SAS is fighting online fraud. In Cary, that means more jobs.

Cary-based SAS has set up a new Fraud and Security Intelligence division.
Cary-based SAS has set up a new Fraud and Security Intelligence division. SAS

Fighting crime of various sorts is already been a growth industry for Cary software giant SAS, but it sees even more possibilities and has set up a new division to spearhead the effort.

The new "Fraud and Security Intelligence" division at SAS is also slated to get some reinforcements, via a 100-person staff expansion that will unfold in the coming three years. About half the new hires will work here in North Carolina, said Stu Bradley, vice president of the division.

Its software offerings focus on helping companies and governments detect and stop fraud, money laundering, network hacks and other malfeasance.

They already had been "one of the fastest-growing and most successful solution portfolios within SAS for quite some time," said Bradley, who'd previously headed the cybersecurity portion of the new division.

Now SAS officials have decided there's enough potential for growth in the field that it's worth investing more money in it. The job now is to deliver that growth, keep customers happy and "bring new and innovative products to the marketplace," Bradley said.

SAS is famously a N.C. State University spinoff that developed a namesake package of statistical-analysis software, one that quickly became an industry standard in academia and business.

Its offerings have evolved over the years, toward the sort of data analytics that in the case of Bradley's division help clients monitor large, fast-moving data streams for unusual patterns that can tip them off to attempted crimes.

For example, a government tax office may find it's easier with computing horsepower and the appropriate software to notice that a stack of a couple thousand tax filings all came from a single internet address, and that they claim similar sorts of deductions, and thus flag them for closer scrutiny or even audits.

The problem SAS and its clients now need to overcome is that the various watchdog groups in business or government operations don't necessarily communicate well with each other, Bradley said.

"Our customers are viewing the same data in different environments and struggling to leverage the insights they're generating across these different organizational silos," he said. "If we as an industry are going to get more proactive about addressing the risks we face, we need to break down those silos."

SAS officials think they have some competitive advantages in a crowded field, namely a set of software offerings built around the same core code. That helps keep costs under control, and makes it easier for customers to find employees familiar with how to work with those tools.

Depending on the field, potential competitors include companies like IBM, another tech giant with a big Triangle presence, and West Coast players like Amazon and Google that are putting money into analytics in hopes of safeguarding their cloud-computing offerings, Bradley said.

And the problem everyone has to deal with is that criminals adapt, often more quickly than private or public bureaucracies can.

"It never ceases to amaze me how quickly the threat landscape changes," Bradley said. "The typical approach organizations take is that when they find a risk, they plug the risk. That has proven unsuccessful. So we need to take a different approach, where we start to get proactive about identifying how those risks are going to change and identifying where the new vulnerabilities exist."

Ray Gronberg: 919-419-6648, @rcgronberg