top of page
Jigsaw Development Team

Virtual Fusion Centers with Jigsaw Software


Over the last 9 years our company has worked to build out fusion capabilities for Government to include work on the DCGS-A program, NIH and private companies wishing to bring all of their security and intelligence data into a single platform. We have brought fusion capabilities to both Apache Hadoop and Elasticsearch through complete frameworks deployments. One of our lessons learned is that not all customer may need a full fusion center capability and in some cases just using the Jigsaw Security Cloud Environment is more than adequate for their needs.

Our new approach of providing data service and dashboard capabilities is working well for most clients that previously were full platform customers. The new approach where sensors and products just write their data into our cloud platform allows us to marry our threat intelligence data to the things happening in customers networks, providing the same cyber security and anti-terrorist capabilities in a lightweight offering.

With the new approach you get all of the same features as our previous platform products but now you can do more because our cloud deployment has years worth of reference data that can help our customers make sense of streaming data such as terrorist activity on Facebook and Twitter. Another benefit is that we only have to maintain one copy of Twitter of Facebooks data instead of replicating our environment out to our customers. Now don't get us wrong this same capability is available to any customer needing a copy of every Twitter message, Facebook post or Pastebin post, but it is no longer necessary to have multiple copies of these data sources in multiple cloud deployments.

Finding Terrorist Activity in Twitter Streams

Finding Potential Terrorist Activity in Twitter Streaming Data

So one of the most common questions we get are what can you do in the fusion platform? The biggest benefit as we see it is that one analyst can narrow down millions of pieces of information into smaller areas of interest based on text, keyword or activity type mappings in the platform. Using watch list (list of terms of interest) allows the platform to watch streaming data and alert you to things or situations that are of interest to the fusion analyst. For instance if the number of occurrences of the word bomb and Jihad increase between a certain group of Twitter users may be an indication of an upcoming attack, or it may be talk of a recently occurring terrorist event that may allow the analyst to determine who is responsible for this type of activity (as an example). It should be noted that the software stack we use is not language or character set dependent, allowing for monitoring of any language or encoding scheme used on various social media and web based platform.

Licensing vs. On Premise Deployment

Those customer wishing to just license a solution without having to pay for costly support can now get access to our fusion platform and intelligence data. This allows many sources to be ingested and used by any number of end users. The ingest once and use many times model works well allowing teams with different goals (law enforcement, Government, private sector for example) to leverage the data sources we have without having to perform the ETL process in their own deployments. By licensing our solution you can benefit from the same data Jigsaw Security analyst use to perform cyber security functions for other uses such as locating malicious activity on social media, finding terror coordination events and planning or locating proprietary data theft on the dark web. Licensing is a much more cost effective way to access our data sets in our cloud environment.

About the Data

Currently Jigsaw Security has many data sets ingested into our cloud instance. That does not mean that if a data set is not currently there that we can't ingest the data set for you. Even ingesting every single Tweet only uses 1-2% of our ingest capacity and Twitter is huge. The fact that we have a cloud based ingest means that if we do near capacity we can just add more nodes to our clusters. Customers wishing to have large amounts of data can simply pay for a few nodes on our cluster and then we can add additional content that you find useful. For instance if your working on Amazon AWS and need more capacity you can spin up need EC2 instances, you can spin on nodes on our cluster and then we will support adding additional sources of interest to you on your nodes but also will make the data sets available to others interested in similar or the same data. It's a win/win for data scientist and our analyst love data to the more data the merrier.

Currently Jigsaw Security ingest every single Twitter message, pastebin file, Facebook post and Darkweb content that we have access to every single day. While normally it would be a huge undertaking to have complete copies of these environments in a data center, our software makes it easy and manageable.

44 views0 comments
bottom of page