Intelligence Driven
Don’t be caught by surprise in your security operations
- By John Goolgasian
- May 01, 2018
Whether you’re a government, corporate or nonprofit
organization the enemy of security operation is surprise.
Surprise causes losses: losses in revenue, losses
in operational agility and even loss of life. In the data
age, it seems impossible that very much is unknowable, but there is a
vast gap between knowable in theory and known when you need to
know it. Like opportunity, security is a factor of time and place. With
data, analysts can pull together a crisp picture of the security profile
of a place in the time that matters, but it takes understanding how
to handle the millions of data points among which that picture sits.
Too often today, most security operations are not taking advantage
of the available data to drive physical and operational security.
Those that have discovered the value of data analytics are primarily
using single sources of information or multiple sources that are
not integrated into a fulsome security awareness picture that would
enable them to make smart decisions protecting life, property and
operations. There are three primary inhibitors to making data driven
decisions:
Volume. The shear amount of content available at once is both
impressive and overwhelming. Industrial age processes that require
heavy human touch are no longer a valid way to make smart decisions—
there is too much data and not enough people.
Variety. Most security operation centers today are not taking advantage
of the variety of content needed, and available, to make smart
data driven decisions. All too often there is an overreliance on single
sources of information like social media that paint only a portion of
the picture.
Veracity. Deciding what data you can trust, you are comfortable
making a decision with can be a job unto itself, and the answer isn’t
always black and white. Information can be very useful in one context and completely useless in another.
How a chief security officer decides what
is best for their operations, what data is needed
and what systems are needed to analyze
that data is now as important as what people
to hire to execute those decisions. Whether
you’re running a global, regional or local operation,
the content and analytics needed to
ensure the safety and security of your operations
and your people has never been more
critical. To meet the needs of global postindustrial
businesses a modern, postindustrial
security approach is needed that is driven by
smart multi-variant data analytics.
A Two-Stage Plan for
Data-Driven Security
Data is abundant, and taken all together,
largely meaningless. What you do with it is
the real value, and knowing when that data is
valuable is priceless. Detailed below is a twostage
plan for bringing the right data to bear
on security decisions, each using the right
datasets and technology to solve the specific
tasks of situation discover and investigation.
Stage one is alerting. In the fast sea of
data, there is a signal that can drive awareness
of looming concerns, along with enough
noise to overwhelm nearly any attempt to
parse that signal out. In a single day, the
amount of social and news media that could
affect security operations of a single location
is in the millions. Add to that more continuous
data from IoT devices and security cameras
and the problem quickly surpasses human
scale solutions.
At this stage, the goal is two-fold: building
systems to identify patterns that point to
risks and selecting the right kinds of data to
feed into those systems.
The second part is easier to tackle first.
What data really matters? Plainly stated, there
is an overreliance on social media right now.
It is understandable that this is a natural first
foray into data-driven security because the
needed search and sorting tools are easy to
find, but too many operations are using social
media as their primary, and in some cases
only, mass market data source. While incredibly
important to understanding breaking
events, local and regional attitude and brand
management, social media is a biased data
source and can skew security operations.
A system of integrated social media, news
media, IoT, security and web cameras, crowd
sourced data and even data from satellites
such as imagery and radio frequency signal
can supercharge global security operations
and move you closer to an intelligence driven
security operations center. Using a system
or platform that automates the integration
of security related content with artificial intelligence
models that enable your officers
to have persistent knowledge of potential
threats to your operations will drive smarter
decisions and save resources.
However, simply adding more data does
not equal enhanced security. Analysts of all
stripes, from military intelligence to business
to security operations, find themselves overwhelmed
with the sheer volume of data that
is available. As John Coyne noted, “Sifting
through that deluge of data in the required
timeframes is now, more often than not,
beyond the capacity of a single intelligence
professional.”
This brings us back to the first part of our
alerting goal. In commercial and government
settings, operations get bogged down
by the very data that could empower them.
As with many other uses of big data, it takes
well-trained machines to identify the data
that matters, and fast enough to make that
data useful.
Artificial intelligence (AI) and machine
learning, specifically anomaly detection algorithms
and risk models, enable one officer
to do the work of ten by driving them to the
most important content and help them look
where they didn’t know to look.
Automated natural language processing
and generation enable operations to instantaneously
prepare reports that would take
hours to days using traditional methods.
These artificial intelligence algorithms are
being utilized today in business intelligence
processes and will also revolutionize intelligence
driven security operations—speed and
accuracy will drive security decisions just as
speed and accuracy drive financial investment
decisions.
Stage two is drill down. Red flags are
vitally important, but alone, they are like a
trigger without ammunition. Analysts need
the tools to investigate situations these red
flags point to. This is where social media is
particularly unreliable on its own. For example,
a dozen tweets about an earthquake
in the region of a strategic asset is valuable,
but those people do not share your interest
in that asset. It takes multi-variant analysis
to look into the wellbeing of your charge. A
scan of webcams, mobile phone data or IoT
data could be required to know exactly what
is called for in a situation where nearly any
outcome is possible.
This is less of a big data challenge and
more a challenge of immediate access. How
can you find the webcam view you need fastest.
Here systems must be built to offer up
relevant resources by place. The drill down
time is entirely a factor of knowing how to
find the feeds that will confirm the status of
what matters to you. By mapping feeds that
are locked in place and using geospatial intelligence
to pinpoint movable sources, analysts
can dispense with nearly everything
that is irrelevant and focus their energy and
time on the handful of sources that might
prove useful.
The Technology is In Use Today
The tools to attack this two-stage strategy are
not science fiction. AI and geospatial intelligence
are both mature, if also quickly developing
technologies that have found countless
other uses, but are just now being applied
together to address security issues.
AI can detect patterns that have gone unnoticed
by experts, because they don’t have
the time and resources to sift through all
available data. AI is not a replacement for a
trained officer but helps focus them, drives
them to the more relevant information, informs
them of activities that would have
gone unnoticed and gives them the abilities
of 10 analysts. Even better, platforms and algorithms
that are able to alert to new problems
as they arise, making operations centers
aware of issues that otherwise would have
been lost in noise should be the standard.
Geolocation is widely used today for applications
as mundane as offering a coupon
for a latte to people as they enter a Starbucks.
In more security minded applications, geospatial
intelligence was used to help find
Osama bin Laden. When used together, AI
and geospatial location paired with a smart
plan of attack can dramatically increase the
power of analysts to know the previously unknown,
and in enough time to make a dramatic
difference in security outcomes.
This article originally appeared in the May 2018 issue of Security Today.