Extending Elasticsearch for Policing Intelligence

Transcript

1. Extending Elasticsearch for Policing and Intelligence

2. Elastic, at-a-glance

3. Expand beyond search

4. 䡦 Siren delivers an Investigative Intelligence platform for ! Law

   Enforcement & Intelligence ! Financial Crime ! Knowledge Discovery (Life sciences) ! Link analysis for Cyber Security 䡦 Our pedigree ! SIREN = Semantic Information Retrieval Engine ▪ Founded on leading Search and Knowledge Graph R&D ! Intelligence focused investors & board members – Latest to join ex CEO IBM i2 ! Gartner Cool Vendor “Analytics and Data Science” 2020 Siren – About us

5. Fusing: Analytics, Search, Knowledge Graph & Monitoring SIREN
 Investigative Intelligence

   Analytics Big Data Monitoring, Operational Intelligence Alerts Analytics / BI Advanced Link Analysis Search and Data Discovery Combined ability to address: ! Intelligence on big, streaming data (Elasticsearch is key) ▪ Big logs / Cyber ▪ SIGINT/COMINT/Position streams ▪ OSINT (text and multimedia) ! Intelligence on knowledge graphs (datasets that may be static) ▪ People, Companies, Transactions ▪ CSVs, ad hoc data ▪ Web service invocations ▪ Social Network analysis

6. Supercharging Visual Analytics: for investigative intelligence

7. Supercharging Visual Analytics: for investigative intelligence Graph DBs Live lookups

   Stardog Webservices i2 / CSVs / CMSs Connectors Most SQL databases Virtual data warehouses Orchestration: ECE Rollups, index management Elastic ML, Dataframes, Outlier detection. Premium Ingestors, processors Canvas, Siem Embeddable Kibana capabilities Vector search X-Pack Security .. and several more. Elastic Platinum Subscription Siren Investigate Siren Federate Plugin

8. Data model example (financial crime use case)

9. Data model example 2 (vehicle theft/law enforcement use case)

10. Sigint/Comint training environment

11. Sigint/Comint training environment

12. 䡦 Interactive visualization of NLP annotations and tags 䡦 Improved

    Topic clustering 䡦 Ability to revise wrong NLP tagging 䡦 (tentatively) Simplified activation of NLP on ingestion 䡦 “Battle” tested on 800M docs/m OSINT environment (with NLP)

13. Cyber Environment (ECS + MITRE + STIX2 ontologies)

14. Siren and “Search”: a simple “search all” inside Siren

15. Clustering: interactive record clustering in Siren 10.3

16. Siren and “Search”: Topic Clustering (new!)

17. 䡦 AI to recognize that: ! 2 or more records

    might be referring to the same real world entity ! ..but also recognizing “not the same but significantly related” 䡦 Done right: it’s a proper “data superpower” ! Financial Fraud, Compliance, Know Your Customers, Law Enforcement, Intelligence, Competitive Intelligence, … ! Imagine: drop a new CSV, instantly see anything connected What is Entity Resolution (ER)?

18. 䡦 Siren ER ! Matches across ▪ data sources ▪

    schemas ▪ languages (transliteration) ▪ cultural conventions ! Real time, incremental ! Non monotonic: it can revise old assertions based on knew knowledge. ! Powered by Senzing, wrapped by Siren in a high concurrency, scalable, dockerized API Selected use cases: Associative search/Entity Resolution

19. An ER Example

20. Siren ER “in slow motion”
 Watch our video on ER:

    HTTPS://WWW.YOUTUBE.COM/WATCH?V=-HSR2BNXR7C

21. Detection Requires “Channel Consolidation”
 Entity Resolution Entity-centric Learning Money Launderer

    Employment Application External Counterparty KYC Onboarding Open Account Bob Jones 123 Main Street 702.919.1600 [email protected] Bob Smith 1515 Adela Lane DOB: 11/12/1978 1.703.554.1214 Bob R. Smith AKA Bobby Jones DOB: 12/11/1978 [email protected] Bobby Randal Smith 1515 Adela Lane 3232100123991123 Robert Smith 123 Main Street DOB: 12/11/1978 702.919.1600 703.554.1214

22. In Siren On dashboards On graph

23. An ER Example

24. Broaden your Elastic experience https://www.elastic.co/training https://community.elastic.co/government-and-education/ Contact us: [email protected] https://www.elastic.co/cloud/

25. Thank you