“Security leaders have been discussing the convergence of cybersecurity and physical security for years. But what does it mean?”
First, a word about the word ‘convergence’
The obvious answer to the question “what does convergence mean?” is that convergence in our domain is the coming together of physical and cybersecurity into one integrated and holistic endeavor. Yes, traditionally, these two domains had been managed separately by distinct stakeholders in different departments across the organization. But the threat landscape has grown so profoundly complex in recent years that convergence has become a mandate that cannot be ignored. This really is the only way organizations can ensure protection in an ever-more challenging security reality. And to effectively leverage the full benefits of convergence, one needs to acquire a deep understanding of all security-related operations, and what steps are required to break down security silos. When doing so, ultimately, the results will be dramatically improved – in situational awareness, threat detection and identification, and incident response.
The basic convergence components
When it comes to the two sides of the equation, most of the components of the physical side are well known, including, for example, video surveillance, access control, and perimeter intrusion detection, among others. On the cyber side, we have multiple solutions available to protect the organization against a variety of attacks, including malware, ransomware, phishing, and more.
So, what does social media have to do with it?
While the physical and cybersecurity components noted above are almost always taken into consideration when it comes to a holistic (and convergent) security approach – social media is not always top of mind. But it should (and must) be, because social media can be a very powerful asset in your security toolbox. In fact, it reigns supreme in its ability to provide security insights that are vital for establishing a proactive, convergent security strategy.
It all starts in the digital sphere
Security threats both to the physical and cyber domain often start in the digital sphere. Moreover, an organization’s physical and digital assets are connected by digital – where a cyber-generated attack can cause great damage to people, property, and information alike. Social media is part of this digital sphere, and it is a hotbed of cybercriminal interactions, planning, chatter, collaboration, and actual events.
Here is where the threat actors go to plan and often publish their nefarious intents – both against physical and digital targets. So, when you can tap into these interactions and extract insights that are actionable, you are well-positioned to stay ahead of criminals and potentially stop an attack before it happens.
To monitor is to be proactive
This is where social media monitoring comes into play, enabling security professionals to be proactive by picking up on early warning signs and gaining critical insight into an incident or threat before it actually takes place. For example, with functionality for live event streaming, social media can provide very precise geo-based awareness, down to the specific location where threats may be in the process of brewing. Based on these insights, security operations can deliver actionable insights to relevant stakeholders to help avert an attack. Moreover, data and persons that may seem at first to be unrelated can be contextualized and associated in ways that were previously not possible.
Pulling it all together
Social media monitoring feeds the larger physical and cybersecurity engine by automating the collection and analysis of content from open sources. Once threatening posts are identified, organizations can incorporate this information into tools such as video surveillance, facial recognition, and dispatch & response technologies, into an integrated cyber and physical security posture that is resilient and prepared. This level of security integration and team collaboration fuels a unified and cohesive security strategy that is built with all areas of security in mind and which leads to vastly improved incident management and accelerated responses.
How Cognyte can help
Cognyte threat intelligence analytics solutions empower security teams with actionable intelligence, by improving both physical and cybersecurity with:
- The ability to fuse data from a variety of sources including social media, as well as physical and cybersecurity systems and devices, providing real-time situational intelligence;
- Tools for analyzing events, recognizing anomalies, generating insights, and driving real-time responses; and
- Visualization and workflows that drive action and support collaboration across physical and cyber security teams responding to cyber incidents.
To learn more about how Cognyte can help you to identify and respond quickly to threats, we invite you to read all about it here.