We know all about the wide-spread phenomenon that plagues security investigators and analysts all over the world. It’s called the “data fusion headache.” We hear about it all the time. It happens when you’re responsible for gathering data to detect and investigate crime, terror and cyber attacks – and are faced with mountains of data coming from many different sources.
The data fusion challenge
Collecting and integrating all this data is not only time consuming, it can sometimes seem impossible.
The diversity of data
There are so many data types and formats to handle, among them:
- Unstructured text and documents
from so many sources, including:
- Government databases
- Cyber threat reports
- Web and social media data
- Financial transactions
- Log and sensor data
Constantly evolving sources
Sometimes, it’s not just about the different sources. Sometimes it’s simply about a new or realigned data attribute that’s been added to an existing source. To illustrate, the national government vehicle registry has just added eye color to their database. How long will it take to integrate this new data set to workflows, processes, and systems?
Can we afford not to overcome the challenge?
You can invest an inordinate amount of time and resources not only in collecting as much data as possible, but you also will have to spend much time cleansing, indexing, and fusing data, and ultimately processing a huge pool of data into insights. As a result of this time challenge – threats often remain undetected, evidence are left behind, crimes remain unsolved, and incidents are not resolved in time, if at all. Yes, you can sense the threat. But the insurmountable challenge of data can actually prevent you from leveraging your expertise to get the job done. To illustrate how frustrating this can be, I am reminded of what the head of an intelligence fusion center at a large European police force once told me:
“We thought our priority was applying machine learning and analytics to the data. But we discovered that what we really needed first – and still need – is simple and smart data integration.”
Where does salvation come from?
Yes, smart data integration is the key. Some may still think that salvation could come by adding to the team a large group of data scientists. Or that it could come by engaging with a system integrator. But these are not always realistic options. Finding and funding such internal talent or external support is often cost prohibitive. And it’s not just about the cost. It’s also about making sure that the security organization maintains independence and has the flexibility to add and amend data with speed and agility.
So, what can we do with the ‘data fusion headache’? Is there hope? The good news is, there is – and smart data fusion, powered by threat intelligence analytics, is it.
Security analytics platforms are the answer
With security analytics software platforms, investigators can obtain the capabilities they need and the independence they seek to handle whatever data challenges come their way.
And with the Cognyte security analytics platform they can:
- Fuse data from an extremely wide variety of data sources and systems to gain a comprehensive, near real-time view.
- Analyze events, recognize anomalies, visualize insights, and generate analytical insights.
- Leverage collaboration tools and case management workflows to drive more efficient teamwork and smarter decisions across security teams responding to incidents and events.
Want to know more? Check out our website here.