Why Does CEP Matter?
Complex Event Processing (CEP) is a competitive advantage measured in time and intelligence. It is generated by technology that persistently monitors many dynamic information sources, acts on a user's behalf to find what is relevant, and initiates appropriate actions when relevant events occur. Properly applied, CEP turns information overload into an asset by breaking it down to the event level.
An event is an operationally relevant change in one or more data sources. Today's business analysts, knowledge workers, and other decision makers must be continually aware of many events and their impact on operations. To detect and respond to these events, one must monitor an ever-increasing number of data sources inside and outside the organization, ranging from corporate databases to RSS feeds to government watchlists to high-volume sensor streams. CEP solutions enable an organization and its personnel to keep a finger on the pulse of these data sources, gathering intelligence and alerting appropriate parties when events of interest occur.
Corporate data can be a major liability if one cannot make sense of it. What is the cost to an organization when a crisis event occurs and investigations reveal that corporate data pointed to the looming crisis, but no one put the pieces together in time? The proper use of CEP can prevent this familiar scenario, whether the mission is counterterrorism, financial fraud prevention, real-time supply chain optimization, competitive intelligence, travel management, or online marketing.
CEP is a direct extension of its users — it is not Artificial Intelligence. What makes CEP special is how it correlates across multiple information sources. Through user-defined rules that represent a step-by-step business logic, CEP acts on one's behalf to detect and respond to events. This capability translates into powerful savings and risk mitigation through automation (that is, time) and real-time correlation (intelligence) — powerful differentiators in a market of reactive organizations saturated by overabundant information.
How Does CEP Work?
Complex Event Processing is a breakthrough capability that can solve a wide range of problems — and capitalize on many untapped opportunities. By focusing at the event level, CEP can generate a complex picture from simple data points. Here is a basic example provided by Alan Lundberg in DM Review:
- Imagine that you see a white round ball with black spots flying through the air.
- You hear cheers from a large crowd.
- You can see rectangular shape posts with a large net attached.
These simple events point to a complex event: a soccer (or futbol) game.
In an organization, the simple data points that make up the complex pictures do not reside in one information source — they do not even reside solely within the organization. Basic CEP solutions monitor diverse information feeds, correlate data points within those feeds, and initiate simple responses when certain conditions are met. More sophisticated CEP solutions correlate incoming feeds against both internal and external sources, leverage third-party algorithms and analytical tools, initiate complex multi-channel alerts, and trigger other systems or applications when events occur. The most advanced CEP technologies bring this full range of capabilities into the hands of non-technical users, enabling them to rapidly respond to changing internal and external conditions without losing focus on key events that impact their organization.
For example, knowing that a specific transaction is outside an account holder's standard profile may be useful information, but information overload happens quickly if an analyst is required to investigate every non-standard transaction across all a firm's accounts. CEP can determine if the event actually matters by correlating transaction details with other sources of data. User-driven CEP technologies can allow an analyst to specify a rule that says "Only alert me if the beneficiary specified in the transaction is named on a particular watchlist." Another rule might be, "Only alert me if the account number has appeared more than three times over the past day." Through user-generated rules applied across teams of analysts, CEP can provide startling performance gains by automating manual research processes and providing actionable intelligence.
Intelligent Alerting
User-driven CEP products also provide the ability to perform real-time alerting when certain events are detected. Without CEP, an alert on fraudulent transaction activity might consist of an icon color change within an analysis tool or a simple e-mail notification. When many distinct events happen at once, these alerting mechanisms become unmanageable and overflow an inbox. With CEP, this data overload can be filtered through complex correlations against multiple data sources inside and outside the organization, and by allowing users to create rules that filter and prioritize alerts.
For example, an alerting rule may stipulate the following: "Flag all transactions above $2,000 originating from Region X or Y, but only alert me when more than deposits above $3,000 occur in Region X over the next ten days. Place the other flagged transactions in these folders." Intelligence alerting allows a user to set very granular controls, such as, "If eight flagged transactions originate from Country A in Region X, then set the priority of my alert to 3 and alert me on a map using Google Earth." CEP leverages alert priorities and GIS information to graphically display and highlight alerts based on the location and severity of an event, which is a powerful capability for command center operations. When deployed across analyst teams, CEP takes advantage of high event volumes by automatically filtering and routing higher-level events to command center GIS screens while sending lower-level events to a real-time web page with links to associated information that can be investigated further by end users.