Cognyte I Actionable Intelligence for a Safer World 10 FRAGMENTATION TREND 2: DATA IS GROWING RAPIDLY AND IS HIGHLY FRAGMENTED, MAKING IT HARDER TO CONNECT THE DOTS TERROR ATTACK IN VIENNA, AUSTRIA In the aftermath of the deadly November 2020 terror attack in Vienna, Austria, it was discovered that the Austrian police had received information from their Slovakian counterparts that the attacker, Kujtim Fejzulai, had attempted to purchase AK-47 ammunition. In addition, the car he traveled in was registered under the name of a known Islamist extremist’s mother. 13 If fused and analyzed effectively, these two pieces of information, along with Fejzulai’s previous arrest for affiliating with a terror organization after he attempted to cross into Syria from Turkey, should have raised a red flag prior to the attack. ILLUSTRATING WHAT HAPPENS WHEN THE DOTS ARE NOT CONNECTED IN TIME Compounding the previous issues, when data is siloed (i.e., stored across disconnected systems, within and outside of the organization), it becomes almost impossible to apply analytics on a large scale due to the work required to integrate, fuse, and analyze data manually. And even if all data has been gathered into one data lake, and is no longer siloed, the organization’s security teams often lack the right tools and knowledge to connect the diverse types of data into one unified data layer and to extract meaningful insights. As a result, they are often dependent on small teams of data scientists - who end up being the bottleneck in the process. Without the proper solutions, organizations cannot fuse and analyze siloed and diverse data. This prevents them from generating high-value and actionable insights, effectively detecting threats ahead of time, and making optimal decisions. SITUATIONAL INTELLIGENCE Physical security SOC teams typically have a siloed and incomplete situational awareness view. While they may have hundreds or thousands of security cameras, typically the cameras are feeding into separate, siloed systems. And none of these cameras are necessarily connected to door keypads, fire alarms, etc. Imagine someone carrying a suspicious package into a shopping mall - today, the onsite security team is left to guess whether that person is where they should be, whether the package poses a threat, whether the person is a known criminal, and what they intend to do. An investigative analytics platform should connect data from all cameras, door alarms, keypads, license plate readers, facial recognition tools, and various databases to help quickly identify the person as a serious threat and get the right responder to the location, thereby preventing an attack or other serious incident.