On the Fast Track

Data has been with man since the dawn of time

Today’s integrated systems are generating more data than ever before. For some perspective on just how much data we’re talking about, consider that from the dawn of civilization to 2003, humankind created two exabytes of data. Since 2012, it’s estimated that five exabytes of data are being generated every single day by internet-connected devices and this number continues to grow. In addition to computers, tablets and smartphones, we’re also surrounded by a wide variety of other Internet-connected objects including refrigerators that can alert us when we’re almost out of milk or cars that can send an email when windshield washer fluid is low.

These are just a few examples of the expanding number of objects in our daily lives that are equipped with an IP address and integrated sensors that allow them to communicate. Technologies like GPS and RFID also help to connect these objects in an expanding network known as the Internet of Things (IoT).

Security technologies also are part of the IoT and contribute to the amount of data that’s created. A typical VMS, for example, may record 200 frames per second of surveillance video, while a large, distributed access control system may record thousands of transactions per minute during certain times of day. This is excellent data to have available, but the challenge is the tremendous quantity of data to be processed. In some ways, the term big data doesn’t come close to describing just how much is out there.

For an incident management system, the key is sifting through all the data produced by these connections and identifying the most relevant information for analysis. However, given the almost incomprehensible amount of data that’s created every day, that task of identifying, extracting, and analyzing the right data is a tremendous challenge.

In addition to massive data sets, how systems integrate with each other has also changed drastically in recent years. At one time, the paradigm was that one system would connect to another in a linear fashion to facilitate a simple data exchange.

Today, these integrations are much more complex and flow in multiple directions simultaneously as systems constantly communicate and share data with each other. This new data model can be termed HV3, which stands for high volume, high velocity, and high variety. All these systems and source points are generating huge numbers of transactions and other data creation events, which are happening very fast on a constant basis. As more and more devices are connected to the internet, those five exabytes of data we currently generate per day will only continue to grow.

It’s important to note that data is not information. Whether big or small, data is simply binary. In order to understand it and make knowledge-based decisions, data needs to be extracted, analyzed and visualized to solve a puzzle. Under the linear paradigm, data produced by machines and systems would be seen and evaluated by a human, who would draw conclusions based on what they saw and understood within the data. This meant the greatest challenge was to identify and collect relevant data for human analysis. What hasn’t changed is security practitioners’ need to proactively analyze information streams to detect, prevent, and solve issues. That is made more difficult with the HV3 model because there is so much data available that it’s no longer possible to process it using traditional methods and applications. Fortunately, there are innovative new tools available that more effectively and efficiently extract and analyze incident-related data and turn it into usable intelligence to help organizations predict vulnerabilities to mitigate or eliminate threats.

During the response and recovery phase, an organization collects data about an incident from multiple systems and sources and funnels it into an incident management solution, where it is analyzed for indicators or anomalies that help determine why the incident occurred in the first place.

The intelligence gleaned from the data is then shared with departments within an organization, management, and even outside organizations like public safety entities. Using the intelligence generated by data analysis, an organization can then implement protocols, change processes and procedures and educate employees to help prevent similar incidents from occurring in the future.

Incident management comprises four steps: plan and prepare, identify and respond, document and collaborate, and analyze. For every incident, there are patterns and points of reference that precipitate the actual event. These may include someone suddenly coming in to work earlier and staying later or accessing particular information frequently and for longer than normal periods of time, or may be the seemingly simple act of a door being propped open. Advanced incident management tools bring all that incident-related data that’s been collected from multiple sources and systems together, as the solution reviews the datasets to look for commonalities and identify relationships between occurrences.

Those relationships are not always obvious to a human and may not even occur at a single site, but they are discoverable by the algorithms within the software solution. By analyzing data on a global scale, incident management solutions identify specific events, activities and occurrences that have something in common. Those commonalities paint a picture of a potential threat, hazard, or vulnerability. The information is then used to identify patterns and anomalies that normally precipitate an incident, which are instrumental in instituting processes that allow incident management tools to identify a potential occurrence before it occurs, rather than detecting an event as it is happening.

Incident management also automates these tasks, allowing intelligence to be developed much more efficiently and effectively than human analysis. Data is collected immediately, creating a record of an event, such as an unauthorized access attempt, that may signal the beginning of the type of pattern that could lead to a threat occurring. If an organization relies on human analysis, this type of needle in the haystack might have been missed. With automated software solutions, the software does the work of gathering data from any system or sensor for later use.

For security practitioners, awareness is the main key to incident management and risk mitigation. Despite the sheer amount of data available today, collecting and analyzing the relevant information is crucial for managing threats and vulnerabilities, so it’s important to not only understand but embrace the HV3 data model created by the complex integration and data flow among people and the growing number of internet-connected devices and systems.

There is no need to fear the mountain of data. It’s also important to understand that these functions cannot be adequately performed by humans only. Having an advanced incident management system that automates data management and analysis in your security toolbox ensures that raw data is transformed into the actionable intelligence necessary to mitigate and prevent incidents from occurring in the first place, ensuring a higher level of safety and security for organizations.

This article originally appeared in the February 2015 issue of Security Today.


  • Cloud Adoption Gives Way to Hybrid Deployments

    Cloud adoption is growing at an astonishing rate, with Gartner forecasting that worldwide public cloud end-user spending will approach $600 billion by the end of this year—an increase of more than 21% over 2022. McKinsey believes that number could eclipse $1 trillion by the end of the decade, further underscoring the industry’s exponential growth. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • Securing the Future

    In an increasingly turbulent world, chief security officers (CSOs) are facing a multitude of challenges that threaten the stability of businesses worldwide. Read Now

    • Guard Services
  • Security Entrances Move to Center Stage

    Most organizations want to show a friendly face to the public. In today’s world, however, the need to keep people safe and secure has become a prime directive when designing and building facilities of all kinds. Fortunately, there is no need to construct a fortress-like entry that provides that high level of security. Today’s secured entry solutions make it possible to create a welcoming, attractive look and feel at the entry without compromising security. It is for this reason that security entrances have moved to the mainstream. Read Now

Featured Cybersecurity

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • ResponderLink


    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3