Blue Team and Red Team: Moving Security from Defense to Offense

By Neal Bellamy, IT Director at Kenton Brothers

Often our security systems are in a defensive position. A Video Management System can be used to find out what happened forensically. Our Access Control Systems are used to deny access to sensitive areas or equipment. Gunshot detection systems detect the gunshot after it happens. I don’t mean to say these systems aren’t important. In fact, they’re the foundation that is required. Without these systems, there is no option of doing anything better. However, once you have the foundation, there are ways to move to the offensive position.

Blue Team and Red Team

In IT network security, there are two teams. One is called the Blue Team. The other is called the Red Team.

The Blue team defends the castle. They put systems in to protect the IT infrastructure from someone who would like to steal data or hold data hostage. The attacking team is called the Red team. This team uses any weakness they can find and leverage into a successful attack. I once heard a presenter say the Blue team has to be right every time while the Red team only has to be right once. This is true of physical security also. Typically, the systems have to be right every time.

The main barrier to moving physical security systems from defense to offense is data. You first have to collect enough data to make an informed decision. Then you have to be able to discard the unimportant data while sifting out the relevant bits of information. We as humans are not great at doing either quickly. If you take a moment to really break it down, an investigation is also gathering data and getting to the important bits, but we consider an investigation to be after the fact and slow. What if we could move the investigation to near real-time and much faster? This is where I think physical security is going.

Machine Learning and Artificial Intelligence

Machine Learning (ML) and Artificial Intelligence (AI) will take the task of gathering data and processing it into results from something that happens after the fact to happening in real-time.

Like all new technology, growth starts out small and then builds upon itself until it expands at a dizzying pace. I believe we are just before the explosion of ML and AI in commercial security. We’ve been seeing AI in video surveillance cameras for a few years, but so far, most examples are not actionable. Cameras have been able to detect things like Man, Woman, Shirt, and Pants Color, etc. but unless all the bad guys start wearing red shirts, the data cannot yet lead to action.

However, we are seeing a few examples of AI helping us take action quickly.

New AI applications added to cameras are detecting weapons, both concealed and exposed. AI is also being applied to scanning stations for weapon detection. AI is being connected to the log of the access control system to detect “Unusual” events. While these are isolated to limited detection types, this is only the beginning. Better models will be built. Eventually, AI will be combining data from multiple systems and giving us a more thorough look at our physical security landscape.

Eventually, I think AI will take our systems on the offensive. We will be able to detect weapons at the door and see when someone is using Bob’s credentials across the country from where Bob just scanned in. We’ll see when someone is trying to defeat a reader, etc. I hope that we never hit the “Minority Report” level of technology in commercial security, but somewhere between that futuristic possibility and today would be ideal.

Interested in learning more about all the changes happening in commercial security and how our solutions may benefit your company? Give us a call.