Tony Agresta joined Centrifuge as Vice President of Marketing in June 2008, and has 25 years of experience in the analytics, business intelligence, and database marketing segments for early stage, mid size and large enterprise software companies.

 

Prior to joining Centrifuge, Mr. Agresta was World Wide VP of Product Marketing and Sales Engineering at SPSS, served as Chief Operating Officer for Absolute ROI and DataX, LTD, and was a Senior Director of Product Marketing for Siebel Systems where he arrived after a successful sale of Paragren Technologies to Siebel.

 

The founders of Centrifuge came out of the United States Intelligence Community (IC) where Analysts are charged with identifying relationships, patterns and gaps in the most demanding analytical applications in the world.

 

While other approaches attempt to remove the analyst from the equation through automated analysis algorithms, Centrifuge's approach relies heavily on human judgment, and the key is providing the ability for exploration of the data in an unconstrained way.

We call the approach Interactive Analytics, which results in insights that are often extraordinary.

 

Today, the private sector is adopting business intelligence 2.0 technologies to gain insights into their own businesses. The availability of BI 2.0 with Centrifuge Interactive Analytics could not be timelier for businesses today.

 

With data sources growing exponentially and competitive pressures at an all time high, the need to synthesize and extract meaning is critical to success. Centrifuge provides businesses with the freedom to explore data, uncover new insight and improve decision-making.

 

We appreciate Mr. Agresta taking the time to enlighten the Infosec Island community with his unique insights.

 

Q: How is Business Intelligence evolving today in an era where there's so much data and not enough time to analyze it?

Most organizations are finding that when it comes to business intelligence and data analysis, there is an overwhelming amount of data and shrinking windows of time to produce meaningful analytical results.

 

Complicating this is the fact that many of the existing tools are hard to learn and maintain overtime.   Most require pre-built, underlying data models which drive the pre-built dashboards and metrics.

  

This can be constraining, especially when new data sources are coming on line all the time and, frankly, analysts do not know what questions to ask in advance of the analysis.  If the underlying data models do not answer those questions, analysts are left wanting more.

 

What we have found is that analysts require free-form data exploration to understand patterns and meaning hidden across disparate data sets.  It is usually helpful to have a series of dashboards to start the analysis.

 

But from that point, analysts want to visualize and interact with these dashboards as they look for answers to new questions that simply cannot be resolved using pre-built data models.

 

Part of this process means that new data sources may be brought in, on demand, as the analyst expands the analytical canvass to uncover insights.   It has to be easy for these users to connect to data, explore the data and share insights with other members of the team.

 

Traditionally, this form of analysis falls under the category  of "data visualization."  Today, data visualization technology has evolved and takes on a highly interactive approach driven by powerful functions to explore the data, create new variables, filter the data and render it in different visual forms. Charts tell one part of the story.

 

Maps show the analyst a different picture. Link Analysis to explore case level detail and relationships between people, places, events and other attributes is gaining recognition.  This approach extends beyond traditional data visualization.

 

Q: What is link analysis and how can it be used in Cyber Security and Info Security?

Link analysis is a form of data visualization that literally shows linkages between data.   Most people have seen social network diagrams which show relationships between members of a community.

 

One person may be in my social network but also part of other networks.   Link Analysis graphs can show this.   Here's an example relevant to information security; Network security analysts interested in identifying a data breach where they suspect user names and passwords have been scraped using a common "page-redirect" direct may want to start to visualize recent login traffic.

 

In addition to charting which may summarize the number of times a person logged in and time lines analysis which would show when the logins took place, security analysts will also want to want to see a picture of user names linked to source and destination IP addresses.

 

This might reveal many source IPs hitting one destination IP and coming from more than one organization.   This form of analysis is best done through link analysis diagrams.     

This could lead the analysts to integrate third party data sources that have the source IP address for the computer AND contact information for individuals.   A visualization that shows names for the source IP addresses which DO NOT match the user names for accounts would be considered suspicious.

 

Another example in the banking world would show customers linked to accounts, alerts and loan officers.  This type of link analysis graph could be useful in identifying patterns of fraud.

 

Yet another example could show insurance policyholders linked to claims that they have filed.  The claim information would have addresses and phone numbers which could be linked to historical data files that have "known" problems for specific claims. 

When this appears, new insights have been discovered that traditional business intelligence technologies really cannot uncover.

 

Q: Generally speaking, what is "investigative analysis"?  How can users apply this technology to uncover insights quickly?  

The approach that I am describing has been widely used by the US intelligence community and is often part of intelligence analysis.  Generally speaking, we sometimes refer to it as "investigative analysis" because it can be used by any organization to investigate data.

 

In private sectors, fraud analysis is a very common application for the link diagrams I am describing.  Clearly, this approach applies to cyber and information security.   It can encompass visualizations that show servers being accessed, computer ports, e-mail attachments, people assigned to server networks and  much more.

 

There's no limit in terms of where this can be applied including sales analysis, clinical trials analysis in life sciences, defect analysis in manufacturing and much more.

 

We have found that the optimal way to uncover these insights is by allowing users to "shift their lens."  What do we mean by this?  Every visualization tells a different story.

  

As the analyst uncovers something unusual in  a time line analysis, she may want to look at the a geo-spatial concentration of events so see if these events are confined to a particular area.

 

Or she may want to quantify the magnitude of the problem using charting.  Shifting from one lens (think visualization) to another lens often reveals the unknown.  Analysts can work at the speed of the human mind. This compliments other forms of analytics including predictive analysis designed to forecast behavior.

 

Q: What role does collaboration play in analytics today?

Collaboration is essential since results need to be shared with others.  In doing so, analysts can "force multiply" their efforts.   Let's use the example of someone trying to analyze cyber crime.

 

This illegal activity may be the result of more than one person located in different parts of the world or the county.

 

Collaborative analysis allows investigators to share results quickly and "connect the dots".   Centrifuge supports the ability to securely publish results allowing others to access the analytical assets all from a 100% thin client.  There's no software to install.

 

Q: Clearly, there is a lot of information security technology available today.   How does Centrifuge integrate with this technology?

Centrifuge focuses on interactive data visualization technology.   We have found that many other software companies want to embed what we have to extend their competitive advantage.

 

Since we do not rely on underlying data models and have architected our technology to "plug into" other applications, this approach is common.   Sure, many of our customers use Centrifuge standalone to "connect, explore and share." 

 

Our partners act as resellers as they embed Centrifuge visualization widgets in their applications and platforms.

 

Q: What does the future hold for this technology?  Where is it headed?

Centrifuge is focused on a number of different areas.  Ease of use is paramount for analytics products.  If people can't install and start using the technology right away, they can't uncover meaning in the data.

 

While we feel we have met this challenge, we are always looking for new ways to make our analytics technology more intuitive.  Expanding the types of visualizations is important to our user community since each picture tells a different story. 

 

Ensuring users have powerful "analytical functions" to navigate through data and discern meaning has always been part of our mission.  Since data volumes are growing at a tremendous rate, scaling to handle massive data sets is always at the forefront of our engineering effort. 

 

We will continue to expand our capabilities in link analysis.  Our upcoming Summer release has more link analysis metrics than ever before.  The highly interactive and free form approach to data analysis and visualization is what makes Centrifuge different.  We are keenly focused on these areas.