AlphaSix Qato Showcase

AlphaSix QatoMachine learning-based anomaly detection for today’s enterprise.

ALPHASIX PROPRIETARY

AlphaSix Corporation Who we are and what we do.

AlphaSix Corporation is a service-disabled veteran-owned small business (SDVOSB) in the Washington DC area specializing in providing a broad range of quality IT products, solutions, and services tailored to the needs of our customers. Capabilities & customers include the following:

CAPABILITIES• Big Data & Analytics• Cybersecurity• Managed Print• Infrastructure• Virtualization

CUSTOMERS• US Department of Justice (ATF, DEA, FBI)• US Department of Veterans Affairs• US AID• US Navy • NOAA• NIH


At AlphaSix, we provide our customers with the technology to make them more effective when performing the toughest jobs, in the most challenging environments, in the most unpredictable situations.

AlphaSix Qato Anomaly detection for today’s enterprise.

The amount of data being generated on today’s networks is daunting. Qato turns this massive flow of data from a burden into an advantage by allowing you to detect and visualize anomalies in your data over time - allowing you to take swift actions. Applications of Qato include the following:

• Cybersecurity• Fraud Detection

• Pharmaceutical Compliance

• Financial Services

• Open, Scalable Architecture. Qato leverages an open, scalable architecture with our intellectual property that can easily grow with the needs of customers over time to handle even the largest data loads. The data will not be hidden in a black box as some proprietary solutions require.

• Flexible. Qato opens a new world of analytic possibilities. The data will be available for multiple analytics tools to access and provide capabilities to the customer.

• Cost Effective. Qato provides real-time database capabilities, global event streaming, and scalable enterprise storage to power a new generation of Big Data applications. This approach delivers enterprise grade security, reliability, and real-time performance while dramatically lowering both hardware and operational costs.

• Path To The Future. Because Qato is built around Big Data technology, it will be able to continually evolve to take advantage of the latest developments in this fast moving area.

Qato is currently available as on premise solution offering. On premise product and software-as-a-service (SAAS) will be available in 2017.

Benefits


AlphaSix Qato Put machine data to work so you can focus on your challenges.

Visualization & Search Interface

Query Engine / Analytics Processing

Data Store & Model Data Tiers

Hadoop / HBase Data Storage

On Premise / SAAS Physical

REVIEWStudy data usageover time.

1 ANALYZEDiscover patterns offraud, abuse, or threats.

2 RESOLVEAct on data to remediateand solve challenges.

3 Scalable & OpenSearchableFlexibleCost EffectiveBE

NEF

ITS

Qato benefits from tracking enormous amounts of data over time to ensure that true anomalies are filtered from day-to-day “noise” of your enterprise. It leverages an open and scalable architecture that is built to incorporate new technologies that will adapt over time. Our patent-pending anomaly detection algorithm provides rapid identification of the data on which you need to act.

AnyMachine

Data

Load

ersData Ingest

Data Source

Data Source

Data Source

Data Source

Data Source

Data SourceData Source

Data SourceData Source

Data Source

Data Source

Data Source

Data Source

Data Source

Unstructured DataInformation that either does not

have a pre-defined data model or is not organized in a pre-

defined manner

Structured DataData that can be

immediately identified within an electronic structure such as a relational

database.

Data Source


AlphaSix Qato CYBER Cybersecurity Implementation






REVIEWStudy log date, network activitypatterns over time.

1 ANALYZEDiscover patterns offraud, abuse, or threatsrelated to cyber intrusions.


3 Unauthorized AccessData Theft Attack ProfilesDigital ForensicsBE

NEF

ITS

Qato collects all relevant enterprise security logs and combines them with supporting information. Defender can easily perform tasks such as identifying new connections while focusing on early signs of anomalous behavior. Inherent false positives in any detection method are mitigated by combining the results of all detection methods and highlighting the activities doing multiple “bad” things. Hiding malicious efforts by acting slowly over long amounts of time will be more easily detectable.

AnyMachine

Data

Load

ersData Ingest

App Servers

Firewalls

RoutersNetworks

Web Servers

DatabasesVirtual Machines

Windows Event Logs RFID

Active Directory

Server OS Logs

Sensors

IDP Software

SIEM DataUnstructured Data

WebEmail

MessagingSocial Media

Structured DataLogs

DatabaseEvent Logs

Applications

Threat Intel Data


AlphaSix Qato RXD Pharmaceutical Diversion: Hospital Compliance






REVIEWStudy drug distributionin hospitals over time.

1 ANALYZEDiscover patterns offraud, abuse, or diversionswithin the hospital.


3Ordering AnomaliesTheft Loss ForensicsBilling FraudExcessive PrescriptionsDrug Supply SecurityBE

NEF

ITS

QATO collects and integrates data from all relevant standalone information systems within the hospital and provides managers with a searchable analytics tool that can identify anomalies, suspicious orders or unexplained increases in dispensing, administering or loss of controlledsubstances. This enables the hospital to have an infrastructure in place to identify potential diversion due to theft, loss or fraud and mitigate potential fines and meet compliance agreements.

AnyMachine

Data

Load

ersData Ingest

Structured Data

Most of the data available in hospitals is

structured data.

Data resides on many stand alone

servers and desktop systems throughout the

hospital.

