Case studies - Dataminr Flashcards
Shooting at YouTube Headquarters
CASE 1: Shooting at YouTube Headquarters
On April 3, 2018, an active shooter opened fire on three people at YouTube’s California headquarters before taking her own life. Dataminr quickly detected eyewitness reports of the incident posted to social media and notified corporate security clients, providing early awareness of the event and details from those on the ground. Dataminr’s first alert preceded major news reports by 11 minutes.
25/03/24
CASE 2: Dataminr delivered the earliest alert on COVID-19
In late 2019, an outbreak of respiratory disease caused by a novel (new) coronavirus—now known as COVID-19—simmered for weeks in Wuhan, China before claiming its first victim on January 10, 2020. Dataminr first detected the outbreak of COVID-19 within public social media posts at 9:11 a.m. EST on Dec 30, 2019, providing clients with the earliest warning in advance of the U.S. government’s announcement 7 days later.
CASE 3: Major Hollywood Studio
Hollywood film studios face a dynamic and ever-changing security risk profile. Security teams are tasked with protecting the studio’s permanent offices and film lots, temporary filming locations, traveling executives and employees—plus the hundreds of temporary workers and A-list celebrities working on active film shoots.
Consider the April 2017 terrorist attack in Paris, where a gunman opened fire on a police officer and fled on foot.
Just 1,000 yards away, the security team on the set of a major motion picture had to make a decision—should they shut down the set and evacuate the crew and actors?
In those early seconds, information on the ground was frustratingly scarce. Was that sound gunfire or fireworks? If it was gunfire, is the threat still active? Where did the event happen?
But the security team working in Paris that night wasn’t alone. Analysts at the film studio’s global security operations center (GSOC), some 9,000 miles away in California, picked up the phone to give the Paris team the information they needed at that moment: There’s been a suspected terrorist attack at the Champs-Élysées. You need to evacuate to a safe location; we’ll update you with new information as it comes in.
This exchange, which happened within seconds of the initial gunshots, was made possible by Dataminr, which uses artificial intelligence to alert companies to unexpected risks happening in real time.
“Dataminr has been amazing in getting those alerts 20 minutes before another platform would send something in, or 20 minutes before you’d hear about it on the local news,” said the studio’s Vice President of Global Threat and Emergency Management. “Dataminr has been our eyes and ears around the globe, alerting us to events that could potentially impact our assets.”
The studio’s GSOC serves as the real-time information hub for not only the studio itself, but also its parent company, a multinational mass media conglomerate. Every day, the studio’s GSOC team watches over hundreds of assets in the center’s physical security information management (PSIM) system: The company’s permanent offices and film lots, temporary filming locations, traveling executives and employees.
Dataminr forms an important cornerstone of the studio’s GSOC, delivering a feed of crisp, actionable alerts about emerging risks across the globe. Analysts inside the GSOC make decisions based on the information flowing into the center—should we notify people working nearby? Should we notify our leadership team? Should we escalate to the crisis response team?
In rare cases of immediate threats to health and safety, the studio’s GSOC will recommend shutting down a film shoot, evacuating an office, or telling people to shelter in place.
Travel Safety
For example, a Dataminr alert comes in about an emerging risk developing in Rome. The studio’s GSOC team looks at the PSIM and sees there are 37 employees located near the epicenter of the risk. Within seconds, they can send a message to the group: “We’re aware of the situation developing on the ground, and will update you once we have additional guidance.”
“This shows travelers that when they’re out for business and working for the company that there’s someone watching out for them. They’re not traveling alone,” said the studio’s Vice President of Global Threat and Emergency Management. “We’ve had amazingly positive feedback from that side. It gives people so much peace of mind to think, ‘Hey, if something happens, I’ll get taken care of. The business actually cares about me.’”
Delivering that feeling of safety is crucial for the studio, which works with a large number of contractors and temporary workers. Film shoots can employ hundreds of people, and world-famous actors, for a few brief weeks, who may go on to shoot their next project with a competing film studio. A well-run security operation remains a competitive differentiator for this studio.
Separately, the studio’s executives want to know if photos or videos are being leaked from their active film sets—another area where Dataminr’s real-time alerts can help.
Event Safety
The studio’s executives are highly visible in the entertainment industry, and attend, sponsor and speak at live events throughout the year. The studio’s GSOC team sets up Dataminr information feeds around specific events weeks ahead of time, to understand public sentiment toward the event, and look for specific, credible threats to executive safety.
During a live event, Dataminr sends the studio’s GSOC team real-time alerts to emerging risks, so they can augment the work of the executive protection team on the ground.
