Upload
tracy-strelser
View
17
Download
0
Embed Size (px)
Citation preview
AlphaSix QatoMachine learning-based anomaly detection for today’s enterprise.
ALPHASIX PROPRIETARY
AlphaSix Corporation Who we are and what we do.
AlphaSix Corporation is a service-disabled veteran-owned small business (SDVOSB) in the Washington DC area specializing in providing a broad range of quality IT products, solutions, and services tailored to the needs of our customers. Capabilities & customers include the following:
CAPABILITIES• Big Data & Analytics• Cybersecurity• Managed Print• Infrastructure• Virtualization
CUSTOMERS• US Department of Justice (ATF, DEA, FBI)• US Department of Veterans Affairs• US AID• US Navy • NOAA• NIH
ALPHASIX PROPRIETARY
At AlphaSix, we provide our customers with the technology to make them more effective when performing the toughest jobs, in the most challenging environments, in the most unpredictable situations.
AlphaSix Qato Anomaly detection for today’s enterprise.
The amount of data being generated on today’s networks is daunting. Qato turns this massive flow of data from a burden into an advantage by allowing you to detect and visualize anomalies in your data over time - allowing you to take swift actions. Applications of Qato include the following:
• Cybersecurity• Fraud Detection
• Pharmaceutical Compliance
• Financial Services
• Open, Scalable Architecture. Qato leverages an open, scalable architecture with our intellectual property that can easily grow with the needs of customers over time to handle even the largest data loads. The data will not be hidden in a black box as some proprietary solutions require.
• Flexible. Qato opens a new world of analytic possibilities. The data will be available for multiple analytics tools to access and provide capabilities to the customer.
• Cost Effective. Qato provides real-time database capabilities, global event streaming, and scalable enterprise storage to power a new generation of Big Data applications. This approach delivers enterprise grade security, reliability, and real-time performance while dramatically lowering both hardware and operational costs.
• Path To The Future. Because Qato is built around Big Data technology, it will be able to continually evolve to take advantage of the latest developments in this fast moving area.
Qato is currently available as on premise solution offering. On premise product and software-as-a-service (SAAS) will be available in 2017.
Benefits
ALPHASIX PROPRIETARY
AlphaSix Qato Put machine data to work so you can focus on your challenges.
Visualization & Search Interface
Query Engine / Analytics Processing
Data Store & Model Data Tiers
Hadoop / HBase Data Storage
On Premise / SAAS Physical
REVIEWStudy data usageover time.
1 ANALYZEDiscover patterns offraud, abuse, or threats.
2 RESOLVEAct on data to remediateand solve challenges.
3 Scalable & OpenSearchableFlexibleCost EffectiveBE
NEF
ITS
Qato benefits from tracking enormous amounts of data over time to ensure that true anomalies are filtered from day-to-day “noise” of your enterprise. It leverages an open and scalable architecture that is built to incorporate new technologies that will adapt over time. Our patent-pending anomaly detection algorithm provides rapid identification of the data on which you need to act.
AnyMachine
Data
Load
ersData Ingest
Data Source
Data Source
Data Source
Data Source
Data Source
Data SourceData Source
Data SourceData Source
Data Source
Data Source
Data Source
Data Source
Data Source
Unstructured DataInformation that either does not
have a pre-defined data model or is not organized in a pre-
defined manner
Structured DataData that can be
immediately identified within an electronic structure such as a relational
database.
Data Source
ALPHASIX PROPRIETARY
AlphaSix Qato CYBER Cybersecurity Implementation
Visualization & Search Interface
Query Engine / Analytics Processing
Data Store & Model Data Tiers
Hadoop / HBase Data Storage
On Premise / SAAS Physical
REVIEWStudy log date, network activitypatterns over time.
1 ANALYZEDiscover patterns offraud, abuse, or threatsrelated to cyber intrusions.
2 RESOLVEAct on data to remediateand solve challenges.
3 Unauthorized AccessData Theft Attack ProfilesDigital ForensicsBE
NEF
ITS
Qato collects all relevant enterprise security logs and combines them with supporting information. Defender can easily perform tasks such as identifying new connections while focusing on early signs of anomalous behavior. Inherent false positives in any detection method are mitigated by combining the results of all detection methods and highlighting the activities doing multiple “bad” things. Hiding malicious efforts by acting slowly over long amounts of time will be more easily detectable.
AnyMachine
Data
Load
ersData Ingest
App Servers
Firewalls
RoutersNetworks
Web Servers
DatabasesVirtual Machines
Windows Event Logs RFID
Active Directory
Server OS Logs
Sensors
IDP Software
SIEM DataUnstructured Data
WebEmail
MessagingSocial Media
Structured DataLogs
DatabaseEvent Logs
Applications
Threat Intel Data
ALPHASIX PROPRIETARY
AlphaSix Qato RXD Pharmaceutical Diversion: Hospital Compliance
Visualization & Search Interface
Query Engine / Analytics Processing
Data Store & Model Data Tiers
Hadoop / HBase Data Storage
On Premise / SAAS Physical
REVIEWStudy drug distributionin hospitals over time.
1 ANALYZEDiscover patterns offraud, abuse, or diversionswithin the hospital.
2 RESOLVEAct on data to remediateand solve challenges.
3Ordering AnomaliesTheft Loss ForensicsBilling FraudExcessive PrescriptionsDrug Supply SecurityBE
NEF
ITS
QATO collects and integrates data from all relevant standalone information systems within the hospital and provides managers with a searchable analytics tool that can identify anomalies, suspicious orders or unexplained increases in dispensing, administering or loss of controlledsubstances. This enables the hospital to have an infrastructure in place to identify potential diversion due to theft, loss or fraud and mitigate potential fines and meet compliance agreements.
