Intelligence Driven

Don’t be caught by surprise in your security operations

• By John Goolgasian
• May 01, 2018

Whether you’re a government, corporate or nonprofit organization the enemy of security operation is surprise. Surprise causes losses: losses in revenue, losses in operational agility and even loss of life. In the data age, it seems impossible that very much is unknowable, but there is a vast gap between knowable in theory and known when you need to know it. Like opportunity, security is a factor of time and place. With data, analysts can pull together a crisp picture of the security profile of a place in the time that matters, but it takes understanding how to handle the millions of data points among which that picture sits.

Too often today, most security operations are not taking advantage of the available data to drive physical and operational security. Those that have discovered the value of data analytics are primarily using single sources of information or multiple sources that are not integrated into a fulsome security awareness picture that would enable them to make smart decisions protecting life, property and operations. There are three primary inhibitors to making data driven decisions:

Volume. The shear amount of content available at once is both impressive and overwhelming. Industrial age processes that require heavy human touch are no longer a valid way to make smart decisions— there is too much data and not enough people.

Variety. Most security operation centers today are not taking advantage of the variety of content needed, and available, to make smart data driven decisions. All too often there is an overreliance on single sources of information like social media that paint only a portion of the picture.

Veracity. Deciding what data you can trust, you are comfortable making a decision with can be a job unto itself, and the answer isn’t always black and white. Information can be very useful in one context and completely useless in another.

How a chief security officer decides what is best for their operations, what data is needed and what systems are needed to analyze that data is now as important as what people to hire to execute those decisions. Whether you’re running a global, regional or local operation, the content and analytics needed to ensure the safety and security of your operations and your people has never been more critical. To meet the needs of global postindustrial businesses a modern, postindustrial security approach is needed that is driven by smart multi-variant data analytics.

A Two-Stage Plan for Data-Driven Security

Data is abundant, and taken all together, largely meaningless. What you do with it is the real value, and knowing when that data is valuable is priceless. Detailed below is a twostage plan for bringing the right data to bear on security decisions, each using the right datasets and technology to solve the specific tasks of situation discover and investigation.

Stage one is alerting. In the fast sea of data, there is a signal that can drive awareness of looming concerns, along with enough noise to overwhelm nearly any attempt to parse that signal out. In a single day, the amount of social and news media that could affect security operations of a single location is in the millions. Add to that more continuous data from IoT devices and security cameras and the problem quickly surpasses human scale solutions.

At this stage, the goal is two-fold: building systems to identify patterns that point to risks and selecting the right kinds of data to feed into those systems.

The second part is easier to tackle first. What data really matters? Plainly stated, there is an overreliance on social media right now. It is understandable that this is a natural first foray into data-driven security because the needed search and sorting tools are easy to find, but too many operations are using social media as their primary, and in some cases only, mass market data source. While incredibly important to understanding breaking events, local and regional attitude and brand management, social media is a biased data source and can skew security operations.

A system of integrated social media, news media, IoT, security and web cameras, crowd sourced data and even data from satellites such as imagery and radio frequency signal can supercharge global security operations and move you closer to an intelligence driven security operations center. Using a system or platform that automates the integration of security related content with artificial intelligence models that enable your officers to have persistent knowledge of potential threats to your operations will drive smarter decisions and save resources.

However, simply adding more data does not equal enhanced security. Analysts of all stripes, from military intelligence to business to security operations, find themselves overwhelmed with the sheer volume of data that is available. As John Coyne noted, “Sifting through that deluge of data in the required timeframes is now, more often than not, beyond the capacity of a single intelligence professional.”

This brings us back to the first part of our alerting goal. In commercial and government settings, operations get bogged down by the very data that could empower them. As with many other uses of big data, it takes well-trained machines to identify the data that matters, and fast enough to make that data useful.

Artificial intelligence (AI) and machine learning, specifically anomaly detection algorithms and risk models, enable one officer to do the work of ten by driving them to the most important content and help them look where they didn’t know to look.

Automated natural language processing and generation enable operations to instantaneously prepare reports that would take hours to days using traditional methods. These artificial intelligence algorithms are being utilized today in business intelligence processes and will also revolutionize intelligence driven security operations—speed and accuracy will drive security decisions just as speed and accuracy drive financial investment decisions.

Stage two is drill down. Red flags are vitally important, but alone, they are like a trigger without ammunition. Analysts need the tools to investigate situations these red flags point to. This is where social media is particularly unreliable on its own. For example, a dozen tweets about an earthquake in the region of a strategic asset is valuable, but those people do not share your interest in that asset. It takes multi-variant analysis to look into the wellbeing of your charge. A scan of webcams, mobile phone data or IoT data could be required to know exactly what is called for in a situation where nearly any outcome is possible.

This is less of a big data challenge and more a challenge of immediate access. How can you find the webcam view you need fastest. Here systems must be built to offer up relevant resources by place. The drill down time is entirely a factor of knowing how to find the feeds that will confirm the status of what matters to you. By mapping feeds that are locked in place and using geospatial intelligence to pinpoint movable sources, analysts can dispense with nearly everything that is irrelevant and focus their energy and time on the handful of sources that might prove useful.

The Technology is In Use Today

The tools to attack this two-stage strategy are not science fiction. AI and geospatial intelligence are both mature, if also quickly developing technologies that have found countless other uses, but are just now being applied together to address security issues.

AI can detect patterns that have gone unnoticed by experts, because they don’t have the time and resources to sift through all available data. AI is not a replacement for a trained officer but helps focus them, drives them to the more relevant information, informs them of activities that would have gone unnoticed and gives them the abilities of 10 analysts. Even better, platforms and algorithms that are able to alert to new problems as they arise, making operations centers aware of issues that otherwise would have been lost in noise should be the standard.

Geolocation is widely used today for applications as mundane as offering a coupon for a latte to people as they enter a Starbucks. In more security minded applications, geospatial intelligence was used to help find Osama bin Laden. When used together, AI and geospatial location paired with a smart plan of attack can dramatically increase the power of analysts to know the previously unknown, and in enough time to make a dramatic difference in security outcomes.

This article originally appeared in the May 2018 issue of Security Today.