April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Proactive protection: Data analytics recognize security threats before they happen
By and large, most electronic security systems are reactive by nature -- that is, they notify operators of security breaches after they happen. Many advancements during the last several years have taken great leaps in identifying threats as they occur, but what about before they occur? How realistic is this capability?
The emergence of data analytics would seem to suggest that it is very realistic. In fact, it is already happening.
Almost all electronic security systems log event information in some fashion. Events ranging from alarm conditions, access control activity, power failures or fluctuations, and configuration changes are just some of the data collected and logged for basic on-demand reporting capabilities. With all this data readily available, some manufacturers are embedding intelligence into their reporting software that analyzes this data for potential threats and proactively reports on it.
Generally speaking, data analytics technology can proactively warn users by recognizing behavioral patterns and monitoring the health of a system.
Recognizing patterns prevents breaches
Utilizing data analytics enables automated identification of patterns that may indicate a potential breach in security. For example, a specific door may be reporting an “access denied” event once per day. Intelligent analysis of these events might show that the event occurs around lunch time every day, and that different cards are being tried each time. This type of behavior might be indicative of someone “borrowing” other people’s cards while they are distracted or out to see who has access to that specific door. Once this type of pattern is recognized, a report can be generated automatically and proactively sent to an operator or administrator, alerting them to a potential alarm condition.
If cameras were present at the door and video clips were recorded with each “access denied” event, those clips would be embedded in the report, providing all the data necessary to investigate and potentially circumvent an incident.
Recognizing activity that does not create an alarm, but could be a potential threat, is another example of how data analytics can prevent security breaches. Many perimeter sensors require more than one event to trigger an alarm. A dual-technology sensor mounted on a fence post to detect climbing might require movement under the sensor, as well as movement up and towards the sensor, before it alarms. Fiber optic fence sensors often require three to five disturbances of the fence within a set period of time before they detect the motion as a climb and annunciate an alarm. However, even if only one of these events occurs, it can be logged into reporting software -- providing data that can be analyzed for patterns. A regularly detected pattern of one event at multiple points along a perimeter may be indicative of someone looking for a weak point or access point along the perimeter. Once they recognize this pattern, data analytics can proactively send a report to help ward off a potentially dangerous attack.
Monitoring system health increases reliability
Data analytics can also be employed to monitor the health of the security equipment itself. Ensuring all pieces of the system are online at all times is crucial to the reliability of a security system. Typically, alarm conditions are annunciated if a panel, sensor or reader loses power or communication. By this point, a vulnerability exists, and the reliability of the system is compromised until the power or communication is restored.
Now, utilizing and analyzing data can alert the system operator to a potential power or communication failure before the vulnerability is exposed. Many systems log power and communication fluctuations, even those that do not cause alarm conditions. By monitoring those fluctuations and automatically reporting on them when a pre-programmed threshold is met, maintenance issues can be addressed prior to a failure. This type of self-diagnostic capability protects the integrity of the security system -- which can help improve equipment health and reliability.
Recognizing patterns that might signal a security breach or an equipment failure allows security to become preventative rather than reactive. This advancement in data analytics and intelligent reporting provides proactive protection that recognizes security breaches even before they happen.
No system or human can predict the future, but early indications suggest that technology, such as data analytics, can at least take a pretty intelligent (and effective) guess at a potential security threat.