SAS® Cybersecurity Features
Flexible network device and entity analytics powered by machine learning and AI
- Analyzes network activity by continuously calculating more than 70 device behavior analytics.
- Provides out-of-the-box, extensible analytics based on NetFlow, authentication, web proxy, DNS, DHCP and endpoint data.
- Enables custom model development with an open, Jupyter Notebook and Python-based analytics processing architecture.
- Uses SAS Viya technology, including the CAS high-performance in-memory analytic engine for analytics processing.
- Calculates and compares device values to peer devices or all devices in the organization with a full suite of comparison analytics.
- Identifies domain generation algorithm (DGA) activity and specific variants using deep learning neural networks.
- Uses statistical time series models for analyzing device behavior over time to spot possible compromise or potential malicious activity (e.g., DDoS attacks).
- Device interactions – ports, hosts and other variables – analyzed for rarity with respect to peer groups or overall, which may indicate bot command and control exfiltration, or high-risk user behavior.
- Detects overall unusual patterns of behavior with anomaly detection analytics that use deep learning neural networks, principal components analysis and SAS Cybersecurity-specific algorithms.
- Captures discrete events, such as unsuccessful authentication attempts, in security events to give investigator key activity markers when examining other behavior analytics.
- Locates security events quickly by date or perceived risk.
- Enables review of analytical, graphical and unprocessed (raw) event data.
- Lets you create cases for managing and tracking event remediation.
- Provides searchable case records for historical reference.
- Shows security events in full context with diverse network data.
Prebuilt, intuitive management dashboards
- Lets you monitor organizational efficiency and system performance using easy-to-understand key performance indicator (KPI) reports.
- Provides audit reports of system activity relative to entities or network access.
Network device inventory
- Provides an up-to-the-minute list of all connected devices in the network.
- Identifies network devices currently online.
- Quickly identifies devices with incomplete SAS Cybersecurity profiles.
- Detects previously unknown devices on the network.
High-performance, applied machine learning and AI through SAS® Viya®
- Provides enhanced AI capabilities, such as automation for built-in intelligence, simplicity, collaboration and transparency.
- Includes embedded machine learning attributes that make predictions more explainable, transparent and accountable.
- Ensures low latency in delivering results through distributed, in-memory processing.
- Sustains high availability with self-healing mechanisms, delivering uninterrupted protection for 24/7 uptime in cloud, on-site and hybrid deployments.
- Supports multitenancy deployment, allowing for a shared software stack to securely support isolated tenants.
- Consolidates historical data from internal and external sources for analysis and investigation.
- Reduces or eliminates data issues with automated, built-in data quality tools.
- Seamlessly integrates with third-party applications.
- Provides an interactive, self-service environment for accessing, blending, shaping and cleansing data for reporting and analysis.
- Provides self-service access designed for business analysts, citizen data scientists and other nontechnical users.
Custom detection model development with modern machine learning algorithms
- Provides access to a broad set of modern statistical, machine learning, deep learning and text analytics algorithms in a single environment.
- Lets you test multiple modeling approaches in a single run.
- Reduces false positives by comparing multiple supervised learning algorithms with standardized tests.
- Provides multiple analytical capabilities – clustering, multiple types of regressions, decision forests, gradient boosting models, support vector machines, neural networks, Bayesian networks and more.
- Automatically locates and analyzes sentiment from text sources, including Facebook, Twitter, Google Analytics, YouTube comments and more.
Rule and analytic model management
- Lets you logically manage rules, models and alerts for investigators.
- Ensures ongoing, robust model tracking and governance as more models are developed, published and deployed.
Self-service data visualization
- Enables business and technical users to visually explore data to discover trends and outliers using box plots, heat maps, network diagrams, geographical map views, decision trees and more.
- Lets you add content from data visualizations and the web to reports.
- Enables reports to be distributed as PDFs or secure emails – as one-time reports or at recurring, scheduled intervals.
Diverse deployment options
- Across distributed servers for scalability.
- On enterprise, private, public or hybrid cloud infrastructures.
- As a SAS managed software as a service (SaaS).
- As a Cloud Foundry platform as a service (PaaS) to support multiple cloud providers.
Integration with McAfee® Data Exchange Layer (DXL)
- Incorporates data from McAfee DXL data into the device risk scoring process.
- Makes the results and underlying enriched data available to McAfee® ePolicy Orchestrator®, McAfee® Enterprise Security Manager, McAfee® Active Response and third-party DXL-compatible solutions for further analysis.