SAS® Cybersecurity Features

Flexible network device and entity analytics powered by machine learning and AI

  • Analyzes network activity by continuously calculating more than 70 device behavior analytics.
  • Provides out-of-the-box, extensible analytics based on NetFlow, authentication, web proxy, DNS, DHCP and endpoint data.
  • Enables custom model development with an open, Jupyter Notebook and Python-based analytics processing architecture.
  • Uses SAS Viya technology, including the CAS high-performance in-memory analytic engine for analytics processing.
  • Calculates and compares device values to peer devices or all devices in the organization with a full suite of comparison analytics.
  • Identifies domain generation algorithm (DGA) activity and specific variants using deep learning neural networks.
  • Uses statistical time series models for analyzing device behavior over time to spot possible compromise or potential malicious activity (e.g., DDoS attacks).
  • Device interactions – ports, hosts and other variables – analyzed for rarity with respect to peer groups or overall, which may indicate bot command and control exfiltration, or high-risk user behavior.
  • Detects overall unusual patterns of behavior with anomaly detection analytics that use deep learning neural networks, principal components analysis and SAS Cybersecurity-specific algorithms.
  • Captures discrete events, such as unsuccessful authentication attempts, in security events to give investigator key activity markers when examining other behavior analytics.


  • Locates security events quickly by date or perceived risk.
  • Enables review of analytical, graphical and unprocessed (raw) event data.
  • Lets you create cases for managing and tracking event remediation.
  • Provides searchable case records for historical reference.
  • Shows security events in full context with diverse network data.

Prebuilt, intuitive management dashboards

  • Lets you monitor organizational efficiency and system performance using easy-to-understand key performance indicator (KPI) reports.
  • Provides audit reports of system activity relative to entities or network access.

Network device inventory

  • Provides an up-to-the-minute list of all connected devices in the network.
  • Identifies network devices currently online.
  • Quickly identifies devices with incomplete SAS Cybersecurity profiles.
  • Detects previously unknown devices on the network.

High-performance, applied machine learning and AI through SAS® Viya®

  • Provides enhanced AI capabilities, such as automation for built-in intelligence, simplicity, collaboration and transparency.
  • Includes embedded machine learning attributes that make predictions more explainable, transparent and accountable.
  • Ensures low latency in delivering results through distributed, in-memory processing.
  • Sustains high availability with self-healing mechanisms, delivering uninterrupted protection for 24/7 uptime in cloud, on-site and hybrid deployments.
  • Supports multitenancy deployment, allowing for a shared software stack to securely support isolated tenants.

Data management

  • Consolidates historical data from internal and external sources for analysis and investigation.
  • Reduces or eliminates data issues with automated, built-in data quality tools.
  • Seamlessly integrates with third-party applications.
  • Provides an interactive, self-service environment for accessing, blending, shaping and cleansing data for reporting and analysis.
  • Provides self-service access designed for business analysts, citizen data scientists and other nontechnical users.

Custom detection model development with modern machine learning algorithms

  • Provides access to a broad set of modern statistical, machine learning, deep learning and text analytics algorithms in a single environment.
  • Lets you test multiple modeling approaches in a single run.
  • Reduces false positives by comparing multiple supervised learning algorithms with standardized tests.
  • Provides multiple analytical capabilities – clustering, multiple types of regressions, decision forests, gradient boosting models, support vector machines, neural networks, Bayesian networks and more.
  • Automatically locates and analyzes sentiment from text sources, including Facebook, Twitter, Google Analytics, YouTube comments and more.

Rule and analytic model management

  • Lets you logically manage rules, models and alerts for investigators.
  • Ensures ongoing, robust model tracking and governance as more models are developed, published and deployed.

Self-service data visualization

  • Enables business and technical users to visually explore data to discover trends and outliers using box plots, heat maps, network diagrams, geographical map views, decision trees and more.
  • Lets you add content from data visualizations and the web to reports.
  • Enables reports to be distributed as PDFs or secure emails – as one-time reports or at recurring, scheduled intervals.

Diverse deployment options

  • On-site:
    • Across distributed servers for scalability.
  • Cloud:
    • On enterprise, private, public or hybrid cloud infrastructures.
    • As a SAS managed software as a service (SaaS).
    • As a Cloud Foundry platform as a service (PaaS) to support multiple cloud providers.

Integration with McAfee® Data Exchange Layer (DXL)

  • Incorporates data from McAfee DXL data into the device risk scoring process.
  • Makes the results and underlying enriched data available to McAfee® ePolicy Orchestrator®, McAfee® Enterprise Security Manager, McAfee® Active Response and third-party DXL-compatible solutions for further analysis.

Back to Top