One Week Left to Get an 11" iPad Pro with Apple Pencil w/ OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Donít get marooned on Analytic Islands

  • Thursday, January 26, 2017 at 12:00 PM EST (2017-01-26 17:00:00 UTC)
  • Mark Watkinson


  • BAE Systems Applied Intelligence

You can now attend the webcast using your mobile device!



5 years ago the constant drip, drip, drip of breaches hitting the news was evidence of preventive signature based defenses were not working and a move to fast recovery was needed. New approaches were needed, signature-less detection focused on detecting behaviors. But behavioral analytics has significant challenges, particularly the need for more data and the need to control false positives, this meant data from endpoints, network devices and applications. Few companies in Cyber Security have the capabilities to cover all these bases, most are focusing on endpoint, or network or applications or cloud. They are developing analytics to find threats within the data captured by their sensors. With the industry buzzing about analytics, the drive for the vendor community to be able to crow about detection analytics and integrate these into and create platforms has led to a compounding of an old security problem The detection silo or Analytic Islands Detection is best served where analytics can use the widest possible data sources, so multiple analytic platforms are counter-productive. Creating analytic islands, on vendor platforms aligned to types of data will not serve to optimize detection. So how Security Leaders invest? Invest in tools that allow data to be easily moved in and out of their native platforms giving the organization the choice of how best to use it, Invest in tools that allow data to be flexibly retrieved cross infrastructure from Endpoint to cloud Invest in centralized analytic/detection/forensic response capability to support Security operations, and allow better use of human resources Invest in the best detection not in platform siloes but across platform, see the whole campaign and give Incident response the best chance BAE Systems does not build sensors, we build analytics. We work with sensor vendors to use the best of their detection, and ensure we still have access to the full data set so that when we see a new threat we can choose the best way to detect it from all the data.

Speaker Bio

Mark Watkinson

In his role, Mark focuses on Managed Security Services, targeted at meeting the needs of enterprises across numerous vertical markets. Mark is a lifelong information security enthusiast, with over 10 years of security industry experience in various commercial and technical roles. Heís currently engaged with delivering the global roll out of an enhanced range of Enterprise Managed Security services.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.