TDI brings a deeply experienced perspective to cyber analytics. Our aim is not to drive the voluminous collection of big data – instead we will help you make sense of the data you have.
TDI employs a multidisciplinary approach to cyber analytics – cybersecurity data collection and analysis – providing a major component of: Computer Network Defense, Insider Threat Protection, Continuous Diagnostics & Mitigation (CDM), Security Operations, Managed Security, Secure Cloud Computing, Secure Mobile Computing, Critical Infrastructure & Industrial Control System Security, Application Security, and IoT Security.
We bring two decades of experience to the process of extracting actionable information and forecasting from raw data, where the data is often incomplete, represented in various formats, and resides in a multitude of heterogeneous sources. TDI can also evaluate your existing data collection and analysis activities for feasibility and introduce other effective components of Business Intelligence (BI) – to include heuristic reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, and prescriptive analytics. This rich arsenal of techniques guarantees we will be able to select the optimal technological or manual methods for execution of cybersecurity analytical tasks, with the ultimate goal of cutting the cost of managing your IT assets under the constraint of also reducing risk to those assets, other fixed assets and your people.
TDI Cyber Analytics Process in Practice
TDI applies data and statistical analysis processes and techniques to our clients’ critical data components. In a theoretical example of an organization that manages vessels at sea, these might include ship movements; cargo identification, vessel route and internal feature characteristics, force protection teams deployed or en route, vessel crew background investigation and processing, vessel fuel consumption, maintenance and repair compliance, and safety incidents including safety breach and personnel safety and health.
Some of our more notable cyber analytics projects were at USAC, The Smithsonian Institution, Ithaca, Monster, and the International Monetary Fund.
In this example, we will use our experience and technical arsenal to execute the following five task areas, while adding additional BI processes and techniques when feasible:
1.Data CollectionWithout quality data, no algorithm or manual process can deliver actionable and reliable results. Thus, data collection and processing is a critical first step in the process. The popular expression "garbage in, garbage out" is highly applicable to statistical analysis projects. Data-gathering techniques are often poorly executed, resulting in out-of-range values (e.g., Income: −100), conflicting data field combinations (e.g., Active Personnel: Yes, Retired: Yes), missing field values, etc. Analyzing data sets that have not been carefully examined for such issues can produce misleading or even outright erroneous results. Thus, the storage, representation and overall quality of data are of utmost importance before getting to the data analysis task. Understanding that our customers have historical data stored in a variety of formats (e.g., MS Access, MS Excel), we will employ data preparation and filtering techniques to correct unnecessary and redundant information in the data sources. TDI will employ data preprocessing techniques including cleaning, normalization, transformation, feature extraction and selection, etc. using your preferred software tools to retrieve the data. The result of data preprocessing is the final data set suitable for data analysis and data forecasting and a unified, authoritative data source that can be relied upon for deriving statistical conclusions. We have performed data collection and processing for a number of high profile clients including the U.S. Department of Commerce and the U.S. Department of Justice.
2.Data AnalysisTDI will employ standard data analysis techniques that extract current information from the unified data source developed in the previous step. The information derived focuses mainly on “what is the case” or “what has been the case” questions applied to any variable of interest such as – in our current example - ship routes, cargo types, personnel status, fuel schedule, etc. We will also develop models that best fit available data and use them to compile aggregate trends by any variable of interest to you. The information gathered through data analysis will give you an insight into whether the processes followed so far have been efficient, as well as provide a trending curve that suggests next steps. Using feedback and direction from you, we will continuously tweak the models until they incorporate all and only the variables that produce consistent results and optimization for maximum recall and precision.
3.Data Forecasting / Predictive AnalyticsTDI will next implement a robust predictive analytics program based on the sound foundations already laid out. Our statistical analysis focuses on extracting information from historic data and uses it to predict trends and behavior patterns. Typically, the unknown event of interest is in the future, but our predictive analytics can be applied to any type of unknown variable regardless if it is in the past, present or future. The gist of TDI’s predictive analytics relies on identifying relationships between explanatory variables and the forecasted variables from past events while exploiting them to predict the unknown outcome or trend. There are three main types of predictive analytics – predictive models, descriptive models, and decision models and TDI will focus on the decision models that correspond best to your environment and requirements.
4.Data PresentationThere are a number of techniques TDI can employ to make the results of our statistical analysis clear, concise, communicable, and controllable. The presented results will be structured in such a manner that they can be easily tailored and interpreted by various levels of your organization’s leadership. TDI will develop a presentation approach that allows for the configuring of the data presentation into formats aimed specifically to various target audiences. Based on our experience, our presentations will focus heavily on graphical data representation. As we have learned in supporting other customers with our BI solutions, there is significantly less variability in how people perceive a picture>graphic than in how they perceive a word. Our staff is composed of experts in both developing the presentations themselves, as well as deploying technologies that control the dissemination of and access to said presentations. We are confident that our approach will not only save money but will enhance the effectiveness of data presentations.
5.Data TrackingTDI understands that in a fast-paced, diverse and ever-changing environment like yours the data about the activities of your organization will always change with time. As such, the processes of data analytics and statistical analysis will be affected and will need to be adjusted accordingly. TDI will deploy a proactive data tracking mechanism consisting of both automated tools and personal interactions that will continuously examine the data sources for change in the type, dimensions, quality, format, or availability of the data. Every time a change is detected, our process will work to inform the proper stakeholders and present an impact briefing together with viable options for responding to the change. We can work closely with you to review and reconcile the available options and will provide action items for incorporating the change in the existing BI process. The results of the data tracking process will feed back into the data collection and processing process to form a full BI cycle, where feedback from your stakeholders are incorporated at every level. The process of data tracking as a standalone task is present in our client environments employing BI programs. As such, TDI has extensive experience implementing data tracking processes spanning a diverse set of customer requirements. These requirements include data tracking for: network security purposes, IT inventory purposes, HR purposes, financial and accounting purposes, R&D purposes, etc.