessorCleveland State University

Stu BradleyVice President, Cybersecurity SolutionsSAS

Page 2: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

200% Increase

in Cost

59% Detected by

3rd Party

$450B Lost

$154 per Record

80.5 Days

Billions of Events

$170B Annual

Spend

Page 3: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Security Analytics: The Buzz Is Not Enough

Rules/Thresholds

B e h a v i o r a l A n a l y t i c s

Data Visualization

Security Analytics

In-Stream

Machine Learning

Statistical Modeling

In-Memory A n omalous B e havio r

Page 4: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Analytic Maturity Curve

Search, Query & Response

Predictive Analytics

Behavioral Anomalies

Rules & Signatures

Page 5: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

What’s Being Overlooked?

Value of Results

Data TimeAnalytic

Approach

Page 6: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

There is Hope for Security Analytics

• Can provide network visibility

• You should understand impact of scale

• You should investigate data, timing & analytic approaches used

Page 7: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Cybersecurity Is Strategic Long-term & operational considerations

Expand & elevate CISO/CDO role

Cybersecurity must be adaptive

Technology trends

Artificial intelligence

Machine learning

Behavioral analytics

Predictive analytics

Page 8: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

RADAR2 Methodology for Cybersecurity

Readiness1

Awareness2

Detection3

Action4

Remediation5

Recovery6

Page 9: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Readiness Enterprise cybersecurity risk management plan

Planning & preparation

Formal policies & procedures

Documentation

Implementation

Cybersecurity Readiness Team

Testing

Monitoring

1

Page 10: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Data Governance Compliance

Legal obligations

Regulatory requirements

Fiduciary responsibility

Data is an asset class

1

Page 11: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Threat Intelligence Internal analysis

External information ISAC (Information Sharing & Analysis Center)

External feeds

Threat intelligence must be: Accessible Intelligible Timely Actionable

Reliable Relevant

1

Page 12: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Awareness Analytics/cybersecurity culture

Mandatory education & training

Change management plan

Commitment

Communication

2

Page 13: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Detection Threat recognition & forecasting

Predictive analytic tools

Behavioral analytic tools

Anomalies/suspicious activity

Rapid Response Team notification

3

Page 14: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Machine Learning Artificial intelligence

Data-intensive

Autonomous learning

Structured & unstructured data

Supervised & unsupervised learning

Automation

3

Page 15: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Behavioral Analysis Email

Social media

Unauthorized access

Pattern & trend recognition

Anomaly detection

Data leaks

3

Page 16: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Predictive Analytics Data-driven

Near real-time

Machine learning

Multiple information sources

Internal & external

Improves response capabilities

3

Page 17: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Action Rapid Response Team assessment

Corrective action determination & damage control

Legal evaluation & review

Initial communications (internal & external)

Investigation (internal & external)

Law enforcement

4

Page 18: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Remediation Correct problems & issues

Formal enterprise security audit

Update/upgrade vulnerability detection & response technology

5

Page 19: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Recovery Conduct formal post-mortem (lessons learned)

Revise cybersecurity policies & procedures

Change implementation & testing

Accurate & timely communications

Normal operations

6

Page 20: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Summary Cybersecurity is strategic

RADAR2 is an ongoing process

Awareness, communication & coordination are key to an effective cybersecurity culture

Security analytics enables data-driven decision-making throughout the cycle

Page 21: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Q & A

Page 22: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

Speakers:

Stu Bradley

VP, Cybersecurity Solutions

SAS

[email protected]

Mark Dobeck, Ph.D.

Cleveland State University

[email protected]

Visit the Innovation Hub to learn about SAS & security analytics

Research briefs on the RADAR2 method available at iianalytics.com

Page 23: How to Tune Your Cybersecurity RADAR(2) With Security ... · #AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. 200% Increase in Cost 59% Detected

C o p y r ig ht © 201 6, SAS In st i tute In c. A l l r ig hts r ese rve d.

#AnalyticsX


IN T H E H IG H C O U R T O F J U D IC A T U R E A T B O MB A Y O … · in t h e h ig h c o u r t o f j u d ic a t u r e a t b o mb a y o r d in a r y o r ig in a l c iv il j u r

BERN 10TH OF MAY 2016 MICHAEL PROBST - Sas InstituteC o p y r ig ht © 201 5, SAS In stitute In c. All r ig hts r ese rve d. THE IOT PROMISE New Business Models Quality of Life Early

Building a Smart Infusion Figure 1 Phases drug order tes ... · 12 R e-T es ts 13 S ig n-off / A pprova l D E S IG N P repa ra tion D R U G L IB R A R Y C O N F IG U R A T IO N R

O R IG IN A L Historical biogeography of South …O R IG IN A L A R T IC L E Historical biogeography of South American freshwater Þshes Nicolas Huber t* and Jean-Fr ancüois Renno

IG-55: Inert Gas Fire Suppression System Inertes IG... · What is IG-55? IG-55 is a gas made up of a mix of equal parts: 50% argon (IG-01) and 50% nitrogen (IG-100). Its components

