DALLAS – At its annual global forum event here, SAS Institute is focusing the spotlight on analytics and how it can be used to thwart cyber attacks and help organization combat fraud.
The enterprise software maker introduced today its new SAS Cybersecurity and SAS Model Risk Management solutions.
SAS Cybersecurity, which is in limited release now and generally available in fourth quarter 2015, uses advanced analytics to understand the normal business behavior of each system by analyzing daily network transactions correlated with business contextual information. The solution optimizes, then analyzes, data in real time to capture a continuous picture of active security risks.
SAS Model Risk Management is a new model-governance solution that provides a complete and detailed view of all risk models within the bank. The solution provides transparency on any model’s weaknesses or results produced by model usage.
Many security solution vendors are concentrating on endpoint protection but there is a gap in the market for solutions that detect cyber threats that have already entered the network, according to Bryan Harris, director of research and development for cyber- analytics at SAS.
“Attackers are able to hide inside their target systems upwards of nine months without being detected,” he said. “During this time, attackers are able to sift through and snatch sensitive data.”
The use of analytics to identify cyber attacks will become very important in the enterprise space in the near future, according to analyst firm IDC.
For instance, in the utility and energy industry, the firm’s research found that predictive analytics was critical in advancing a wide array of cyber mandates, including regulatory compliance.
For organizations in the finance industry, cyber security remains a top agenda. IDC predicts that businesses in this sector will spend more than US$40 billion in 2015 on managing operational risks and cyber threats.
The firm estimates that $27.4 billion of that amount will be earmarked for IT expenditures on information security and fraud.
For example, banks are increasingly finding that effective management of their analytic model inventory – including understanding model relationships and bank-specific workflows for improved model life cycle – is a critical component to meeting regulatory requirements and meeting business needs, according to Michael Versace, global research director for risk and digital strategy at IDC Financial Insights.
“Model governance must become a fundamental element – a standard operating procedure – for chief risk and compliance officers in our industry,” said Versace. “An enterprise approach to model risk management that supports all risk categories is an innovation necessity for regulated entities in all financial sectors and for firms of all sizes.”
SAS Model Risk Management will help banks break their dependence on disparate ad hoc solutions, according to the software vendor. The solution provides a comprehensive, aggregated view of model risk to manage model lifecycle workflow.
The new solution centralizes model-inventory management, including document management and source code control with decentralized access and a complete model-validation process.
With SAS Model Risk Management, institutions can organize and manage their models, assist in the complete validation cycle, and manage change requests, usage tracking, ad hoc correspondence and model-related issues. The solution enables banks to perform policy and exception management for an effective challenge and remediation plans with documentation and customizable workflows.
“Regulators, as well as executive management teams, are increasingly scrutinizing how banks develop, validate, approve and implement risk performance models,” said Troy Haines, senior vice president of risk research and quantitative solutions at SAS. “SAS Model Risk Management helps firms address both regulatory and business-as-usual model governance requirements.”