Identifying Potential Security Access Violations

A company providing secure access control and monitoring systems to large corporations throughout the world. As an innovator in the industry, our client sought a solution that could, in real-time, identify anomalous access events and flag security policy violations without the need to create hard-coded rules.

Every day, millions of people use their security access cards to access secure offices, equipment and computers. Existing incident management platforms use hard-coded business rules to identify potential security access violations. As a result, these approaches are entirely dependent on an operator’s ability to anticipate and account for all scenarios representing secure access violations.

Through discovery sessions with our client, we determined that secure access violations were identifiable only after an incident management team created a corresponding rule. While the rules-based engine successfully identified predefined violations, keeping up with the ever-growing possible violations and scaling the rules engine was nearly impossible and often a reactive process (incident gets caught, then rule generated).

We developed a neural network to understand the irregular nature of access violations through statistical analysis of the existing data in combination with the already defined rules. The resulting semi-supervised model learned about authorized access requests and possible violations without the ongoing need to create more rules.

We developed an advanced neural model capable of learning patterns in irregular time-series in a semi-supervised manner. We employed a recently published method known as “Neural Ordinary Differential Equations” within an RNN that was able to identify approximately 13% more anomalous security access swipes than all of the previously coded heuristics developed by our client.

Our solution significantly reduced the need to update access violation rules and allowed our client to free up their incident management team’s resources. In addition, we were able to surface 13% more possible access violations, providing our client with a distinct competitive advantage over alternatives deploying industry-standard technologies.