As a software and data service provider to some of the biggest commercial real estate organizations in the world, including banks and pension funds, Toronto-based Altus Group has a strong IT security strategy.
But it found extra oversight on internal processes proved worthwhile.
It came from being an early adopter of SAS Cybersecurity from SAS Institute, a suite to be officially released Nov. 16 that analyzes network traffic for unusual behaviour of employees or threat actors who have gained internal access — for example, having multiple IP addresses open on a PC.
SAS says the agentless solution watches for hidden patterns and relationships between devices on the network that suggests malicious activity, such as a PC in the human resources department trying to access a customer database.
“We’ve done a fairly good job of defending our assets with traditional perimeter approaches,” Altus CEO Robert Courteau said in an interview Wednesday, which “usually has been oriented to stopping that behaviour.”
But earlier this year the company’s CIO learned about the upcoming solution at a conference and thought it might benefit the organization.
It was installed in the late summer on an instance of Amazon Web Services (AWS), which not only helped speed implementation it also made the suite accessible to Altus’ 80 servers in 25 offices around the world.
Courteau said the solution uses analytics with security protocols that allows for constant network monitoring based on exception rules. It can identify areas of an enterprise where “different or unique things are happening that could be considered a problem from a security perspective.”
Altus had processes for identifying, for example, if staff were accessing inappropriate Web sites. “But a lot of that was after the fact,” Corteau said. “What you get with this kind of system is the ability to see it in process.”
Because financial institutions are customers Altus is regularly audited, he said, “but this takes it to another level.”
For example Altus discovered “some isolated cases where people were storing data in environments that we didn’t feel met our standard,” although nothing that amounted to criminal behaviour.
One concern was whether SAS Cybersecurity would have an impact on network performance, Courteau said, “but that has proven to not be an issue for the work we’ve done so far.” Nor has Altus had to increase its IT security staff of three to interpret the suite’s output.
“We’re really trying to solve the nine-month problem,”of attackers (external or internal) gaining access to a network and then spending months undetected looking around,” Bryan Harris, SAS’s director or research and development for cyber analytics, said in an interview.
On installation the solution discovers all client machines and then watches communications to between them to see “who is talking to who.” Over time it learns what is normal device behaviour between lines of business and creates a risk score. The IT security team can hone the score through filtering. Harris said the solution can process as many as 10 billion records a day on a rack of servers.
No pricing details were released.