ESG's Jon Oltsik talks with Stu Bradley of SAS Fraud & Security Intelligence, about SOAPA and Security Analytics. This is part 2 of a 2-part series.
Read the related ESG Blog: SOAPA Video with SAS Software
Watch part 1 of this video series: SOAPA Interview with Stu Bradley of SAS Fraud & Security Intelligence Division - Part 1
Jon: We're back for part two of our SOAPA video with Stu Bradley, VP of Fraud & Security Intelligence at SAS. Welcome back.
Stu: Thank you.
Jon: I've got to ask you about readiness. One of the things that SAS talks about is cybersecurity readiness. So what do you mean, and how do you do it?
Stu: A lot of organizations are turning to AI, artificial intelligence, to become more ready, and keep up with some of the changing trends from a security risk and landscape perspective. Where SAS is focusing from a readiness standpoint is ensuring that, like I mentioned before in the first segment, that the models that are built and developed can be deployed very rapidly.
What if we were able to take the typical deployment time frames from three months down to a day or potentially a mouse click? And that's what I mean by ready. It's creating an environment where you can manage your analytics. Support the entirety of that analytic life cycle from how do I integrate data, to how do I build, and simulate, and tune my analytics, to how do I deploy those in a runtime operational environment such that you can get that business value that is so needed within the cyber analytics capability today.
Jon: Yeah, this is why I like talking to you, Stu, and the people at SAS because you're thinking of this in a greater amount of detail because you want the outcomes to be sound from the start. So, with that, you also talk about modularity of your solutions. So what do you mean there?
Stu: Well, if you think about SOAPA, by its very nature, the SOAPA definition is about that integration in a complex vendor ecosystem. Every customer is going to come at a different stage in their overall analytic maturity, and being able to modularize and focus on the data, being able to enrich and process that data such that it's ready for analytics is one of the modules that we offer.
We offer a module of the runtime execution engine that's built on hundreds of our out-of-the-box analytics that can serve as a good baseline for the continued proliferation of those analytics. And the overall analytic workbench, which is that flexible modeling environment that can help build and ultimately deploy those models very, very quickly and efficiently, and ensure that we shorten that time to value.
Jon: Yeah, the time to value is very important, and no one's got the people, no one's got the resources, and they need immediate solutions. So that's got to be very attractive. Now, SOAPA is all about fitting into an architecture or an infrastructure of security tools. How do you bring more value to my existing security infrastructure?
Stu: What's been proven in the marketplace is the efficacy of these static black-box analytics approaches. They've just been proven ineffective over time. They may work initially, but being able to keep up with the ever-changing environment becomes a struggle. And so being able to provide that analytic layer in a holistic way, which also helps address one of the biggest issues we see in the marketplace today… We often talk about the skills gap within security.
There's also a massive skills gap within analytics. And the ability within that analytics layer to provide tools that can help facilitate the analytic roadmap of an organization that are provided to users of a wide range of skill sets such that you can make analytics accessible becomes fundamentally important.
If we expect our security analysts to also be data scientists, we don't have a recipe for success. But if we can arm our security analysts with the power of analytics without needing to know what algorithm they're going to use and how to code that algorithm, we do have a path to a greater degree of success.
Jon: Yeah. So my last question is about maturity. So a lot of what you're talking about is a maturity curve. So where are we today, and where do you see the market going with security analytics over the next, I don't know, 12 to 18 months?
Stu: Well, it's clear that most organizations are in the infancy stage of their analytic maturity. And because of that, it's really important to be able to provide an open and flexible architecture with out-of-the-box analytics to set a solid baseline from which they can grow. And with that baseline, along with the utilities that can be deployed across a wide range of users, gives them the toolbox required to be able to execute towards a roadmap, and continue to mature their skill sets over time.
AI, analytic integration, is going to be fundamentally important. We have seen too many failed analytics research projects. The ability for organizations to code across multiple different languages, leverage analytics from multiple different vendors, and manage that within a single, cohesive ecosystem such that you can manage the deployment, manage the overall efficacy, and the performance and tuning of that environment over time, not only for detection but for the advancements and efficiency in your overall operational processes as well.
Jon: Yeah, I couldn't agree more. So it's analytics for threat detection, but it's also for threat response for automated remediation. So we're just getting started, I agree.
Stu: And you want to do that on a single platform. Why do you want to do that through multiple different capabilities when you can train your limited resources on a single set of analytic capabilities?
Jon: Okay. Well, thank you for coming. And stay tuned for more videos, some more SOAPA videos, coming soon.