Session 3.4.1: Integrated joint management of rivers ... fileTraíra Caquetá Aupa Ig. Cunha Juruá Ig. Envira Ig. Cachoeira Ig. Sta. Rosa Ig. Riozinho Ig. Cachoeira Progresso Chandlees

SPECIFY CATALOG NO. AND SERIAL NO. WHEN ORDERING … · ig g ig rs rig rig ir ig i r rws Picture A’ Picture B i ape ig g rs rig rig ir i r rws Dri i ir r w ... 10 05-78-0105 Rotor

b^ - here is Yifanhereisyifan.com/about/yifan_wu_resume.pdf1D ;. 9:> + '$-) # %)# # * ! # %) MW %!! &% !( $# ' % IG) %)# )-%-$)- R! ($ ), F& ) G' (' - ,* ' !( $ G' U $ '& $)- * ,%

r i gh t h e re , r ig ht n ow

A P ET I Z R S EL OR IG N A L FAVORITOS - UrbanDaddy

S IG N AT U R E S

e as onl D ig t - Home | US Forest Service...e as onl D ig t R o ad s Op e nt H ig hw yL lV c T h eran um o std ig v cl

Pawn ollection - the-eye.eu · 49 48 47 46 45 44 43 42 41 40 39 38 36 35 34 33 32 31 30 29 28 27 26 37 37 37 37 25 ig ig ig ig ig ig ig ig ig ig ig ig ig ig ig ig ig ig ig ig ig ig

B IG 6 R ESEARCH M ODEL The B IG 6 R ESEARCH M ODEL What Is It Why Use It How to Implement It

M E = 4 460 500 460 500 AE(C+Ig 1 ) AE(C+Ig) AE(C+Ig 2 ) S Y R Y * Y R Y * 10 Ig 390 470 550 630 390 470 550 630 Real GDP 0 AE 3 (C+Ig+G+Xn) ( Complex

Brighton&L B ig to ewesBeekeep e r

Corporation. IG-A10J-W IG-A10J-R IG-A10J-Bsupport.sharp.net.au/downloads/opmanuals/IGA10Jom.pdfPlasmacluster helps to improve the air quality by eliminating of airborne mould*1, viruses*2,

ite karyaperez id an º83/01 ryoku wa 09/12/2010 r ig

Best Practices Using Analytics and Data for Good: …...#AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. Best Practices Using Analytics and Data

Understanding Table and Memory Management in …...#AnalyticsX C o p y r ig ht © 201 6, SAS In stitute In c. All r ig hts r ese rve d. Understanding Table and Memory Management in

M a r r ig k v il l e Heritage ^^îSociety · 2020. 2. 6. · M a r r ig k v il l e Heritage ^^îSociety Covering Dulwich Hill, Enmore, Lewisham, fl? Sydenham, Tempe, & parts of Newtown,

O R IG IN A L Genetic population structure and A R T …...O R IG IN A L A R T IC L E Genetic population structure and distribution of a fungal polypore, Datronia caperata (Polyporaceae),

D IG IT A L C A M E R A DP70 - rruff.info

IG-DC2E IG-DC2B

Dunham-Bush Centrifugal Liquid Chiller - Jmaterialsjmaterials.com/assets/brochures/Dunham-Bush Centrifugal Chiller.pdf · GV = 5 0 d g r ee s IG V = 30 de g r e e s IG V= 2 0 d e

APRIL 1 – SEPTEMBER 30, 2015 SEMIANNUAL REPORT R… · during this reporting period ... integration objectivity accountability diversity discipline front office ig, deputy ig, general

FOR INERT GAS SYSTEM IG 100 – IG 01 – IG 55 – IG 541 · system design of gas extinguishing systems for IG‐541 extinguishant” Components used in the system that use extinguishing

O R IG IN A L A R T IC L E - University of Cincinnatihomepages.uc.edu/~tepeej/EricTepe/Research-Piper_files/Smith et al-2008_1.pdf · O R IG IN A L A R T IC L E ... Smi th 2006 )

IG/CI ACTIVITIES · Title: IG/CI ACTIVITIES Subject: IG/CI ACTIVITIES Keywords

L IG H T WE A R R A N G E - Face Masks Manufacturers, 3

F ir e f ig h t e r P a r a me d ic ( L a t e r a l) ( R e

Humoral immunity Ig Biosynthesis - KSU › sites › default › files › 7_ig... · Humoral immunity Ig Biosynthesis . Ig genes And generation of diversity . Ig Diversity • We

DatCom FRONIUS IG · - 100 Fronius IG or Fronius IG Plus series inverters (a combination of different types is possible, e.g. IG 15 and IG 60 with an internal and

L RADIATION SHIELDIh IG INFORMATION CENTER OAK RIDGE NATIONAL … · 2002-07-18 · l radiation shieldih ig information center oak ridge national laboratory r w operated by union

T HE R ISE OF B IG B USINESS AKA M ONOPOLIES AKA T RUST