In a recent survey conducted by Forrester Consulting, several hundred security, risk and compliance decision-makers were asked to define their concept of “real-time information.” Seventy-five percent said they’d define real-time information as data from today or older. A little over 1 in 5 said they’d define it as data from the current month.
Just 16 percent of respondents said they’d define real-time information as data from the past few minutes or less.
That distinction is crucial for security leaders, as their security operations centers (SOCs) rely on real-time information as the catalyst for their workflows.
Real-time information allows them to do so in three key ways: protect, anticipate, and communicate.
The primary role of security and risk leaders is to protect their organization’s employees and customers.
By having access to information about relevant events as they happen, SOC teams are able to rapidly assess whether a potential crisis will impact the organization; determine the safety of employees, customers, and assets; and assess whether there will be any enduring impacts to business continuity.
With information that is truly received in real time, the SOC team is able to remain ahead of the event. By the time the information reaches the public domain via traditional channels like media, the team has already identified the risk and cascaded recommendations to stakeholders.
There is a significant premium attached to being able to identify risks and events as soon as possible. Here at Dataminr, real-time alerts are issued in close proximity to the time at which events occur—often within seconds. Receiving such information in real time means SOCs can stay ahead of the event and quickly and effectively protect their people and assets.
Trying to anticipate potential risk is no simple task. If you’re analyzing and gleaning insights from time-expired or irrelevant information, it’s even more difficult. We need technology to do the heavy lifting. Dataminr’s AI platform processes billions of data points each day in real time and extracts the most up-to-date information on high-impact events that are relevant to your business.
Once that information is received by the SOC team, it can do what it does best: identify and minimize the immediate risk to life and property. It can then track events as they unfold, helping to determine how the events might impact business continuity more broadly and return to business as usual as rapidly as possible.
As a result, SOCs can better identify a potential risk at its embryonic stage and before it becomes a full-blown issue or crisis.
Anticipating and protecting against risk are core SOC responsibilities. However, communicating the benefits of real-time information is as important, because it highlights the value of the SOC and allows it to be seen and understood throughout the organization and among key business partners.
For example, at a high-level, explain the use of real-time information to the C-suite, and then demonstrate how it works by flagging emerging, high-impact events. They will then be able to experience firsthand how getting the data in mere seconds affords them the time to make decisions earlier and take action more quickly.
Look to also educate partners, such the supply chain or third-party management teams, on the ways in which real-time information can be used to identify disruptive events in your organization or that of your competitors’.
Clear messaging around how SOCs use real-time information to support the chief information security officer (CISO) is also critical as it helps organizations with separate cyber and physical functions move toward converged security operations.
Al Bowman is an Enterprise Account Manager at Dataminr. Before joining Dataminr, he designed, built and led Deloitte’s Intelligence Services Center in London. Prior to that, he served in the British Army, where his final role was as the Director of the Army’s global risk and intelligence center.