For decades, the intelligence community has been collecting and analyzing Information to produce timely and actionable insights for intelligence consumers. But as the amount of Information collected increases, analysts are facing new challenges in terms of data processing and analysis. In this article, we explore the possibilities that graph technology is offering for intelligence analysis.
The digital age brought new possibilities for Intelligence, Surveillance, and Reconnaissance across both traditional and new intelligence sources. The possibilities of collection within each discipline have widened. For instance, the Open Source Intelligence (OSINT) collection channels multiplied with the Internet, providing accesses to new valuable information. The generalization of digital technologies also extended the production, and thus the collection possibilities, with users generating and sharing content from portable devices anywhere in the world.
But those changes come at a cost for analysts:
This has a direct impact on the analysis. It’s difficult and time-consuming to handle those large, dynamics and various data assets. And in the meantime, the complexity of threats remains the same. To identify them, analysts must be able to cross-check various data assets in order to spot key elements and patterns that will produce actionable intelligence.
To renew and improve the traditional intelligence cycle, intelligence producers are turning to new tools and methods. Among those tools, we find graph technology. The underlying approach allows analysts to rapidly access relevant data and sift through large heterogeneous collections to find the small subset that holds high-value information.
The graph technology approach relies on a model in which you deal with data as a network. Information is stored as nodes, connected to each other by edges representing their relationships. This is actually a natural way to think about intelligence data: whether it’s people, telecommunication or events, the elements often form networks in which they are linked to each other.  Â
Graph or RDF databases are optimized for the storage of connected data. It emerged as the answer to the limitations of traditional databases. The relational databases were designed to codify and store tabular structures. While they are very good at it, they do not perform well when it comes to handling large volumes of connected data. Graph databases, on the other hand, offer several advantages over traditional technology when it comes to connected data:
Popular graph storage vendors includeDataStax, JanusGraph, Neo4j or Stardog. These systemswidely developedin the last decade, responding to the growing need for a technical solution for organizations working with connected data at scale. Â
With graph technology, you can combine multi-dimensional data, including time series, demographic or geographic data. It aggregates data from multiple sources and formats into a single, comprehensive data model that can scale up to billions of nodes and edges.
This is essential in multi-intelligence or all-source analysis to identify suspicious patterns, anomalies or irregular behavior. Indeed, suspicious activities are more easily detected when you analyze the dynamics between entities and not just the characteristics of single entities. With this approach, analysts easily gather and analyze data about people, events, and locations for example, into one view.
In the end, graph technology offers several advantages to intelligence and law enforcement agencies. It provides a single entry point to multiple data sources and data types that are integrated under a unique model. Analysts can produce intelligence from the analysis of heterogeneous dataandits connections.
Introducing graph databases into an organization comes with a set of new challenges.
