Intelligence Driven

Intelligence Driven

Don’t be caught by surprise in your security operations

  • By John Goolgasian
  • May 01, 2018

Whether you’re a government, corporate or nonprofit organization the enemy of security operation is surprise. Surprise causes losses: losses in revenue, losses in operational agility and even loss of life. In the data age, it seems impossible that very much is unknowable, but there is a vast gap between knowable in theory and known when you need to know it. Like opportunity, security is a factor of time and place. With data, analysts can pull together a crisp picture of the security profile of a place in the time that matters, but it takes understanding how to handle the millions of data points among which that picture sits.

Too often today, most security operations are not taking advantage of the available data to drive physical and operational security. Those that have discovered the value of data analytics are primarily using single sources of information or multiple sources that are not integrated into a fulsome security awareness picture that would enable them to make smart decisions protecting life, property and operations. There are three primary inhibitors to making data driven decisions:

Volume. The shear amount of content available at once is both impressive and overwhelming. Industrial age processes that require heavy human touch are no longer a valid way to make smart decisions— there is too much data and not enough people.

Variety. Most security operation centers today are not taking advantage of the variety of content needed, and available, to make smart data driven decisions. All too often there is an overreliance on single sources of information like social media that paint only a portion of the picture.

Veracity. Deciding what data you can trust, you are comfortable making a decision with can be a job unto itself, and the answer isn’t always black and white. Information can be very useful in one context and completely useless in another.

How a chief security officer decides what is best for their operations, what data is needed and what systems are needed to analyze that data is now as important as what people to hire to execute those decisions. Whether you’re running a global, regional or local operation, the content and analytics needed to ensure the safety and security of your operations and your people has never been more critical. To meet the needs of global postindustrial businesses a modern, postindustrial security approach is needed that is driven by smart multi-variant data analytics.

A Two-Stage Plan for Data-Driven Security

Data is abundant, and taken all together, largely meaningless. What you do with it is the real value, and knowing when that data is valuable is priceless. Detailed below is a twostage plan for bringing the right data to bear on security decisions, each using the right datasets and technology to solve the specific tasks of situation discover and investigation.

Stage one is alerting. In the fast sea of data, there is a signal that can drive awareness of looming concerns, along with enough noise to overwhelm nearly any attempt to parse that signal out. In a single day, the amount of social and news media that could affect security operations of a single location is in the millions. Add to that more continuous data from IoT devices and security cameras and the problem quickly surpasses human scale solutions.

At this stage, the goal is two-fold: building systems to identify patterns that point to risks and selecting the right kinds of data to feed into those systems.

The second part is easier to tackle first. What data really matters? Plainly stated, there is an overreliance on social media right now. It is understandable that this is a natural first foray into data-driven security because the needed search and sorting tools are easy to find, but too many operations are using social media as their primary, and in some cases only, mass market data source. While incredibly important to understanding breaking events, local and regional attitude and brand management, social media is a biased data source and can skew security operations.

A system of integrated social media, news media, IoT, security and web cameras, crowd sourced data and even data from satellites such as imagery and radio frequency signal can supercharge global security operations and move you closer to an intelligence driven security operations center. Using a system or platform that automates the integration of security related content with artificial intelligence models that enable your officers to have persistent knowledge of potential threats to your operations will drive smarter decisions and save resources.

However, simply adding more data does not equal enhanced security. Analysts of all stripes, from military intelligence to business to security operations, find themselves overwhelmed with the sheer volume of data that is available. As John Coyne noted, “Sifting through that deluge of data in the required timeframes is now, more often than not, beyond the capacity of a single intelligence professional.”

This brings us back to the first part of our alerting goal. In commercial and government settings, operations get bogged down by the very data that could empower them. As with many other uses of big data, it takes well-trained machines to identify the data that matters, and fast enough to make that data useful.

Artificial intelligence (AI) and machine learning, specifically anomaly detection algorithms and risk models, enable one officer to do the work of ten by driving them to the most important content and help them look where they didn’t know to look.

Automated natural language processing and generation enable operations to instantaneously prepare reports that would take hours to days using traditional methods. These artificial intelligence algorithms are being utilized today in business intelligence processes and will also revolutionize intelligence driven security operations—speed and accuracy will drive security decisions just as speed and accuracy drive financial investment decisions.

Stage two is drill down. Red flags are vitally important, but alone, they are like a trigger without ammunition. Analysts need the tools to investigate situations these red flags point to. This is where social media is particularly unreliable on its own. For example, a dozen tweets about an earthquake in the region of a strategic asset is valuable, but those people do not share your interest in that asset. It takes multi-variant analysis to look into the wellbeing of your charge. A scan of webcams, mobile phone data or IoT data could be required to know exactly what is called for in a situation where nearly any outcome is possible.

This is less of a big data challenge and more a challenge of immediate access. How can you find the webcam view you need fastest. Here systems must be built to offer up relevant resources by place. The drill down time is entirely a factor of knowing how to find the feeds that will confirm the status of what matters to you. By mapping feeds that are locked in place and using geospatial intelligence to pinpoint movable sources, analysts can dispense with nearly everything that is irrelevant and focus their energy and time on the handful of sources that might prove useful.

The Technology is In Use Today

The tools to attack this two-stage strategy are not science fiction. AI and geospatial intelligence are both mature, if also quickly developing technologies that have found countless other uses, but are just now being applied together to address security issues.

AI can detect patterns that have gone unnoticed by experts, because they don’t have the time and resources to sift through all available data. AI is not a replacement for a trained officer but helps focus them, drives them to the more relevant information, informs them of activities that would have gone unnoticed and gives them the abilities of 10 analysts. Even better, platforms and algorithms that are able to alert to new problems as they arise, making operations centers aware of issues that otherwise would have been lost in noise should be the standard.

Geolocation is widely used today for applications as mundane as offering a coupon for a latte to people as they enter a Starbucks. In more security minded applications, geospatial intelligence was used to help find Osama bin Laden. When used together, AI and geospatial location paired with a smart plan of attack can dramatically increase the power of analysts to know the previously unknown, and in enough time to make a dramatic difference in security outcomes.

This article originally appeared in the May 2018 issue of Security Today.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.