Implementing Analytics in Security Operations

Technology provides actionable insight for security professionals


Security operations can benefit significantly from the use of analytics — and not just video analytics. Any analytics technology or service can be of value by supporting one or more threat monitoring and response functions of security operations including deterrence, detection, identification, assessment, response and recovery.

Analytics can be said to be the application of computer processing to examine information carefully and in detail so as to identify causes, key factors, patterns and possible results. In security applications, analytics technology is used to identify the likely presence of a threat or threat activity and to report it and/or take automatic action, according to predetermined rules or programming. Some analytics technologies can “learn” over time. Based on certain criteria, they update the basis they use to evaluate data, which can increase accuracy and effectiveness.

It can be helpful to think of analytics techniques and tools as fitting into two categories: sensor-based or raw data analytics, and information analytics. Both categories offer value, and the key objective for each is to get data that can be translated into something meaningful to the operational environment.

Analytics Based on Sensor Data

Video analytics is the most widely known category of sensor-based analytics. Most security industry material on analytics centers on video analytics, which is naturally of high interest due to the recent increases in camera system capability, and the general widespread use of video cameras in security. Pixel images from the camera’s image sensor are examined for patterns in real time, and resulting conclusions are reported using graphical displays (such as drawing a box around a violation occurrence) or text data (such as for people or vehicle counting analytics). There is a lot of information available from video analytics vendors, and increasingly case study information is becoming available.

There are many factors to consider in evaluating video analytics capability, suitability and performance. Aimetis Corp. (www.aimetis.com), a provider of intelligent video surveillance software, provides a white paper entitled, “Factors that Influence Video Analytic Performance,” which summarizes the key technology issues and is available for download from its Website.

Information Analytics

Technically speaking, in the information world, data mining is considered distinct from data analytics, even though both are data analysis. Data mining is an activity of extracting information (hence the term mining) whose goal is to discover hidden facts, undiscovered business patterns, and hidden relationships existing among the data contained in databases.

Data analytics is the science of examining raw data with the purpose of drawing conclusions about that information. It generates new data not found in the original data examined. Until one gets very specific about the applications, these distinctions are academic. Furthermore, the distinction tends to blur when both are combined, or when the results of either are used to evaluate data being generated in real time or near real time, such as is done by Google Analytics (www.google.com/analytics).

Therefore, for the purposes of this article, the term analytics is being used to encompass any kind of data analysis that provides actionable insight. Analytics can have a force-multiplier effect, enabling fixed security resources to be applied for increased security-effectiveness or increased cost-effectiveness, or both. The job of security is to reduce security risks to acceptable levels, at an acceptable cost — and technology use should always be viewed in light of that overall focus.

Simple Analytics Allows Redeployment of Security Officers

This content continues onto the next page...