AnyMachine
Data
Load
ersData Ingest
Structured Data
Most of the data available in hospitals is
structured data.
Data resides on many stand alone
servers and desktop systems throughout the
hospital.
Returned Medications
Incoming MedicationPatientPatient Billing
(Finance)Medication Wasting
Personnel Mgmt.(Nurse/Doctor/Pharma
Scheduling)
Pharmacy Inventory(Ordering/Replenishment)
Theft/Loss
Patient EHR(Ordering/Admin)
Physical Access &Dispensing Data
Physician Ordering
CSOS + Certs
Emergency Room(Patient Billing)
ALPHASIX PROPRIETARY
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
Visualization & Search Interface
Query Engine / Analytics Processing
Data Store & Model Data Tiers
Hadoop / HBase Data Storage
On Premise / SAAS Physical
REVIEWStudy flow ofpharmaceuticalsover time.
1 ANALYZEDiscover patterns offraud, abuse, or diversionsthroughout the distributionchain.
2 RESOLVEAct on data to remediateand solve challenges.
3Ordering AnomaliesTheft Loss ForensicsOverdose Deaths to PrescriptionsExcessive PrescriptionsDrug Supply SecurityBE
NEF
ITS
Qato allows inspectors/investigators to search for data anomalies as well as providing manual search functions for specifically tailored data analytics requests. This system can be utilized, for example, by pharmacy board inspectors/investigators to identify suspicious transactions based on orders of unusual size, orders deviating substantially from a normal pattern, and orders of unusual frequency. It can also be used by manufacturers and distributors to monitor the flow of their product to the user.
AnyMachine
Data
Load
ersData Ingest
Doctor Reporting
Pharmacy DataWholesaler Data
PDMP Data
DEA Data
Medical ExaminerRecords
Manufacturer Data
Structured Data
Medical Examiner RecordsARCOS
PDMP DataCDC Data
Distributor Data
RX
ALPHASIX PROPRIETARY
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
AlphaSix Qato is developed as a responsive HTML5 based application that can be hosted on the cloud or on premise using local web server. All accounts are administered via authorized personnel and best-of-breed security is implemented to ensure secure access to all data.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
For our demonstration version we are using all sample data that has been modeled on CDC historical data as a guideline.
The Qato application presents several user features noted to the left.
Responsive navigation menu that shows user profile and provides access to dashboards, anomalies, record sets (e.g., drug flows from manufacturer to patient), overdose death records, record search and system administration.
Full screen capability, sign-out, and hamburger menu to hide the navigation menu.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
The Overview dashboard provides a summary of all record sets in the system. This starts with total overdose deaths, active manufacturers / distributors / pharmacies providing drugs in the sample geography, and the total records in the system. Also provided are overall sales and sales per type of drug. Finally, the top drug producers at each stage of distribution are also presented.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
The primary feature of Qato is to find anomalies over time in your data. For pharmaceutical diversion this may occur at any stage in the flow of drugs from manufacturer down to patient. Presenting different ways to identify common diversion patterns is critical to finding the needle in the haystack.
Basic anomalies that are included in this application of Qato:
• High Growth Stores (per Capita) – stores with high growth per person
• High Growth Manufacturers (per Unit) – manufacturers with high per unit change in sales
• High Growth Distributors (per Unit) – distributors with high per unit change in sales
• High Growth Pharmacies (per Unit) – pharmacies with high per unit change in sales
• Pharmacy Flow Differential – pharmacies with most number of months with high flow differences
• Monthly Anomaly Analysis – used in conjunction with other anomalies to identify months where changes occurred
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
Using the High Growth Pharmacies anomaly you can see that there are several pharmacies that had an out-of-band % increase in sales. Our next step is to explore these anomalies to determine if they are warranted. We would do this by evaluating each store.The % sales increase at these
pharmacies appears to require deeper analysis…
AlphaSix Qato Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
To evaluate a potential anomaly we begin by selecting a record and setting that as a filter.
Note that all of your filters remain when setting filters and changing screens in Qato. This enables us to dig deeper into the anomaly.
1. Select the pharmacy requiring further evaluation. 2. Confirm the filter.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
Now that your filter is set you can see what the drug was that increased sales, the average amount they sold, the final amount sold and what ration increase occurred.
This is a substantial increase in Oxycontin sales for this pharmacy.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
Leaving our filter in place we next select the Monthly Anomaly Analysis filter. This enables us to see the sales of drugs at that pharmacy for the specified period. In this case we can see that there was a significant increase in month 12.
This warrants additional investigation.
Now we know the month where the increase occurred.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
To further evaluate the impact of this increase in month 12 we will select that month as an additional filter to apply.
1. Select the month 12 as a filter. 2. Confirm the filter.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
Next we go to the Medical Examiner Records and see that there were 25 deaths in County 42 where our pharmacy is located and prescriptions were issued that led to these deaths.
25 deaths attributed to the Oxycontin prescriptions issued by the specified pharmacy in County42.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
Going back to our Overview we can see a summary of the data we reviewed in detail.
Note that we can also evaluate the manufacturer, doctor and distributor of the drug in question by selecting more anomaly filters from the menu.
We can also evaluate the doctor that prescribed the drug and the patients who filled each prescription.
To continue evaluating this anomaly we can simply select an anomaly and continue applying filters.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
In addition to providing structure filter capabilities, analysts may also choose to search records on an “unstructured” basis. This is performed by the Qato Search function. This will provide the analyst the ability to view the detailed records in the system and is useful for following up on found anomalies and preparing detailed record information.
AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement
RX
ALPHASIX PROPRIETARY
Finally, Qato provide the ability to manage all users from a simple, clean user interface as well as specify what role-based permission each user has on the system.