Moving Beyond Keywords
Before adopting Dataminr, the studio’s security analysts relied on standard social media monitoring software, local news feeds, keyword search lists and travel alerting. The results weren’t consistent: Sometimes the alerts were late, or nonexistent. Other times, the volume of alerts was so high, analysts couldn’t keep up, and ignored them.
For example, simple, keyword-based alerting systems proved inadequate at detecting nuances in syntax, raising urgent alarms when one of the studio’s film directors tweeted a sentence like, “We killed it on the shoot today.”
“Our big focus is to make any alert coming in as actionable as possible,” said the studio’s Vice President of Global Threat and Emergency Management. “If it’s not something that could impact an asset, a traveler or a person, we want to filter it out, so we don’t even see it. So the GSOC ideally gets as few alerts as possible.”
The studio found that source of fast, relevant and actionable alerts with Dataminr. Instead of using keywords, Dataminr’s artificial intelligence is able to understand that “killing it on the shoot” isn’t an actual risk. The platform processes billions of units of data from more than 200,000 public data sources, in more than 150 languages, 24 hours per day. That public information gets distilled into alerts that the studio’s GSOC team uses to make decisions.
CASE 4: Ellie Mae
Learn how the Silicon Valley-based mortgage software company Ellie Mae used Dataminr to protect their employees in the Midwest, following a devastating cyclone in 2019. Named a “bomb cyclone”, it had swept across the Midwest, bringing freezing rain, whiteout conditions and winds of up to 89 mph.
At 5:15 a.m., the 92-year-old dam broke, sending an 11-foot-tall wave of water downstream, flooding multiple towns and neighborhoods around Omaha. The operators tried to open the dam’s emergency spillways, but found some had been frozen shut. As water levels surged and it became clear failure was imminent, the operators abandoned the dam’s powerhouse at 4:30 a.m. and drove into the neighborhood below to pound on doors, begging people to evacuate. Nebraska’s governor later called the bomb cyclone the most damaging natural disaster in the state’s history.
Halfway across the country, the Workplace Safety team at the California-based software company Ellie Mae leapt into action, in support of their colleagues who lived and worked in the Midwest. The team worked quickly to account for the safety of Ellie Mae’s employees and families, gather information about the extent of the damage, and make business recommendations to the company’s People team.
“Pretty much every way into and out of the Omaha area was flooded,” said Josh Barrier, Manager of Workplace Safety at Ellie Mae. “We were able to provide photos from Dataminr showing exactly how bad the flooding was in the area.”
The team gathered live, up-to-the-second information using Dataminr, which delivers real-time alerts on emerging risks worldwide. Ellie Mae’s executives used that information to temporarily close the company’s satellite office in Omaha, and reach out to employees to check in and offer support.
Dataminr in the Safety Operations Center
Barrier joined Ellie Mae’s Workplace Safety team in early 2018, and was tasked with building the company’s first Safety Operations Center. He had used Dataminr in a previous management role, and recommended that Dataminr form the cornerstone of the company’s new operations center. Real-time information flows into the center 24 hours a day, and analysts use that information to make decisions to keep Ellie Mae’s employees and assets safe.
Dataminr’s real-time alerts span the globe which was particularly useful in the summer of 2020, as Ellie Mae’s security analysts followed ongoing media coverage of the political upheaval in Belarus—home to one of the company’s three international offices.
Employees want to feel secure at work, and know that their employer is looking out for their safety, Barrier said. He says his team functions with a service-focused mindset, providing relevant information to the business and making recommendations to ensure employee security.
Relevant Alerts in Real-time
Before using Dataminr, Barrier said security analysts often found themselves deep in manual work, chasing down information from disparate sources by hand. They’d used commercial social media platforms like TweetDeck, or rudimentary, keyword-based systems that would throw up urgent alarms when people tweeted sentences like “This sushi is the bomb,” he said.
“It was totally irrelevant, filling our notifications feed with junk,” Barrier said. “It would take time away from reaching out to someone who might actually need our assistance. But Dataminr really filters those types of alerts out. One thing I always hear from my team is that every single notification we get from Dataminr could be something that we need to look into.”
When a real-time alert comes into the SOC that requires action, Barrier uses Dataminr to get an early, on-the-ground look at what’s happening, which he reports up to the Senior Vice President of People. The Workplace Safety team continues to provide updates on the risk as it develops, to help executives make business decisions.
CASE 5: Pilgrims Risk Management Group
Pilgrims Risk Management Group uses Dataminr to protect people and assets for clients in some of the world’s most challenging environments. Learn why the UK based firm calls Dataminr “a critical tool for the SOC to carry out their function effectively.”
