20:55 Video

Analytics and AI for Video Surveillance

Video surveillance is no longer just for security. It is a tool that can be used to modernize and streamline your operations. However, it requires the “total picture,” a large part of which is analytics! Whether that takes place on your real-time video feeds or is used to gain insights from petabytes of archived video, we can help!
Click to View Transcript
Mm Hello Everyone and Welcome to Pure Storage Accelerator Tech Fest 2022. My name is Seth kindly one of the principal data architects for U. S. Public sector and I'm here to speak with you about analytics and artificial intelligence for video surveillance with unified fast file and
object storage. To start this, we need to recap some of the challenges that are requiring advanced analytics and automation within the security sweep The first is real time threat detection. An organization has to have the ability to query and perform statistical analysis on constantly updating log data or surveillance data in real time or near real time in order to
meet the agreement of their M. T. T. D. And their M. T. T. Are the mean time to detection in the mean time to recovery from security incidents, heavy automation and the ability to reduce alert fatigue are completely necessary to keep your sec ops team working productively. So real time threat detection could be
incidents response automation of that response. So if somebody is where they shouldn't be then we do something And in having the ability to reduce fatigue from false positives or data that's just noise in the stream. The second is threat analysis and simply detecting and blocking malicious activity is no longer enough to adequately protect an organization in order to respond to the more
sophisticated attacks that are coming out almost daily. It's often necessary to conduct historical analysis of the things that you've just had because you had to archive. We have to keep this for evidentiary. We've got to keep this for seven years and then we never pay attention to it.
That is a relative gold mine of potential data to learn from and to use when assessing advanced persistent threats or a PTS and gathering threat intelligence things that seemed potentially inane and random over time can paint a much bigger picture. A puzzle gets put together piece by piece and sometimes you don't know what the puzzle is
until the last piece goes in. But if you're paying attention to every piece you're going to get the picture before it's built. And then finally advanced analytics. New algorithms can help to address intent as well as anomalous activity. We're taking the ability to really glean what people intended to do
by what they've done historically. So as attacks get more sophisticated I. T. Organizations are also turning two more advanced techniques to defend against the newest threat. This includes advanced analytics and then things like you be a user behavior analytics and U. E. B. A user entity behavior analytics.
Where if it's not a person but it's a process controlled by a person. Is it still acting the same? What comes next is a very stringent set of requirements for data. How do your log analytics and your VMS data platforms address these requirements today security analytics often present challenging requirements, collecting,
delivering, analyzing and storing all of this data is becoming harder and harder as higher definition cameras come out as streams become more High definition in real time and recordings go from a series of seconds to 24 7365. The ability to respond to threats as they occur may be hidden and a stack of needles and you're searching for a needle effective correlation and threat analysis analysis require a thorough
data capture from across the digital environment and the ability to maintain a rich historical indexed searchable data set. Data systems must also be resilient in the face of increasing data in a constantly changing landscape. Data is not getting smaller time to results are not getting longer. Everybody's impatient.
We need to have the answer now in the data sets have grown exponentially in size, orders of magnitude more than they were even a year ago. So with that real time threat detection, real time threat detection can be distilled down into a consistent search and query performance set. We know that the dataset is large. We need to be able to search it in real time or
near real time and we need to have a reproducible performance metric. How do we do that Now? That has been the question for some time you need to be able to ingest data rapidly as sensors get better as they become more in number. The data pipeline of them uploading to a system also increases and then you need the ability
to make an agile pipeline for data in motion. Next we have historical context. So in addition to that real time processing and real time analysis you have to have access to the volumes of historical data to extend key security capabilities and surveillance capabilities and apply advanced techniques such as anomaly detection and you be a U E B a like we talked about before,
easy retrieval of historical data and longer term analysis for advanced persistent threats to identify the potential origins of unauthorized, potentially undetected access to your intellectual property and to what allows you to sell what you're doing. This of course also applies to things like P II and P H I as well as sock information if you're in financials.
It also simplifies forensic analysis and evidentiary gatherings in the unfortunate event that you discover an attack or a breach. Finally, management simplicity, everything that pure has done has been predicated on simplicity, effective capacity planning, easy installation and operations adapting to changing data profiles. The storage should be able to do this real time
without the interaction of an administrator or people having to constantly tune it for it to keep up video surveillance, video surveillance has become so commonplace across all of the different be us that we see it weekly if not daily and video surveillance is predicated on a couple of different pillars detecting, evaluating and reacting most times these are all driven by humans.
