Connecting the Data Points for Better Response
Posted in Cyber Intelligence
The volume, velocity and variety of data are increasing like never before, so how do we take this data and turn it into actionable intelligence? I’ll share an example where a tragedy might have been prevented had the pieces of the data puzzle been put together.
In February 2010, Andrew Joseph Stack III, crashed a small plane into an IRS building, just seven miles northwest of the State Capitol in Austin, Texas, killing himself and an IRS employee, and injuring several others. It took investigators more than 24 hours to discover that there had been a series of events leading up to the incident: a six-page manifesto to the IRS posted online, a fire at the pilot’s home, and a false flight plan filed at the airport where Stack kept his plane.
While officials responded quickly to the incident, it took a significant amount of time to identify the chain of events leading up to it. Had these critical pieces of actionable information been discovered and pieced together in advance, the event—which was later determined to be a terrorist attack—may have been prevented.
In math, a correlation coefficient is a measure of the degree of a linear relationship between two variables. In situational awareness, correlation works similarly. In order to help prevent or reduce the severity of a security situation, responders must seek out variables; for example, a series of social media rants, erratic public behavior or an individual’s known criminal record to intercept before a situation occurs.
Today, it is possible to quickly combine multiple variables and data points to be able to ‘see’ a chain of events and its possible outcomes. In the last 10 years, more data has been compiled than in all of history prior to that. Responders today have everything from simple data—such as location data, databases and call records—to complex data, which includes medical records, license plate and facial recognition, public video and more. This can all be used to determine the intersection of events.
An enormous amount of data is available for security professionals at any given time, enabling responders to make smarter decisions more quickly.
Real-time situational awareness can be achieved by correlating data from multiple data sources into one centralized management system. Situational awareness platforms can take basic information, such as an address, and cross-reference it against a known offender database.
With embedded analytics, operators can use social media tracking to determine what accounts this individual has and search recent postings. This correlation of data is extremely valuable in helping responders be better prepared when responding to a situation at this address.
It is often difficult to align two points of reference as being related without having a system in place that can monitor and analyze the thousands of events that happen every day. Situational management allows officials to give the right information to the right people at the right time to help enable a safer, more informed response.
Want to stay up to date with all the latest insights?
Subscribe to our weekly or monthly digests of all the latest insights and articles from from Verint