The editors at a major television news network are making the call—they’re flying a small production team to Somalia to cover a major, breaking news story. One of the first phone calls they make is to London-based security consultancy Pilgrims Risk Management Group, a firm that protects people and assets for clients in some of the world’s most challenging environments.
Pilgrims quickly pulls together a small team of specialists to join the journalists and manage their security throughout the mission. On the back end, security analysts working for Pilgrims build an updated assessment of the risks the journalists will face on the ground. The analysts reach out to their contacts working in the area, and use an array of sophisticated software solutions to verify what they’re learning. It’s fast, important work, crucial for keeping the team safe.
Dataminr forms an important building block of the security practice and tech stack at Pilgrims, providing alerts about emerging risks in real time. Analysts at Pilgrims use Dataminr alerts to augment the other sources of information that flow into their security operations centers, to build a more complete picture of risk.
“The risk assessment has to be with the team before they deploy, and the notice time can be short, perhaps a matter of hours,” said Richard Lovell-Knight, group Director of Risk at Pilgrims. “And it doesn’t stop there; the assessment instantly becomes dynamic, and continues through the mission until all are safely home.”
Pilgrims manages their own group security operations centers (SOCs) in Nigeria, Iraq, Afghanistan and the UK, providing contract security services to multiple clients. For larger clients, Pilgrims helps their clients develop bespoke SOCs tailored specifically to that client’s needs. For example, Pilgrims helped a major professional services company develop their SOC in London, which now serves the company’s 20,000 UK-based employees and global travelers.
The London-based SOC, which Pilgrims manages on behalf of its professional services client, runs 24 hours a day, with a team of eight analysts, a supervisor and a travel security manager. Together, this team looks for opportunities and threats through a process called “horizon scanning,” real-time notification of emerging risks using Dataminr, risk research and trends analysis.
Areas of risk include the obvious threats—asset protection, executive safety and travel safety—as well as incidents one would not immediately assume were related to security, such as climate-induced events that close down offices or prevent employees from getting to work.
Dataminr “fits perfectly in as a piece of the puzzle, as one of the component parts that ensures everything runs smoothly for the SOC,” said Valerie Kong, Pilgrims’ global manager of Risk and Information Services. Kong oversaw an internal benchmarking test that measured Dataminr’s real-time alerting capabilities against other software options. Dataminr was the clear frontrunner.
CASE 6: Baylor University
Every semester, hundreds of Baylor University students, faculty members and staff fly out of the relative safety of Waco, Texas, to far-flung corners of the globe to travel on behalf of the school— study abroad programs in Europe and Asia, mission trips to Latin America, and research conferences worldwide.
Keeping people safe while they travel on behalf of the school is the responsibility of the Baylor University Department of Public Safety. The person in charge of keeping these groups safe is Jared Bickenbach, Director of Global Safety and Security.
Bickenbach does this by assessing the risk environment of a region, country or specific city, and sharing that information with travelers before their trips. While groups are on the road, he relies on Dataminr to provide him with real-time alerts on breaking news, to keep travelers safe.
Travel Planning
Baylor University students, faculty and staff who travel on behalf of the school are required to share their itineraries in the school’s travel management system, listing out the cities and countries they expect to visit on their trip.
Bickenbach reviews and approves every itinerary personally. Certain itineraries are approved quickly, such as travel within the U.S., Canada or Western Europe—places that the U.S. Department of State deems “Level 1: Exercise Normal Precautions,” Bickenbach says.
For locations that the State Department deems “Level 2” or “Level 3,” Bickenbach will take a closer look at the probable risks surrounding the trip, by reading updated travel advisory information, detailed risk reports from analysts at WorldAware, and the real-time news alerts coming from Dataminr.
He then uses that information to build a risk profile for the itinerary, which he shares with the group before they leave. In certain cases, he will determine the risks are too high, and will recommend canceling the itinerary.
In rare cases, the trip’s risk profile changes quickly, and Bickenbach recommends groups cut their trips short and return to the U.S. Such was the case at the start of 2020, when the COVID-19 pandemic was beginning to spread across Asia and Europe. Using real-time information from Dataminr coupled with advisory recommendations from analysts, Bickenbach asked a number of students, faculty and staff to immediately return to the U.S.
Baylor University made the call in advance of wide-sweeping travel restrictions and ahead of other universities, who found themselves scrambling to arrange repatriation flights for their students, faculty and staff.
