Artificial intelligence (AI) has been a floating buzzword in physical security for quite some time now, ushering in a new era of possibilities for solving some of the most complex problems that modern organizations face.
At its best, AI is a powerful tool for improving security posture, enabling organizations to detect and respond to security threats more quickly and effectively, while also helping to prevent potential breaches before they occur. However, few companies are truly leveraging technology to navigate improvements in their physical security programs.
Machine learning (ML), on the other hand, is a subset of AI that uses algorithms to recognize patterns from data and automatically learn insights, allowing programs to become more intelligent over time. Applying the technology to use cases across physical security has implications for not only strengthening response to incidents but also the business overall. Here, we examine what it means to use ML in these kinds of applications and what’s next for the industry.
Machine Learning Defined
To be clear, ML should not be confused or used interchangeably with AI. In ML, a computer is shown a set of data and is trained to make predictions or decisions. The great part is, the more data the computer or program is exposed to, the more accurate the predictions become. ML ultimately should aim to remove the need for humans to do repetitive, low-value decision-making activities.
In physical security, this may look like training software to triage false positives or system/device health ticketing. Data might come from video surveillance cameras, access control points, alarms, and much more.
Think of how much data is being generated from these devices. By 2025, the IDC predicts that the amount of data generated by Internet of Things (IoT) devices is expected to reach 73.1 ZB (zettabytes). (If you’re not quite sure how much that is, consider this: If each Gigabyte in a Zettabyte were a brick, 258 Great Walls of China (made of 3,873,000,000 bricks) could be built.)
Fundamentally, one of the main drivers for using ML is taking large amounts of data being generated from all of these devices, which is impossible for people to physically analyze, and extrapolate insights from it to make better decisions.
How ML is Used
In the short term, ML can benefit physical security teams by helping to identify anomalies or suspicious behavior, such as a person entering a restricted area, or an object being left unattended. Anomalies across data points may not mean that something is wrong, but it might alert security leaders to be aware.
For example, analyzing patterns of behavior, such as when employees typically arrive and leave work, can identify anomalies and flag potential security breaches. This might look like someone attempting to access a secure area outside of normal business hours or using a stolen access card.
Some of the most common uses of ML in physical security include:
● Noise reduction: ML can be used to accurately label false positives in video and access control data, which can mean being able to identify future false positives based on the data being fed into the system. The better the software gets at this, the more “noise” coming into a security operations center can be reduced, pushing operators toward focusing on proactive tasks that help enable more effective responses.
● Anomaly detection: Anomaly detection using ML is a solid use case, as software exists to identify something that happens historically but does not always happen from previous datasets that the system is sensitive to.
● Predictive maintenance: ML can be used to monitor physical security systems and equipment, such as video cameras, sensors, and access control readers, to detect potential issues before they become critical. Also known as “health monitoring,” this can help reduce downtime and additional noise related to offline sensors. It can also mean that devices are up and running when they’re needed most in the event of an emergency.
● Predictive analysis: From a long-term perspective in software being built today, being able to start giving greater clarity on predictive improvements for advice and support across physical security is a big selling point for applying machine learning. For example, if you’re getting a lot of alarms from a specific door, placing a camera at that entrance might cut down on false alarms that might be alerting operators. The cost, then, pays for itself in the amount of time spent clearing those alarms or addressing them. In this case, security leaders can elevate the conversation around ML to make long-term business improvements, which makes each business case less costly to compile.
Benefits of ML in Security
While we’re really just beginning to scratch the surface of what machine learning can do across multiple industries, we’re already seeing the benefits of using ML in physical security applications, such as:
Freeing up time for other strategic initiatives -- Do your security operators spend countless hours dealing with false alarms and faulty sensors? Software that uses ML to learn which alarms are typically false and determine whether devices are faulty can save significant resources across the business. For example, one company prior to adopting this kind of software calculated that they would need six times the number of operators they already had to be able to deal with all of the alarms coming in. By utilizing a system with ML, the data collected from these alarms can be processed to identify patterns and provide insights, taking the guesswork out of these alarms. ML can be instrumental in supporting more types of security coverage, strategic planning, or new hardware implementation.
This allows operators to be less reactive, giving them more time to work on strategic and proactive initiatives. This, in turn, up-levels the position of the operator to the analyst.
Create lower turnover rates -- Historically, the security industry has incredibly high turnover rates. Annual rates are anywhere from 100% to 300%. Recruiting and training new operators is expensive, timely, and stressful. This is why retaining employees, especially your operators, is so critical. According to a recent Korn Ferry poll of 5,000 professionals, the top reason people look for a new job is boredom. Getting a job in security, which on the surface sounds fun, exciting, and challenging, and then sitting in a dark room all day clearing false alarms caused by birds (seriously, this can be a real issue) is not exactly what these professionals signed up for. ML allows security teams to prioritize more valuable work, using their time to actually respond to real events; not simply checking “security spam” in false alarms. This enables security operators to become more analytical and drive more impact for the business long-term, leading to continued career growth, opportunity, and satisfaction.
Save money and resources -- Bringing it all together, ML saves organizations money and resources. The combination of false alarms (a $3.2 billion industry issue), additional guard staff (i.e.: the 6x guards mentioned in the first point), and consequences of high turnover make the security organization a cost center. Taking these ongoing challenges and applying innovative solutions and technology to help address them can mean long-term savings across the organization, turning security into more of a forward-thinking, strategic department.
Questions to Ask
When considering whether to implement software that uses ML to strengthen anomaly detection and response, there are questions you should ask yourself about the security program you’ve built.
● Where are the places where my costs are spiking?
● Why are they so expensive?
● What areas in those high-cost places could potentially be reduced?
● Where are my operators spending the most time? Is it a type or location or false positives?
● Where are alarms coming from?
● What’s taking the most time? Is it processes or out-of-date technology?
Starting with well-defined questions and problems can mean security leaders have a solid starting point for implementing technology solutions that can help address them by leveraging intelligence, such as ML-driven innovations. But technology can only take an organization so far; many times, root cause analysis on the issues above will lead organizations to figure out how to fix it using AI.
Platforms that prioritize analytics – and being able to find them easier to measure program effectiveness – exist to help support the ongoing discussion around security program outcomes using ML to interpret incoming data.
And as with many technological innovations, the people using the tools are critical when gaining buy-in. Empowering security operations center (SOC) operators to use the technology and the incoming data to make better decisions enables a higher level of situational awareness and, in turn, response.
About the authors: J