Returned Medications

Incoming MedicationPatientPatient Billing

(Finance)Medication Wasting

Personnel Mgmt.(Nurse/Doctor/Pharma

Scheduling)

Pharmacy Inventory(Ordering/Replenishment)

Theft/Loss

Patient EHR(Ordering/Admin)

Physical Access &Dispensing Data

Physician Ordering

CSOS + Certs

Emergency Room(Patient Billing)


AlphaSix Qato RXD Pharmaceutical Diversion: Distribution Compliance & Enforcement






REVIEWStudy flow ofpharmaceuticalsover time.

1 ANALYZEDiscover patterns offraud, abuse, or diversionsthroughout the distributionchain.


3Ordering AnomaliesTheft Loss ForensicsOverdose Deaths to PrescriptionsExcessive PrescriptionsDrug Supply SecurityBE

NEF

ITS

Qato allows inspectors/investigators to search for data anomalies as well as providing manual search functions for specifically tailored data analytics requests. This system can be utilized, for example, by pharmacy board inspectors/investigators to identify suspicious transactions based on orders of unusual size, orders deviating substantially from a normal pattern, and orders of unusual frequency. It can also be used by manufacturers and distributors to monitor the flow of their product to the user.

AnyMachine

Data

Load

ersData Ingest

Doctor Reporting

Pharmacy DataWholesaler Data

PDMP Data

DEA Data

Medical ExaminerRecords

Manufacturer Data

Structured Data

Medical Examiner RecordsARCOS

PDMP DataCDC Data

Distributor Data

RX



RX


AlphaSix Qato is developed as a responsive HTML5 based application that can be hosted on the cloud or on premise using local web server. All accounts are administered via authorized personnel and best-of-breed security is implemented to ensure secure access to all data.


RX


For our demonstration version we are using all sample data that has been modeled on CDC historical data as a guideline.

The Qato application presents several user features noted to the left.

Responsive navigation menu that shows user profile and provides access to dashboards, anomalies, record sets (e.g., drug flows from manufacturer to patient), overdose death records, record search and system administration.

Full screen capability, sign-out, and hamburger menu to hide the navigation menu.


RX


The Overview dashboard provides a summary of all record sets in the system. This starts with total overdose deaths, active manufacturers / distributors / pharmacies providing drugs in the sample geography, and the total records in the system. Also provided are overall sales and sales per type of drug. Finally, the top drug producers at each stage of distribution are also presented.


RX


The primary feature of Qato is to find anomalies over time in your data. For pharmaceutical diversion this may occur at any stage in the flow of drugs from manufacturer down to patient. Presenting different ways to identify common diversion patterns is critical to finding the needle in the haystack.

Basic anomalies that are included in this application of Qato:

• High Growth Stores (per Capita) – stores with high growth per person

• High Growth Manufacturers (per Unit) – manufacturers with high per unit change in sales

• High Growth Distributors (per Unit) – distributors with high per unit change in sales

• High Growth Pharmacies (per Unit) – pharmacies with high per unit change in sales

• Pharmacy Flow Differential – pharmacies with most number of months with high flow differences

• Monthly Anomaly Analysis – used in conjunction with other anomalies to identify months where changes occurred


RX


Using the High Growth Pharmacies anomaly you can see that there are several pharmacies that had an out-of-band % increase in sales. Our next step is to explore these anomalies to determine if they are warranted. We would do this by evaluating each store.The % sales increase at these

pharmacies appears to require deeper analysis…

AlphaSix Qato Pharmaceutical Diversion: Distribution Compliance & Enforcement

RX


To evaluate a potential anomaly we begin by selecting a record and setting that as a filter.

Note that all of your filters remain when setting filters and changing screens in Qato. This enables us to dig deeper into the anomaly.

1. Select the pharmacy requiring further evaluation. 2. Confirm the filter.


RX


Now that your filter is set you can see what the drug was that increased sales, the average amount they sold, the final amount sold and what ration increase occurred.

This is a substantial increase in Oxycontin sales for this pharmacy.


RX


Leaving our filter in place we next select the Monthly Anomaly Analysis filter. This enables us to see the sales of drugs at that pharmacy for the specified period. In this case we can see that there was a significant increase in month 12.

This warrants additional investigation.

Now we know the month where the increase occurred.


RX


To further evaluate the impact of this increase in month 12 we will select that month as an additional filter to apply.

1. Select the month 12 as a filter. 2. Confirm the filter.


RX


Next we go to the Medical Examiner Records and see that there were 25 deaths in County 42 where our pharmacy is located and prescriptions were issued that led to these deaths.

25 deaths attributed to the Oxycontin prescriptions issued by the specified pharmacy in County42.


RX


Going back to our Overview we can see a summary of the data we reviewed in detail.

Note that we can also evaluate the manufacturer, doctor and distributor of the drug in question by selecting more anomaly filters from the menu.

We can also evaluate the doctor that prescribed the drug and the patients who filled each prescription.

To continue evaluating this anomaly we can simply select an anomaly and continue applying filters.


RX


In addition to providing structure filter capabilities, analysts may also choose to search records on an “unstructured” basis. This is performed by the Qato Search function. This will provide the analyst the ability to view the detailed records in the system and is useful for following up on found anomalies and preparing detailed record information.


RX


Finally, Qato provide the ability to manage all users from a simple, clean user interface as well as specify what role-based permission each user has on the system.

Health & Medicine

AlphaSix Qato Showcase