As a software and data service provider to some of the biggest commercial real estate organizations in the world, including banks and pension funds, Toronto-based Altus Group has a strong IT security strategy.
But it found extra oversight on internal processes proved worthwhile.
It came from being an early adopter of SAS Cybersecurity from SAS Institute, a suite to be officially released Nov. 16 that analyzes network traffic for unusual behaviour of employees or threat actors who have gained internal access โ for example, having multiple IP addresses open on a PC.
SAS says the agentless solution watches for hidden patterns and relationships between devices on the network that suggests malicious activity, such as a PC in the human resources department trying to access a customer database.
โWeโve done a fairly good job of defending our assets with traditional perimeter approaches,โ Altus CEO Robert Courteau said in an interview Wednesday, which โusually has been oriented to stopping that behaviour.โ
But earlier this year the companyโs CIO learned about the upcoming solution at a conference and thought it might benefit the organization.
It was installed in the late summer on an instance of Amazon Web Services (AWS), which not only helped speed implementation it also made the suite accessible to Altusโ 80 servers in 25 offices around the world.
Courteau said the solution uses analytics with security protocols that allows for constant network monitoring based on exception rules. It can identify areas of an enterprise where โdifferent or unique things are happening that could be considered a problem from a security perspective.โ
Altus had processes for identifying, for example, if staff were accessing inappropriate Web sites. โBut a lot of that was after the fact,โ Corteau said. โWhat you get with this kind of system is the ability to see it in process.โ
Because financial institutions are customers Altus is regularly audited, he said, โbut this takes it to another level.โ
For example Altus discovered โsome isolated cases where people were storing data in environments that we didnโt feel met our standard,โ although nothing that amounted to criminal behaviour.
One concern was whether SAS Cybersecurity would have an impact on network performance, Courteau said, โbut that has proven to not be an issue for the work weโve done so far.โย Nor has Altus had to increase its IT security staff of three to interpret the suiteโs output.
โWeโre really trying to solve the nine-month problem,โof attackers (external or internal) gaining access to a network and then spending months undetected looking around,โ Bryan Harris, SASโs director or research and development for cyber analytics, said in an interview.
On installation the solution discovers all client machines and then watches communications to between them to see โwho is talking to who.โ Over time it learns what is normal device behaviour between lines of business and creates a risk score. The IT security team can hone the score through filtering. Harris said the solution can process as many as 10 billion records a day on a rack of servers.
No pricing details were released.
Related Download
Sponsor: Unitrends
5 Ways Disaster Recovery is Like Jack Bauer
5 Ways Disaster Recovery is Like Jack Bauer, a fun and informative whitepaper from Unitrends, looks at how to start thinking of disaster recovery in terms of the butt-kicking hero of 24.
Register Now