Benefits of Big Data Analytics in Security Helping Proactivity and Value Creation. June 2015

Benefits of Big Data Analytics in Security Helping Proactivity and Value Creation June 2015

The Security Landscape Held the door to let 5 people into the data center Who, Where, Why, For How Long & Who Authorized It? Shares credentials with temp contractors Laptop bag was stolen with badge inside Uses her badge to try to get into restricted areas Has started coming in late at night on the weekend Copied your sales database to a USB drive, just in case Lost her company badge forgot to tell you

Agenda Understanding Big Data and Predictive Analytics Proactive Risk Identification Transforming Physical Security from Reactive to Proactive Best Practices for Adopting Predictive Security Solutions Q & A

Big Data? Predictive? Behavioral? Risk-based Profiling?

Big Data Analytics Introduction Predictive analytics solutions evaluate patterns found in existing data sets to predict potential future outcomes Descriptive Analysis Predictive Analysis Ad Hoc Reports: How many, how often, where? Standard Reports: What happened? Descriptive Example: Which systems have the most alarms Forecasting/Extrapolation: What if these trends continue? Optimization: What s the best that can happen? Predictive Example: Based on the time and frequency of the alarms, which of the doors are more likely to need repair

Physical Security and Predictive Data Solutions Predictive solutions help security transition from being a reactive resource to a proactive strategic business partner 33% 31% 67% 69% More than two-thirds of Security Directors consider it important to be able to do predictive analysis to improve operational effectiveness and reduce risk According to an IDG Research survey conducted October 21-November 3, 2014. Yet, just under one-third of Security Directors have technology in place to capture predictive security metrics

Proactive Risk Identification Why this technology and why now? - Data technology has matured - Hardware cost have made it practical - Tools that connect to systems without a Herculean effort - Management Imperative

Examples Credential Fraud Policy Violations Systems Maintenance Managing Spending & Growth

What is an IOC? An IOC is an Indicator of Compromise that can be identified to a person, device (reader/site), application or network. IOCs provide early indications of bad actors, or deviation from norms that can help you identify and contain security incidents before they result in loss Sample IOCs: Multiple physical access and/or logical (IT) access denied for same person. Same badge used at different geographical locations. Tailgate derived on the basis of site/door hierarchy.

IOC Category #1: Credential Fraud Examples: Shared Credentials Lost/Stolen Credentials Why is this important? Security owns credentials need to track Need to loop in employee charged with credential Is this you? Helps keeps employees efficient Likely target for advanced adversaries

Badge Fishing High-risk identity tries to access high-risk areas (badge fishing) Actions: Automated Responses Email - Is this you? No response within 30 minutes, badge suspended Automate turning badge back on

IOC Category #2: Policy Violations When processes haven t been followed risk liabilities increase Was our audit done well? How long did you spend per person making decisions in this audit? Examples: Requesting and approving access by same person Abusing visitor system by adding same contractor day-after-day to avoid background checks

Tailgating Large number of people tailgating at the London location Actions: Remind offenders about policies Re-train personnel

IOC Category #3: Systems Maintenance Set thresholds to understand when you should repair something Measure how failing devices affect organization

Alarm Analytics Exceptionally high alarm count at a particular site Actions: Attempt to restart the device centrally Create work order

IOC Category #4: Managing Spending & Growth Letting you know about areas with high access Sub-lease extra space Temp hike due to event Shut down office Add new office High personnel growth forecast Capacity Low Med High

Facility Analytics Utilization of facilities less than 50% for each day of the week Actions: Generate utilization reports for the facilities team to take apt decision

A Smart Predictive Data Security Strategy Helps Answer: What is the source of the next possible threat? Which assets are most vulnerable and likely to be targeted? Which processes need improvement? Was our audit effective?

Best Practices for Adopting Predictive Data Solutions Identify decisions and/or actions you intend to improve Partner with systems vendor who brings expertise in your department and with your systems Look for extensible solutions that can contribute to the bigger picture Avoid generic big data solutions from vendors that don t understand security

Making Security Proactive Understand organizational risk, threats and vulnerabilities Identify key metrics Measure adherence to policy Improvement to SLAs Measure risk Measure risks in real-time Measure risk based on people s actions/behavior Use metrics to guide actions Target programs Spend efficiently

Contact Information Don Campbell Director of Product Management and Product Marketing dcampbell@quantumsecure.com

Thank you! 2014 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008