Anyone reading the news headlines after a major terror incident or cyber-attack will likely recognize a pattern; In many cases, it quickly becomes clear – although only in hindsight – that there were clues and warning signs which could have tipped off authorities and enabled them to detect and prevent the attack. But if the information was “out there”, why weren’t the catastrophic results averted? Typically, it’s because the relevant information was not analyzed in time, if at all, or it may be because several data points – which, if taken together, would have raised alarms – were not connected.
As criminal and terror threats grow increasingly sophisticated and as security organizations are flooded by huge volumes of dark data, the challenge of sifting through the noise and finding those nuggets of relevant information, or ‘connecting the dots’, has become more important and at the same time more difficult.
This need to generate high-quality, actionable insights is a critical issue security teams face constantly. It plays out on an everyday basis, not just in high stakes terror scenarios – but even in the most ordinary circumstances.
Imagine this scenario – a man is spotted on security cameras carrying a suspicious looking package into a large corporate campus. Today, the onsite security team must guess whether the person is a known criminal or extremist, whether he has a legitimate reason for being there, whether the package poses a threat, and what he intends to do.
While the security team may have hundreds, or even thousands, of security cameras, typically the cameras feed into separate, siloed systems. And none of these cameras are necessarily connected to door keypads, fire alarms, etc. As a result, they have a siloed and incomplete situational awareness view. Moreover, the lack of connection and context between the data means the security team is operating without the full, ideal set of information needed to make data-driven decisions.
An ideal system would automatically connect data from all cameras, door alarms, keypads, license plate readers, and facial recognition tools, as well as various databases. These connections and the context created would help quickly identify the person as a serious threat and get the right responder to the location, thereby preventing an attack or serious incident.
The untapped potential of analytics
In recent years, many security organizations – both government and enterprise – have deployed analytical tools exactly for the purposes of connecting data from different sources, in order to create one consolidated view and to generate actionable analytical insights.
However, in many cases, these tools are proprietary, homegrown analytical solutions that quickly become outdated and fail to meet the organization’s needs or provide real value. At Cognyte, we’ve conducted in-depth research into why security organizations are still struggling to tap the full potential of the data they have access to, preventing them from making rapid, data-driven decisions.
Key findings from our research indicate that proprietary, homegrown analytical solutions are typically:
- Risky and complex deployments – built by integrating multiple disconnected tools that often fail to work together properly
- In need of extensive customization – modifying generic business intelligence and analytics tools to meet the unique needs of investigators and analysts requires significant customization and the results are usually less than optimal
- Difficult to upgrade or adapt over time – to leverage cutting-edge machine learning and AI technologies
These limitations prevent organizations from reacting quickly to new threats, technological advancements, and changes in their mandate.
The Shift to Open Security Analytics Platforms
To address these issues, there is a growing understanding that modern, open platforms are needed for security analytics.
As stated by Lieutenant General John N.T. Shanahan, of the U.S. Department of Defense, “Data should not be treated as an IT problem; instead, IT systems should be framed by the operational problems they solve. This requires moving from closed, proprietary architectures… to open architectures and fast transient adoption of new technologies and applications.”
Security organizations are turning to open, modern solutions from vendors specializing in security analytics platforms. These platforms:
- Enable fusing massive amounts of data from diverse sources, including unstructured data such as text, audio, images and video
- Provide advanced analytics to detect anomalies and suspicious patterns, surface hidden connections between entities, and predict and identify unknown threats
- Enable seamless collaboration and information sharing across teams and accelerate investigations with automated case management workflows
- Provide real-time insights for security teams in the field
- Can be frequently and easily updated with the latest analytics and artificial intelligence technologies
Open security analytics platforms are the key for government and enterprise security organizations to keep up with the constantly evolving crime and terror landscape.
To learn more about the benefits of security analytics platforms, download the full security analytics report here.