“The number one benefit for us is quality of information,” Bickenbach said. “Getting information in a remote area of the world is pretty difficult … and if you’re a small security team, having the alerts push directly to you is such a time- saving measure.”
Best Practices for Travel Safety
1. Adopt a centralized travel registration and budget management system: Organizing all current and future itineraries in one place allows an organization’s travel safety team to understand who is traveling where and coordinate a rapid response in case of emergency.
2. Use software to build an accurate picture of probable risks before the trip starts:
Bickenbach uses several tools to build a more complete picture of probable risks facing travelers. Dataminr gives Bickenbach a granular look at breaking news in real time, showing him a range of events as they happen.
3. Monitor emerging risks while travelers are on the road:
“If I see an alert like that, I know I’ll need to get information really fast,” Bickenbach says. “I can use [Dataminr] to quickly capture what’s happening… and can tell if any of those areas where we have students has been impacted.”
CASE 7: Sky News
Faint plumes of white smoke were rising above the Île de la Cité—at first, hard to pinpoint. As the smoke turned black and began to catch people’s attention, a classical music student standing on the bank of the Seine river was one of the first to realize what was happening. “Notre Dame on fire!” she tweeted, with a photo of smoke now billowing out of one of the cathedral’s spires. Firefighters had not yet arrived.
Within moments, journalists at Sky News in London interrupted their broadcast with breaking news—Notre- Dame Cathedral was on fire. It was a story that dominated news coverage for more than a week in Europe.
“We didn’t see it first on the AFP news wire, we saw it first on Dataminr,” said Digital News Editor Adam Parker. “And we didn’t just see it first [on Dataminr], we saw it with some incredible imagery.”
Based in London, Parker works on a newsgathering team at Sky News, specializing in using social media to source and verify emerging news stories. He and other journalists on the news desk gather visual media, background information and context, which they put on an internal newsroom platform that their colleagues use to build TV stories, social media posts and online articles. Speed and accuracy are essential.
In the case of the Notre-Dame Cathedral fire, it took minutes for the major news wires to issue their first news alert, and even longer for them to begin publishing photos and video. “Minutes are really important to us. Really, really important,” Parker said.
How Reporters at Sky News Use Dataminr
Since September 2018, journalists at Sky News have been using Dataminr for News to help them discover stories and pre-viral information most relevant to their beats. Individual reporters decide how they want to consume Dataminr news alerts—by email, on desktop, in collaboration platforms like Slack, or embedded in other news gathering tools like TweetDeck.
“[We think of] Dataminr as sort of a safety net,” Parker said. “We know that if there’s a big story happening and we haven’t seen it, we will see it from Dataminr in some form. And if I don’t see it on my Dataminr [dashboard], we know somebody else in the newsroom on Dataminr will.”
User-generated Media
Social media gives journalists a valuable window into conditions on the ground in areas of the world that are difficult for reporters to access and where English is not the primary language, such as Armenia and Azerbaijan, whose forces clashed in 2020 over the separatist territory Nagorno-Karabakh.
“We’ve seen pictures and videos that just wouldn’t be there—just wouldn’t exist—if it wasn’t for user-generated videos and user-generated pictures that allow us into those areas,” Parker said.
Dataminr for News not only helps reporters quickly find user-generated photos and videos, but also automatically translates captions and other media into English.
“It’s peace of mind knowing that we are covered worldwide for any story that may not have been picked up by people we follow on social media or on news wires,” Parker said.
CASE 8: Major Australian Utilities Provider
The company’s real estate footprint is similarly vast, with high-rise buildings in the country’s biggest cities, to small but crucial infrastructure sites strategically placed in remote corners of the continent. Every day, more than 5,000 employees work to keep this infrastructure network running, with technicians constantly on the move, and employees travelling across the country.
Keeping the company’s many buildings secure and people safe is the responsibility of the Security Emergency Response Centre (SERC) team, which serves as the company’s real-time security information hub. When a security-related incident happens, the SERC needs fast, accurate and relevant information about that incident, to protect people and property. Dataminr represents an important real-time information source for this company’s SERC.
Inside the SERC
This utility company opened its SERC in 2012, with the goal of monitoring security risks at 10 sites. Since then, the SERC has grown into a 24/7 centre with 15 employees, providing 18 distinct services.
The SERC has adopted cutting-edge technology, and today serves as a model for similar security operations centres in Australia. For example, they’re an early adopter of Honeywell Command Control Suite, which gives security analysts a single view of what’s happening across the company’s entire real estate footprint.
