Skip to content

Insider Risk: When to Throw the Flag, Blow the Whistle & Stop Play

The 2020 NFL season kicked off this month and I have to admit, the 70 decibels – no more, no less – of crowd noise artificially pumped through stadium speakers was weird. Don’t get me wrong, I watched about the same amount of football regardless of the lack of fans in the stadium, but it felt different. The noise, or lack thereof, made everything clearer. I heard every hit, every play call at the line and every referee whistle to stop play.  

I started to think about the impact of this on the game. While the players thrive on crowd noise – getting energy from every shout – the referees have a different job. This Covid era game provides them with a new benefit: total focus. And although it isn’t often that I think about work when watching football…an epiphany: security professionals are the referees of our collaboration culture, and yet their game just keeps getting louder and louder, noisier and noisier.

In the era of remote work and collaboration, where – by design, the speed of play is blindingly fast – the crowd noise is deafening. So deafening, in fact, that we’re not hearing the whistle. The noise is so distracting and discerning that no matter how many penalty flags security systems throw (i.e. alerts), we’re never stopping the play. 

Yellow flags in the NFL serve two distinct purposes: one to protect the integrity of the game, the other for the safety of the players. The flag is thrown when a rule is broken – an alert. The whistle is blown to stop play – the response. The penalty is enforced (or not) to remind the players to keep it fair – the remediation.  

Here’s the thing about penalty flags (alerts), whistles (response) and corrective action (remediation) – we need them, but the way security technology works today, it’s throwing flags on every play. Imagine if we actually blew the whistle and enforced corrective action (i.e. blocking) for every single one of them – the speed of play would come to a screeching halt, collaboration crushed, productivity frozen.

This is exactly why we built Incydr.  NFL referees have their heads on a swivel taking in multiple pieces of data – number of players on the field, game clock, play clock, running play versus pass play, interference or inadvertent contact, etc. They have an innate ability to take in all of this activity in real-time and make a call. Okay, sometimes not the best call, but pretty darn accurate when all is said and done. The same is asked of the security analyst. They too have their heads on a swivel taking in data from all sorts of sources – DLP, CASB, UEBA, EDR, Firewalls. The only difference is they are on the receiving end of the flags alerts. Alerts by the thousands, every day. 

I asked the security analysts, “When it comes to making judgment calls and blowing the whistle to potentially stop play, how do you do it?” Their answer, “Intuition.”  

So, at Code2, we asked ourselves, could we machine the security analysts’ intuition? Could we watch for risk indicators that when correlated in real-time warrant an alert – throwing a penalty flag? And, could we deliver enough signal in real-time that warrants the analyst blowing the whistle to stop play and take corrective action? Could we develop this technology to keep pace with the speed of play? Challenge accepted. 

We could, and we did. 

Incydr lowers crowd noise. Not by imposing a 70 decibel limit like the NFL did, but by machining the security analysts’ intuition, so they can be the referees of the collaboration culture. I know what you’re thinking, no one likes referees, but in our world, security teams are the ones we have to protect the integrity of the game and the safety of the players.   

Check it out.

You might also like: