Page 39 - Security Today, May 2018
P. 39

and completely useless in another.
How a chief security officer decides what
is best for their operations, what data is need- ed and what systems are needed to analyze that data is now as important as what people to hire to execute those decisions. Whether you’re running a global, regional or local op- eration, the content and analytics needed to ensure the safety and security of your opera- tions and your people has never been more critical. To meet the needs of global postin- dustrial businesses a modern, postindustrial security approach is needed that is driven by smart multi-variant data analytics.
A Two-Stage Plan for
Data-Driven Security
Data is abundant, and taken all together, largely meaningless. What you do with it is the real value, and knowing when that data is valuable is priceless. Detailed below is a two- stage plan for bringing the right data to bear on security decisions, each using the right datasets and technology to solve the specific tasks of situation discover and investigation.
Stage one is alerting. In the fast sea of data, there is a signal that can drive aware- ness of looming concerns, along with enough noise to overwhelm nearly any attempt to parse that signal out. In a single day, the amount of social and news media that could affect security operations of a single location is in the millions. Add to that more continu- ous data from IoT devices and security cam- eras and the problem quickly surpasses hu- man scale solutions.
At this stage, the goal is two-fold: build- ing systems to identify patterns that point to risks and selecting the right kinds of data to feed into those systems.
The second part is easier to tackle first. What data really matters? Plainly stated, there is an overreliance on social media right now. It is understandable that this is a natural first foray into data-driven security because the needed search and sorting tools are easy to find, but too many operations are using so- cial media as their primary, and in some cases only, mass market data source. While incred- ibly important to understanding breaking events, local and regional attitude and brand management, social media is a biased data source and can skew security operations.
A system of integrated social media, news media, IoT, security and web cameras, crowd
sourced data and even data from satellites such as imagery and radio frequency signal can supercharge global security operations and move you closer to an intelligence driv- en security operations center. Using a system or platform that automates the integration of security related content with artificial in- telligence models that enable your officers to have persistent knowledge of potential threats to your operations will drive smarter decisions and save resources.
However, simply adding more data does not equal enhanced security. Analysts of all stripes, from military intelligence to business to security operations, find themselves over- whelmed with the sheer volume of data that is available. As John Coyne noted, “Sifting through that deluge of data in the required timeframes is now, more often than not, beyond the capacity of a single intelligence professional.”
This brings us back to the first part of our alerting goal. In commercial and govern- ment settings, operations get bogged down by the very data that could empower them. As with many other uses of big data, it takes well-trained machines to identify the data that matters, and fast enough to make that data useful.
Artificial intelligence (AI) and machine learning, specifically anomaly detection al- gorithms and risk models, enable one officer to do the work of ten by driving them to the most important content and help them look where they didn’t know to look.
Automated natural language processing and generation enable operations to instan- taneously prepare reports that would take hours to days using traditional methods. These artificial intelligence algorithms are being utilized today in business intelligence processes and will also revolutionize intelli- gence driven security operations—speed and accuracy will drive security decisions just as speed and accuracy drive financial invest- ment decisions.
Stage two is drill down. Red flags are vitally important, but alone, they are like a trigger without ammunition. Analysts need the tools to investigate situations these red flags point to. This is where social media is particularly unreliable on its own. For ex- ample, a dozen tweets about an earthquake in the region of a strategic asset is valuable, but those people do not share your interest
in that asset. It takes multi-variant analysis to look into the wellbeing of your charge. A scan of webcams, mobile phone data or IoT data could be required to know exactly what is called for in a situation where nearly any outcome is possible.
This is less of a big data challenge and more a challenge of immediate access. How can you find the webcam view you need fast- est. Here systems must be built to offer up relevant resources by place. The drill down time is entirely a factor of knowing how to find the feeds that will confirm the status of what matters to you. By mapping feeds that are locked in place and using geospatial in- telligence to pinpoint movable sources, ana- lysts can dispense with nearly everything that is irrelevant and focus their energy and time on the handful of sources that might prove useful.
The Technology is In Use Today
The tools to attack this two-stage strategy are not science fiction. AI and geospatial intel- ligence are both mature, if also quickly devel- oping technologies that have found countless other uses, but are just now being applied together to address security issues.
AI can detect patterns that have gone un- noticed by experts, because they don’t have the time and resources to sift through all available data. AI is not a replacement for a trained officer but helps focus them, drives them to the more relevant information, in- forms them of activities that would have gone unnoticed and gives them the abilities of 10 analysts. Even better, platforms and al- gorithms that are able to alert to new prob- lems as they arise, making operations centers aware of issues that otherwise would have been lost in noise should be the standard.
Geolocation is widely used today for ap- plications as mundane as offering a coupon for a latte to people as they enter a Starbucks. In more security minded applications, geo- spatial intelligence was used to help find Osama bin Laden. When used together, AI and geospatial location paired with a smart plan of attack can dramatically increase the power of analysts to know the previously un- known, and in enough time to make a dra- matic difference in security outcomes.
John Goolgasian is the COO of GeoSpark Ana- lytics and an associate partner for OGSystems.
WWW.SECURITYTODAY.COM GS9


































































































   37   38   39   40   41