For over 25 years, Haystax has been the provider of world-class commercial software products for direct use by individuals in the agencies charged with protecting our communities, cities, and country. Thus, our product is one of the most widely deployed risk management software solutions, used by school, law enforcement, fire, emergency management, and other government agencies across the United States.

Image module

Haystax for School Safety

Haystax meets the constantly evolving challenges of providing safe learning environments for students, faculty, staff, and local security partners by integrating all vital incident and school facility information into a single, online platform.  Physical assessments and behavioral assessments along with the ability to report and monitor incidents on or near campus are hallmarks of Haystax for School Safety.  Know your threats sooner, respond faster, and effectively coordinate actions for all stakeholders.

Image module

Haystax for Public Safety

Law enforcement professionals are called upon daily to perform a broad range of tasks—from routine patrols, intelligence gathering and investigations to major crime and incident responses. Their challenge is to ensure public safety despite incomplete intelligence, limited cross-jurisdictional information sharing, and tight budgets. Haystax helps law enforcement agencies prepare for and respond to any crisis with a dynamic picture of emerging threats, rapid  intelligence-collection and incident-reporting tools, and a seamlessly integrated user environment that  ensures maximum collaboration and analytically sound command decisions for rapid response.

Image module

Haystax for Enterprise Security

Haystax has developed a suite of applications designed specifically to help corporate security decision-makers and analysts navigate this challenging environment. Haystax alerts corporate leaders to their most likely threats and natural hazards, provides critical security and operational information about each physical facility, regardless of its size or geographic location, and allows risk managers to identify and mitigate their biggest vulnerabilities. Moreover, the Haystax platform enables security teams to manage incidents and major events—from the ops center or out in the field.

Equipped with these insights, CSOs can better anticipate their risks, communicate with leadership and limit their company’s exposure to financial, legal and reputational liabilities.

PrevHaystax Product Update: Improving Assessment Functionality, User Workflows20 December 2017NextInsider threatsMitigating Insider Threats Using Bayesian Models08 January 2018

Machine Learning: Expertise vs. Coverage

December 26, 2017

Critics of machine learning (ML) often point out that it can’t come close to emulating a subject-matter expert working at his or her maximum potential. Sure, ML powers our smart phones, determines which advertisements we view and soon will dominate the automobile industry through self-driving cars, but in a straight-ahead analytics competition where judgment and wisdom are required, the experienced human will always produce higher-caliber analysis than the algorithm.

However, such criticisms miss the point, says Daniel Miessler, an information-security professional and writer. Miessler writes in a recent blog post that the true value of ML to analysts and decision-makers in mission-critical security tasks is its ability to scale far beyond the capacity of a single expert, or even a roomful of them. And with most organizations very short on in-house analytical expertise, this is a major advantage.

“Humans being better than machines at a particular task is irrelevant when there aren’t enough humans to do the work,” Miessler notes. He estimates that perhaps 5% of companies analyze anywhere from 50-85% of the data they have available, while 90% “probably have human security analyst ratios that only allow 5-25% coverage of what they wish they were seeing and evaluating,” and the lowest percentile are looking at less than 1%, “likely because they don’t have any security analysts at all.”

We’ve often written in blogs and white papers about the ‘data paradox.’ This is the problem of having oceans of available data (which is growing exponentially every day) that is supposed to give organizations a much richer set of actionable intelligence, but which in fact merely overwhelms them with lots of noise while critical signals remain buried. The more data rolls in, the more the organization is overwhelmed and the less secure it becomes.

Enter ML, with its litany of advantages. As per Miessler:

  • “Machines operate 24/7 with no deviation in quality over time, because they don’t get tired.”
  • “It’s much easier to train algorithms than humans, and then roll out that change to the entire environment.”
  • “Even if you could train enough humans to do this work, the training would be highly inconsistent due to different life experience and constant churn in the workforce.”

Miessler highlights an important expectations gap in ML that causes critics to miss its true value: that of being able to operate at scale — in other words at a volume and velocity of incoming data that no human analyst, however highly experienced, could sustain for very long. It’s an advantage he calls ‘Superior Coverage,’ and he sums it up this way: “When you hear someone dismissing Machine Learning by saying humans are better, ask yourself what percentage of the data in question a potential human workforce can realistically evaluate.”

But what about that human expertise? Can that, too, be scaled? At Haystax Technology we believe the answer is yes. Before analyzing any data, we first build probabilistic models called Bayesian inference networks, which encode subjective human judgment and experience to help solve many complex problems facing security professionals today. Only then do we identify a diverse array of data sets to run through the models to prioritize risks. We call this technique ‘model first.’

Since machine-learning and rules-based systems excel at finding anomalies we use them for that exact purpose, for example flagging anomalous printer events, odd badge-in/badge-out times or the presence of an employee at an unusual location. Instead of feeding anomalies to an analyst, however, they are applied to the model, which performs the analysis. And because that model already has encoded within its nodes the inherent knowledge and judgment of those very analysts, it frees them to focus on what’s important, and to operate at a scale and speed that would be unachievable were there no model performing the analysis and prioritization for them.

As a result, our Haystax user behavior analytics (UBA) solution eases the alert overload that afflicts security analysts by eliminating many of the false positives generated by ML-based systems, and providing decision-makers with prioritized alerts of their biggest risks.

Miessler goes on to suggest that machine learning algorithms may eventually become better than human experts at analyzing complex problems, not just providing superior coverage. Perhaps, but until that time we will continue to rely on Bayesian modeling to do the heavy analytical lifting in such complex missions as detecting and preventing insider threats, financial fraud and other rare but high-consequence events.

Related posts