A human sitting in a console detects something that is anomalous. They have to evaluate it. This takes place real time in their head that somebody should not be there or something is amiss and then they trigger a reaction and most times that reaction includes other people or a process. So to detect, evaluate and react is something that is not always real time common
uses for security analytics and security operations in public sector, retail and financial or below public sector may use it for something like site security, assessing the number of people that go through a certain gait. They can use that information in the analytical pipeline to know when that gate has to be serviced. So they're building services is becoming more
efficient because they're trending who goes through a gate and how often they may be doing it for evidentiary attention When somebody says, Hey on May 13 2021, a year ago, how many people went through this gate has it changed? Year over years, there's still a popular gate and then finally things like public and traffic safety, How many people go through the north texas tollway?
How many people run a toll booth? These are the things that we glean through surveillance, whether it be sensor, whether it be magnetic strips or camera. Now, if we move into retail, retail typically uses this for loss prevention, we want to have cameras to ensure that if somebody steals,
we hopefully we're able to get a picture of their face, but facial recognition without an analytical pipeline means next to nothing. Maybe we didn't get their face, but we got a look at their tattoos and we can reference their tattoos with the database of other tattoos and try and ascertain who they were. You can also use this for product placement, it doesn't always have to be negative,
we're not trying to fix things that are broken, maybe we just want to know how to sell better. So if you have surveillance over what products at the front of the store are moving better than products, say the back of the store, you can move things around to better fit your sales model. And then of course secure delivery right now with the supply chain being what it is getting
product in stock to resell is important. So you want to ensure that you're secure, your deliveries are secure rather now financial services, this is one that is somewhat in line with public sector, but wholly different financial services will use surveillance for remote monitoring that could be a point of sale device or an A. T. M. For instance, and what they're looking for
there is, does this location necessitate having this device, Is it patronized enough that we should keep it there, Is it safe enough that people will use it after the sun goes down. This is where you get inference and you can actually glean intent from what you're seeing that already took place, of course it can be used for fraud prevention, right?
We know there's a picture of this person on their credit card. The camera on the point of sale device looks nothing like what that person should look like. Maybe they're card was stolen. Now let's trend it against their acquisitions over time and say that they went to Starbucks every morning. But now they're going to Duncan and that seems uh antithetical to their sort of personality.
Maybe we can flag that and then once again secure delivery. Eight teams have to be offloaded, money has to be moved. There are things that go in and out of financial services and they need to be secure with all that said, The big question is is your data storage ready? Do you know if it's ready? Can you say unequivocally that it is or isn't
is your security operations team meeting your video requirements today? Most places I can't give a straight answer on that because it changes so frequently and it only changes after something happens. Unfortunately, it is reactive and not proactive and things tend to change after a negative event. Mm hmm.
So we're back to real time processing. Real time processing will give you the ability to hunt and seek. Hunt and seek are synonymous with querying. And then looking to see if it happened again. Can we quantify, Can we qualify what's going on when you hunt and when you seek that has to be put into an
analytical pipeline. Humans cannot go over thousands of hours of footage and make a correlation between the two. So we put that into a pipeline to work for us and then finally image or sequential recognition like I spoke about earlier, Did we recognize a person by face? Did we recognize them by tattoo? How do we differentiate between a dog and a bear?
A dog at somebody's backyard? In somebody's backyard is not as worrisome as a bear. So we want to know the difference now when it comes to archives and compliance, the retention of the data. If you have Adidas models model, you built out of BMS cluster,
Each VM S node has 96 terabytes of direct attached storage. Is that enough with everything that you have to record? Will that be enough in perpetuity? What happens when you run out but you're not compute constrained? You have to buy another server that will then be underutilized and will add to the power draw,
the cooling draw and the Rackspace in a data center. That doesn't seem very beneficial for anybody involved. So is the deed as model gonna work even if it works today will work a year from now. Do you have evidentiary or long term retention and do you want that long term retention to still be something that you can go back and seek, you can go back in query it and get
responses that are going to be amenable to a person right? We've had plenty of people that have to pull the tape spin the tape? Hope the tape isn't bad and they tell you you'll get your answer in three days. Well what if I told you, you could get your answer in three seconds? That's advantageous with that.
If you don't have a system in place, how do you meet your sls? These questions are not rhetorical. You have to actually ask and expect an answer and somewhat push to get the answer because a lot of times people don't think about it until like I said, something has gone wrong. Once again, management simplicity, we're going to tell you that it's simple.
We're going to tell you that we told you that it's simple. And then we're going to tell you again whether we have hundreds of data sources. Hundreds of VM cluster. V mFS clusters. Excuse me. VMS clusters. Too many acronyms sound the same where you have hot spotting and over provision or under
