Benefits of Big Data Analytics in Security Helping Proactivity and Value Creation. June 2015

(1)

Benefits of Big Data Analytics in Security – Helping

Proactivity and Value Creation

(2)

(408) 453-1008

The Security Landscape

Held the door to

let 5 people into

the data center

Uses her badge to

try to get into

restricted areas

Laptop bag was

stolen with badge

inside

Lost her company

badge – forgot to

tell you

Shares

credentials with

temp

contractors

Who, Where, Why, For How Long & Who Authorized It?

Has started coming

in late at night on

the weekend

Copied your sales

database to a

USB drive, just in

(3)

(408) 453-1008

Agenda



Understanding Big Data and Predictive Analytics



Proactive Risk Identification



Transforming Physical Security from Reactive to

Proactive



Best Practices for Adopting Predictive Security

Solutions

(4)

(408) 453-1008

(5)

(408) 453-1008

Big Data Analytics – Introduction

Predictive analytics solutions evaluate patterns found in existing data

sets to predict potential future outcomes

Descriptive Analysis

Ad Hoc Reports:

“How many, how often, where?”

Standard Reports:

“What happened?”

Predictive Analysis

Forecasting/Extrapolation:

“What if these trends continue?”

Optimization:

“What’s the best that can

happen?”

Descriptive Example:

Which systems have the most alarms

Predictive Example:

Based on the time and frequency of the

alarms, which of the doors are more

(6)

(408) 453-1008

Physical Security and Predictive Data Solutions



Predictive solutions help security transition from being a reactive resource to

a proactive strategic business partner

67%

33%

More than two-thirds of Security

Directors consider it important to be

able to do predictive analysis to

improve operational effectiveness and

reduce risk

Yet, just under one-third of

Security Directors have

technology in place to

capture predictive security

metrics

31%

69%

(7)

(408) 453-1008



Why this technology and why now?

-

Data technology has matured

-

Hardware cost have made it practical

-

Tools that connect to systems without a

Herculean effort

-

Management Imperative

(8)

(408) 453-1008

Examples



Credential Fraud



Policy Violations



Systems Maintenance

(9)

(408) 453-1008

What is an IOC?

• An IOC is an Indicator of

Compromise that can be identified to

a person, device (reader/site),

application or network.

• IOCs provide early indications of bad

actors, or deviation from norms that

can help you identify and contain

security incidents before they result

in loss

Sample IOCs:

• Multiple physical access

and/or logical (IT) access

denied for same person.

• Same badge used at

different geographical

locations.

• Tailgate – derived on the

basis of site/door hierarchy.

(10)

(408) 453-1008

IOC Category #1: Credential Fraud



Why is this important?

─

Security owns credentials – need to track

─

Need to loop in employee charged with

credential – “Is this you?”

─

Helps keeps employees efficient

─

Likely target for advanced adversaries

Examples:



Shared Credentials

(11)

(408) 453-1008

Badge Fishing

High-risk identity tries to access high-risk areas (badge fishing)

Actions: Automated Responses

• Email - Is this you?

• No response within 30 minutes, badge suspended

• Automate turning badge back on

(12)

(408) 453-1008

IOC Category #2: Policy Violations



When processes haven’t been followed

risk liabilities increase



Was our audit done well?

─

How long did you spend per person

making decisions in this audit?



Examples:

─

Requesting and approving access by same

person

─

Abusing visitor system by adding same

contractor day-after-day to avoid

background checks

(13)

(408) 453-1008

Tailgating

Large number of people tailgating at the London location

Actions:

• Remind offenders about policies

• Re-train personnel

(14)

(408) 453-1008

IOC Category #3: Systems Maintenance



Set thresholds to understand

when you should repair

something



Measure how failing devices

(15)

(408) 453-1008

Alarm Analytics

Exceptionally high alarm count at a particular site

Actions:

• Attempt to restart the device centrally

• Create work order

(16)

(408) 453-1008

IOC Category #4: Managing Spending & Growth



Letting you know about areas with high access

Capacity

Low

Med

High

Sub-lease

extra space

Shut down

office

Add new

office

Temp hike due

to event

High personnel

growth forecast

(17)

(408) 453-1008

Facility Analytics

Utilization of facilities less than 50% for each day of the week

Actions:

(18)

(408) 453-1008

A Smart Predictive Data Security Strategy Helps Answer:



What is the source of the next possible

threat?



Which assets are most vulnerable and

likely to be targeted?



Which processes need improvement?

(19)

(408) 453-1008

Identify decisions and/or actions you intend to improve

Partner with systems vendor who brings expertise in your

department and with your systems

Look for extensible solutions that can contribute to the

bigger picture

Avoid generic “big data” solutions from vendors that

don’t understand security

(20)

(408) 453-1008

Making Security Proactive

Understand organizational risk, threats and vulnerabilities

Identify key metrics

• Measure adherence to policy

• Improvement to SLAs

Measure risk

• Measure risks in real-time

• Measure risk based on people’s actions/behavior

Use metrics to guide actions

• Target programs

• Spend efficiently

(21)

(408) 453-1008

Contact Information

Don Campbell

Director of Product Management

and Product Marketing

(22)

(408) 453-1008