Here’s a fundamental paradox of today’s massively connected IT systems: the more information available to you, the less you want. No one likes getting buried in piles of irrelevant transaction data, fire-hosed with emergency alerts or overloaded with pictures of cats, cakes and kids on social media. There’s only so much data any one person, or enterprise, can take.
Consider the notorious Target data breech, for example. According to a lengthy Bloomberg Business article, two of Target’s security monitoring systems (provided by FireEye and Symantec, respectively) detected the malware that ultimately led to a pirate server operating inside company firewalls. Each service immediately sent out a series of urgent alerts (“malware.binary!”). Yet for some reason, the humans receiving these alerts, those in charge of Target’s IT systems, took no action. The result: over 100 million stolen credit cards, hundreds of millions of dollars in damage, and the resignation of a CEO.
The problem was not that the Target IT staff was incompetent. After all, for years they had operated one of the largest and most successful retail IT environments in the world. The problem was that they were swamped. The IT departments of most global-brand companies receive hundreds to thousands of intrusion detection alerts every day. They also receive a deluge of reports, charts and alerts about the state of their internal network, and never-ending notifications about new environmental cyber threats. An information haystack was continuously being dumped on the Target staff, and somehow they failed to find the needle.
Target is hardly the only company with a “haystack and needle” when processing alerts. With the continuing rise of Social Media, Big Data, Smart Cities, the Internet of Things, et al., data streams are only going to get bigger, faster and denser. And not just for IT department cyber monitoring experts, but for everyone.
Today’s hyper-linked global Internet produces a tremendous amount of junk, or data chaff. As massively connected sensors, machines, processes and people begin piling up ever more chaff, services that deliver just wheat become critical.
“One technology whose mission is “just wheat” delivery-especially when it comes to critical, real-time alert notifications-is Smart Alerting. It’s used in security, intelligence and emergency response circles today, but holds considerable promise, even in the near term, for helping Smart Cities, global enterprises and consumers find shelter from the growing data storm.”
Most Smart Alerting services had their origins a decade ago in U.S. military, homeland security and intelligence community circles. They are now also used widely in the large enterprise sector around the world. Smart Alerting companies have yet to perfect the process of delivering precisely correct, actionable information-and only that information-to the right people, when they need it most…but they are getting better at it all the time.
A true Smart Alerting story: Within sixty minutes of the Fukushima nuclear meltdown, foreign expats in Japan, working for over a dozen of large global companies, begin receiving real-time alerts about the fast-breaking events there, on their PCs, tablets and phones. From this new ad-hoc service, expats got expert real-time advice about what to do. This service was provided by one of the world’s largest physical security vendors to its best customers, and it delivered alert payloads that included evacuation routes, real-time radiation plume maps and a variety of other critical information. The alert recipients in Japan were most grateful.
Smart Alerting has its own global emergency alert data structure standard, and a variety of features developed for the specific requirements of smart emergency alert notification. Here’s how it works:
- Web-based services deliver timely, relevant information to people with critical jobs or in critical situations (ideally, before it’s too late).
- More technically, these services (generally out of the cloud) aggregate myriad security intelligence data sources, and rationalize their data in some way. They then use these data to deliver targeted (i.e., “Smart”) alert notifications to individual subscribers, with all alerts being filtered for personal and contextual relevance.
- Public safety officers, emergency response officials, executive protection bodyguards, Security Operations Center (SOC) staff and virtually the world’s entire meteorological community use Smart Alerting every day…to filter-out information about meaningless events, and sound the alarm when something significant happens.
- Smart Alerting leverages structured data standards, attribute-based filtering, cloud tagging, Boolean search and other “structured data” filtration methods to provide agencies, companies and people with a new kind of targeted security intelligence – via text, email, dashboards and other delivery mechanisms.
TIES® for Microsoft CityNext, a security intelligence service operated by Swan Island Networks and promoted by Microsoft CityNext, is arguably the world’s most advanced Smart Alerting service, at least in terms of data filtering. Full disclosure, I am the CEO of Swan Island Networks, so I am hardly unbiased in this opinion. But this service aggregates over one-thousand security/public safety/emergency response data feeds, processes tens of thousands of alerts from them each day, and filters all this data down to an average of three or four alerts per user, per week. That’s pretty good filtration. Swan Island is only one of a growing number of highly competent Smart Alerting companies that are deploying advanced data filtration techniques for getting critical alerts to critical people. Some Smart Alerting companies (notably, AtHoc), specialize in intelligent mass notification services serving tens of thousands of people, or more.
Others (notably Pinkerton’s Global Risk Group), specialize in providing alerting services to the men and woman in SOCs who protect the people, property and assets of large enterprises.
Global weather organizations and the emergency alerting agencies of over 120 countries use Smart Alerting 24/7 (based on the Common Alerting Protocol, or CAP, an OASIS standard). It’s no accident weather forecasters and emergency management agencies have been the early adopters of Smart Alerting systems. Both weathermen and first responders have reams of data available to them, but both also have a solemn obligation to filter out almost all this information, and relay on to their stakeholders only that information which matters most.
Smart City leaders have an even bigger data tsunami problem. They are managing networked systems with all local weather and emergency data, plus news, traffic, crime, social media, citizen relations, critical infrastructure monitoring, internal operations and governance…and soon, perhaps, drone surveillance and numerous new sensor feeds.
The IoT has tremendous potential for saving money, and even saving lives, but it is also ushering in an era of TMI (Too Much Information). Smart Alerting platforms such as TIES for Microsoft CityNext have a proven role to play in Smart Cities’ emergency notification systems. Perhaps, by applying the techniques and lessons learned from the emergency alerting sector to other massively connected systems, they can make a broader contribution to the emerging IoT as well.
Smart Alerting, of course, is but one of many data filtration methods. With the increasing size and velocity of global data streams, we’ll certainly need more “smart dams” for data flood protection, and many more “needles from haystacks” intelligence services. Smart Alerting, given it security roots, is a tech sector that has preferred to fly under the radar. But if your agency or enterprise has a need for more specifically targeted and actionable real-time information delivery, regardless of the nature of that information, Smart Alerting now deserves a closer look.
This feature is adopted from Microsoft CityNext by Charles Jennings