benefits of big data analytics in security – helping ......transforming physical security from...

Benefits of Big Data Analytics in Security – Helping Proactivity and Value Creation

June 2015

© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008

The Security Landscape

Held the door to let 5 people into the data center

Uses her badge to try to get into

restricted areas

Laptop bag was stolen with badge

inside

Lost her company badge – forgot to

tell you

Shares credentials with

temp contractors

Who, Where, Why, For How Long & Who Authorized It?

Has started coming in late at night on

the weekend

Copied your sales database to a

USB drive, just in case


Agenda

Understanding Big Data and Predictive Analytics

Proactive Risk Identification

Transforming Physical Security from Reactive to Proactive

Best Practices for Adopting Predictive Security Solutions

Q & A


Big Data? Predictive? Behavioral? Risk-based Profiling?


Big Data Analytics – Introduction Predictive analytics solutions evaluate patterns found in existing data

sets to predict potential future outcomes Descriptive Analysis

Ad Hoc Reports: “How many, how often, where?”

Standard Reports: “What happened?”

Predictive Analysis

Forecasting/Extrapolation: “What if these trends continue?”

Optimization: “What’s the best that can

happen?”

Descriptive Example: Which systems have the most alarms

Predictive Example:

Based on the time and frequency of the alarms, which of the doors are more

likely to need repair


Physical Security and Predictive Data Solutions

Predictive solutions help security transition from being a reactive resource to a proactive strategic business partner

67%

33%

More than two-thirds of Security Directors consider it important to be

able to do predictive analysis to improve operational effectiveness and

reduce risk

Yet, just under one-third of Security Directors have technology in place to

capture predictive security metrics

31%

69%

According to an IDG Research survey conducted October 21-November 3, 2014.


Why this technology and why now? - Data technology has matured - Hardware cost have made it practical - Tools that connect to systems without a

Herculean effort - Management Imperative

Proactive Risk Identification


Examples

Credential Fraud

Policy Violations

Systems Maintenance

Managing Spending & Growth


What is an IOC?

• An IOC is an Indicator of Compromise that can be identified to a person, device (reader/site), application or network.

• IOCs provide early indications of bad actors, or deviation from norms that can help you identify and contain security incidents before they result in loss

Sample IOCs: • Multiple physical access

and/or logical (IT) access denied for same person.

• Same badge used at different geographical locations.

• Tailgate – derived on the basis of site/door hierarchy.


IOC Category #1: Credential Fraud

Why is this important? ─ Security owns credentials – need to track

─ Need to loop in employee charged with credential – “Is this you?”

─ Helps keeps employees efficient

─ Likely target for advanced adversaries

Examples: Shared Credentials

Lost/Stolen Credentials


Badge Fishing

High-risk identity tries to access high-risk areas (badge fishing)

Actions: Automated Responses • Email - Is this you? • No response within 30 minutes, badge suspended • Automate turning badge back on


IOC Category #2: Policy Violations

When processes haven’t been followed risk liabilities increase

Was our audit done well? ─ How long did you spend per person

making decisions in this audit?

Examples: ─ Requesting and approving access by same

person

─ Abusing visitor system by adding same contractor day-after-day to avoid background checks


Tailgating

Large number of people tailgating at the London location

Actions: • Remind offenders about policies • Re-train personnel


IOC Category #3: Systems Maintenance

Set thresholds to understand when you should repair something

Measure how failing devices affect organization


Alarm Analytics Exceptionally high alarm count at a particular site

Actions: • Attempt to restart the device centrally • Create work order


IOC Category #4: Managing Spending & Growth

Letting you know about areas with high access

Capacity Low Med High

Sub-lease extra space

Shut down office

Add new office

Temp hike due to event

High personnel growth forecast


Facility Analytics

Utilization of facilities less than 50% for each day of the week

Actions: • Generate utilization reports for the facilities team to take apt decision


A Smart Predictive Data Security Strategy Helps Answer:

What is the source of the next possible threat?

Which assets are most vulnerable and likely to be targeted?

Which processes need improvement?

Was our audit effective?


Identify decisions and/or actions you intend to improve

Partner with systems vendor who brings expertise in your department and with your systems Look for extensible solutions that can contribute to the bigger picture Avoid generic “big data” solutions from vendors that don’t understand security

Best Practices for Adopting Predictive Data Solutions


Making Security Proactive

Understand organizational risk, threats and vulnerabilities

Identify key metrics • Measure adherence to policy • Improvement to SLAs

Measure risk • Measure risks in real-time • Measure risk based on people’s actions/behavior

Use metrics to guide actions • Target programs • Spend efficiently


Contact Information

Don Campbell Director of Product Management

and Product Marketing [email protected]



Thank you!

benefits of big data analytics in security – helping ......transforming physical security from...

Documents