On the Fast Track

Data has been with man since the dawn of time

Today’s integrated systems are generating more data than ever before. For some perspective on just how much data we’re talking about, consider that from the dawn of civilization to 2003, humankind created two exabytes of data. Since 2012, it’s estimated that five exabytes of data are being generated every single day by internet-connected devices and this number continues to grow. In addition to computers, tablets and smartphones, we’re also surrounded by a wide variety of other Internet-connected objects including refrigerators that can alert us when we’re almost out of milk or cars that can send an email when windshield washer fluid is low.

These are just a few examples of the expanding number of objects in our daily lives that are equipped with an IP address and integrated sensors that allow them to communicate. Technologies like GPS and RFID also help to connect these objects in an expanding network known as the Internet of Things (IoT).

Security technologies also are part of the IoT and contribute to the amount of data that’s created. A typical VMS, for example, may record 200 frames per second of surveillance video, while a large, distributed access control system may record thousands of transactions per minute during certain times of day. This is excellent data to have available, but the challenge is the tremendous quantity of data to be processed. In some ways, the term big data doesn’t come close to describing just how much is out there.

For an incident management system, the key is sifting through all the data produced by these connections and identifying the most relevant information for analysis. However, given the almost incomprehensible amount of data that’s created every day, that task of identifying, extracting, and analyzing the right data is a tremendous challenge.

In addition to massive data sets, how systems integrate with each other has also changed drastically in recent years. At one time, the paradigm was that one system would connect to another in a linear fashion to facilitate a simple data exchange.

Today, these integrations are much more complex and flow in multiple directions simultaneously as systems constantly communicate and share data with each other. This new data model can be termed HV3, which stands for high volume, high velocity, and high variety. All these systems and source points are generating huge numbers of transactions and other data creation events, which are happening very fast on a constant basis. As more and more devices are connected to the internet, those five exabytes of data we currently generate per day will only continue to grow.

It’s important to note that data is not information. Whether big or small, data is simply binary. In order to understand it and make knowledge-based decisions, data needs to be extracted, analyzed and visualized to solve a puzzle. Under the linear paradigm, data produced by machines and systems would be seen and evaluated by a human, who would draw conclusions based on what they saw and understood within the data. This meant the greatest challenge was to identify and collect relevant data for human analysis. What hasn’t changed is security practitioners’ need to proactively analyze information streams to detect, prevent, and solve issues. That is made more difficult with the HV3 model because there is so much data available that it’s no longer possible to process it using traditional methods and applications. Fortunately, there are innovative new tools available that more effectively and efficiently extract and analyze incident-related data and turn it into usable intelligence to help organizations predict vulnerabilities to mitigate or eliminate threats.

During the response and recovery phase, an organization collects data about an incident from multiple systems and sources and funnels it into an incident management solution, where it is analyzed for indicators or anomalies that help determine why the incident occurred in the first place.

The intelligence gleaned from the data is then shared with departments within an organization, management, and even outside organizations like public safety entities. Using the intelligence generated by data analysis, an organization can then implement protocols, change processes and procedures and educate employees to help prevent similar incidents from occurring in the future.

Incident management comprises four steps: plan and prepare, identify and respond, document and collaborate, and analyze. For every incident, there are patterns and points of reference that precipitate the actual event. These may include someone suddenly coming in to work earlier and staying later or accessing particular information frequently and for longer than normal periods of time, or may be the seemingly simple act of a door being propped open. Advanced incident management tools bring all that incident-related data that’s been collected from multiple sources and systems together, as the solution reviews the datasets to look for commonalities and identify relationships between occurrences.

Those relationships are not always obvious to a human and may not even occur at a single site, but they are discoverable by the algorithms within the software solution. By analyzing data on a global scale, incident management solutions identify specific events, activities and occurrences that have something in common. Those commonalities paint a picture of a potential threat, hazard, or vulnerability. The information is then used to identify patterns and anomalies that normally precipitate an incident, which are instrumental in instituting processes that allow incident management tools to identify a potential occurrence before it occurs, rather than detecting an event as it is happening.

Incident management also automates these tasks, allowing intelligence to be developed much more efficiently and effectively than human analysis. Data is collected immediately, creating a record of an event, such as an unauthorized access attempt, that may signal the beginning of the type of pattern that could lead to a threat occurring. If an organization relies on human analysis, this type of needle in the haystack might have been missed. With automated software solutions, the software does the work of gathering data from any system or sensor for later use.

For security practitioners, awareness is the main key to incident management and risk mitigation. Despite the sheer amount of data available today, collecting and analyzing the relevant information is crucial for managing threats and vulnerabilities, so it’s important to not only understand but embrace the HV3 data model created by the complex integration and data flow among people and the growing number of internet-connected devices and systems.

There is no need to fear the mountain of data. It’s also important to understand that these functions cannot be adequately performed by humans only. Having an advanced incident management system that automates data management and analysis in your security toolbox ensures that raw data is transformed into the actionable intelligence necessary to mitigate and prevent incidents from occurring in the first place, ensuring a higher level of safety and security for organizations.

This article originally appeared in the February 2015 issue of Security Today.

Featured

  • 7 Reasons Why Governments Need to Regulate AI

    Recently, Elon Musk unveiled two remarkable AI applications. A humanoid robot named Optimus, with its remarkable human-like speech and movements, and a fully autonomous car, absent steering wheel and pedals, called Cybercab. While these examples represent a broad trend of AI integration across industries, they highlight technology’s transformative potential, prompting a need for regulation to ensure it is used responsibly, securely and ethically. Read Now

  • OR Code Phishing on the Rise According to New Report

    KnowBe4 recently released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts. KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Read Now

  • United HealthCare CEO Killed in Targeted Attack in New York City

    United HealthCare CEO Brian Thompson was killed in a targeted attack early Wednesday in Manhattan Read Now

  • Theft, Crime Driving Retail Workers to Look for New Jobs

    More than four in ten retail workers in the U.S. say they are likely to leave their current job in the next 12 months due to personal safety concerns, according to new research conducted by the Loss Prevention Research Council (LPRC) in partnership with Verkada. Read Now

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3