provision silos. How are you going to look at all of that and assess whether or not you're using your investment appropriately. That was a lot of information. And now we're going to get into deploying security analytics applications with pure. Now this could be video surveillance. That's what we're going to start with VMS video
management systems. The big ones are Genentech milestone and Darryl O N S S I a vigilante. There's a number of them but we're going to focus on the big three that we are testing or have already tested. So disaggregated storage for faster search and simplified data pipelines are disaggregated
scale out architecture helps with high speed ingest to rapidly bring in new data. So we've got new data sources on the left files, network events, applications, operating systems, sensors in this case, sensors are synonymous with cameras. How do we help consolidate what used to be tiered and provide a more consistent experience,
searching large amounts of historical data in real time and looking at those real time threats and reacting without a lack. What we see here is that historically it was disaggregated. We've got a legacy Daz approach where there are servers and a database behind the scenes it could be elastic, it could be Splunk, it could be a combination and then we've got a data lake
historically H D F s with its triple mirroring was what was used. And then on the other side we've got spark in production and we're going to try and take all of these things together and get an end product out of it. Now with the disaggregated approach with unified fast file and object, you could have one flash blade servicing your production elastic,
your per your sandbox elastic and spark simultaneously. You can also add new clusters and applications and once you've landed say that it was physical security and we're looking solely at camera ingest. Well maybe now you can look at cybersecurity and you could turn that into packet capture, you can turn that into information assurance. You could go to I.
T. Operations or business analytics and help them discover that the physical layout of their store wasn't leading to the sales that they wanted. That's a business analytical use case that you get from surveilling people interacting over time and then finally things like application search. Okay so VMS isn't just necessarily streaming
surveillance, it's also VMS logs. What took place? How many hits did we get? How much did we record? Why were the cameras triggered so much in the use case? Excuse me, is the same where we have this deed as architecture or Daz architecture and we have to add capacity. Capacity comes with compute and networking we
don't always need that we have to rebalance out the hot spots because one server was completely overloaded so what do we do? We turn into burning our nights and our weekends and missing you know soccer practices and swim meet because we're rebalancing Adidas hot spotted silo. Well if you scale your storage and compute independently through you ffo what you'll see
is that you add servers dynamically over time when your compute constrained and you add blades to the flash blade environment so that you add capacity, there's no data movement, there's no rebalancing and you get your nights and weekends back now. Classical Splunk it looks like VMS and it may be part of it.
There are plenty of people that have rolled in surveillance into their Splunk environment because they don't have a large enough infrastructure to have dedicated VMS. So we still have files, network events, applications, operating systems and sensors. Once again synonymous with cameras and we have this tiered approach in the middle, we have hot buckets, we have warm buckets, we have tepid buckets,
then they're cold, then they're frozen. All of those are complexities that aren't necessarily needed. If you have a platform that's capable of meeting all the different sls without moving the data that becomes advantageous and in classic spunk you could do that with flash blade, it could be an NFS target hot, warm tepid cold and frozen could all be sort of the
same depending on the sizing and we read we welcome you reaching out to our Splunk resources to figure that out. Same thing applies where if you land for one approach, you can take it to the next level. Now Splunk smart store, bringing more data and more decisions in and doing it faster. In this case there's the idea of cashing in and cashing can be on an index server on S S D s or
flash array for instance. And then warm tepid cold frozen, all of those buckets could become a singular bucket on flash blade, you ffo warm buckets forever. You're limited by the size of the contiguous name space, which in this case is much more than most VMS solutions, you get rid of the idea of having to have cold buckets because everything is that same
performance here and then you can still archive out to tape disk or cloud now within elastic disaggregated storage. Once again is advantageous. You saw this earlier where we've got elastic elastic experimentation or sandbox, we've got h D f s, we've got spark involved and it's the exact same approach. This aggregation is the way to go. Now. I know that there was a lot of information and
not a lot of time. So if you have further questions, you can look at the data storage foundation for security analytics, the UFO page or go kick the tires on an actual test flash blade. Thank you all for your time and I hope you enjoy the rest of Tech Summit 2022.
  • Artificial Intelligence
  • Video
  • Data Analytics
  • Pure//Accelerate

View All Pure//Accelerate Sessions On Demand

Watch Now
Continue Watching
We hope you found this preview valuable. To continue watching this video please provide your information below.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Meet with an Expert

Let’s talk. Book a 1:1 meeting with one of our experts to discuss your specific needs.

Questions, Comments?

Have a question or comment about Pure products or certifications?  We’re here to help.

Schedule a Demo

Schedule a live demo and see for yourself how Pure can help transform your data into powerful outcomes. 

Call us: 833-371-7873



Pure Storage HQ

650 Castro St #400

Mountain View, CA 94041

800-379-7873 (general info)


Your Browser Is No Longer Supported!

Older browsers often represent security risks. In order to deliver the best possible experience when using our site, please update to any of these latest browsers.