It also adopted electronic key cabinets, which the company uses to secure physical access to its network infrastructure racks. While many companies have just one electronic key cabinet, this utilities company has installed 190 across the country.
The Value of Faster Information
Real-time information is a crucial catalyst for action inside the SERC. In an interview, a SERC Security Advisor described a January 2017 incident where a man deliberately drove a car into pedestrians on Melbourne’s Bourke Street retail thoroughfare, killing 6 people and injuring more than 20 others.
In those chaotic early minutes, SERC analysts worked quickly to build an accurate picture of what was happening: Where had the attack occurred? Was it accidental or deliberate? Was the threat still active? Were company employees injured or needed help? Should the company send out an internal communication to nearby employees? Should it lock down and secure its buildings in Melbourne?
In 2018, SERC analysts experienced similar information challenges as they responded to another attack, coincidentally, again on Bourke Street. In that case, a different security software platform alerted the SERC to the attack hours after it had happened—too late to be helpful.
In September 2019, the SERC adopted Dataminr, which specializes in delivering fast, accurate and relevant information in real-time.
In one recent example, Dataminr alerted the SERC that a fire had broken out about 800 metres away from one of the company’s buildings in Adelaide. Using that information, SERC analysts called the building’s site manager, who had no idea there was a fire nearby. That early alert gave the team extra time to talk about evacuation plans if the fire threatened employee safety.
“When you look at Dataminr, my thinking is if it gives you even two minutes advance notice of an event, prior to anything coming through other media, that’s money well spent,” the SERC’s Senior Security Advisor said. “If we get an extra two minutes to make a decision, send comms out to staff or shut down a building, anything like that, it’s worth it.”
CASE 10: Major Automaker
Analysts working inside the security operations center (SOC) at one of the world’s largest automakers use real-time information from Dataminr Pulse to get an early view into emerging security risks that have the potential to impact the company’s business operations.
“My team has been utilizing the Dataminr platform for over a year now,” said the Lead Intelligence Analyst and Operations Manager at the automaker’s security operations center.
“Not only does it assist us with day-to-day operations, such as monitoring our facilities, executive travel and minimizing intellectual property leaks, but it also has provided timely emergency alerts and COVID-19 statistics during the ongoing pandemic.”
Dataminr Pulse in Action
Dec. 1, 2020: Active shooter
Dataminr Pulse alerted the automaker’s SOC to a police chase that was within range of the automaker’s facilities and employees. After further research, analysts found the chase was related to an active shooter near the automaker’s facilities. The SOC issued an internal advisory to key stakeholders inside the company for visibility, and continued to update the group throughout the situation. Dataminr Pulse highlighted this potential risk more than an hour before it was covered by local news media.
The automaker uses real-time information from Dataminr Pulse to support four internal use cases:
Intellectual Property
SOC analysts use Dataminr Pulse to follow keywords related to upcoming releases, photoshoot locations, spy photography and cargo travel
Executive Protection
SOC analysts add executive travel itineraries to Dataminr Pulse, giving them visibility into emerging risks happening near accommodations, meeting locations and travel routes, as well as keywords related to the individual and their travel plans.
Facility Support
The SOC uses Dataminr Pulse to get an early look at emerging risks happening near the company’s offices, production facilities and other physical locations.
Security Department
SOC analysts use real-time information from Dataminr Pulse to build threat assessments and intelligence products related to emerging and ongoing risks, such as the COVID-19 pandemic.
Life-saving real-time information
In late 2021, multiple explosions rocked Kampala, Uganda. Dataminr Pulse alerted the bank to the explosions—30 minutes before major news coverage—some of which were close to where bank employees worked. Because the security team received the alerts in real time, it was able to quickly and safely evacuate nearby employees from the affected areas, and more easily account for all staff members.
Pulse also alerted on the progression of events that followed the two bombings, allowing both the SOC and field security managers to maintain real-time visibility of what was happening on the ground and where. They were then able to ensure employees remained safe and swiftly mitigate any risks to customers and locations.
Geovisualization for faster decision making
Since using Dataminr Pulse’s geovisualization capabilities, the bank has been able to significantly cut down its response time, locate assets and conduct proximity measurements faster and make decisions much more quickly.
One of the areas where geovisualization has made a critical difference is in helping the bank stay ahead of extreme weather. As the bank operates in areas with frequent and severe weather disruptions, its SOC needs to be able to follow the trajectory of storms and know where its people and assets are in relation to weather risks.
With Dataminr Pulse, the bank is now better able to identify and prepare for threats and emerging risks; maintain visibility of events as they occur and unfold; and protect employees and assets no matter where they are—all in real time.
