Archive for the ‘Audit’ Category

Video: How I Evaluated Three Video Analytics Management Platforms

September 16, 2009 4 comments

I performed an independent, no-money-changed-hands evaluation of three products advertising video surveillance management plus video analytics management.  Here is a short video explaining my process and what I learned from my experience with Milestone XProtect, Aimetis Symphony, and Verint Nextiva.

All three products performed admirably, but there was one standout.  A few vendors chickened out, er, I mean, decided it was not of interest to them to participate.  :)  So kudos to Milestone, Aimetis and Verint for being proud of their products – as they should be.

DreamerGear Evaluation of Aimetis

DreamerGear Evaluation of Milestone

DreamerGear Evaluation of Verint

DreamerGear Review of Aimetis’ Video Management plus Video Analytics

September 16, 2009 1 comment

Aimetis Symphony Enterprise Edition 6.2AimetisLogoPurple_72dpi

What We Loved: Complete, unified video and analytics management

What We Didn't:  Limited to Windows platforms4.5_Guards

Price:  Starts at $13,600

Overall Score:  4.4 out of possible 5



Aimetis Symphony Enterprise Edition is a very satisfying
product, mainly because it does everything you hope it will, easily and
affordably.  I mean, if you’ve gone
to the trouble to set up a surveillance environment using video analytics,
you’d probably want a single, easy-to-use system: to manage the video received
from many cameras; control pan tilt and zoom; select a variety of detections
using analytics; manage storage; set up alerts on certain activities and
detected behaviors; and create reports about those alerts.  Simply put, you’d want a system that
manages surveillance.


For the full Review Summary:Download DreamerGear Aimetis Symphony


Related Product Reviews

Milestone XProtect Corporate and XProtect Analytics

Verint Nextiva 6.0

Video: How I Evaluated Three Video Analytics Management Platforms

DreamerGear Review of Milestone’s Video Management plus Video Analytics

September 16, 2009 2 comments

Milestone XProtect Analytics and XProtect CorporateMilestone Logo with tag line

What We Loved:  Integration & Support for many different cameras

What We Didn't:  Poor reporting and incident management tools

Price:  Starts at $7990 plus purchase of 3rd party analytics3.5_Guards

Overall Score:  3.5 out of possible 5



Milestone Systems is the video management company with the
fastest growing brand recognition. 
I rarely hear an integrator or end user talk about surveillance video
management without Milestone being mentioned. The company’s XProtect Analytics
is enjoying the same buzz largely because of the effective marketing and press
exposure to the system. For me, it was Milestone that put the concept of video
management merged with analytics management on the map.  So of course I had high expectations
when I evaluated the product.


For the full Review Summary:  Download DreamerGear Milestone XProtect


Related Product Reviews

Aimetis Symphony Enterprise Edition 6.2

Verint Nextiva 6.0

Video: How I Evaluated Three Video Analytics Management Platforms

DreamerGear Review of Verint’s Video Management plus Video Analytics

September 16, 2009 2 comments

Verint Nextiva 6.0 Video and Analytics managementVerint logo

What We Loved:  Powerful
and professional look and feel

What We Didn’t: 
Too many separate products to get full functionality

Price:  Starts
at $24,900

Overall Score:  3.5
out of possible 5 


In general, our entire experience using and testing Verint Nextiva
to manage both video and video analytics was positive.  Nextiva has the power and capability to
handle video management and analytics deployments from moderate sizes to the
very largest.  It is obvious that
Verint put a lot of thought into every aspect of the product architecture and
design with, among other benefits, a very usable graphical interface and
excellent product support.


For the full Review Summary: Download DreamerGear Verint Nextiva 


Related Product Reviews

Aimetis Symphony Enterprise Edition 6.2

Milestone XProtect Corporate and XProtect Analytics

Video: How I Evaluated Three Video Analytics Management Platforms



Join me on a webinar about video analytics

November 30, 2007 Leave a comment

Wanna keep paying for eyeballs on monitors 24×7?  The cost
is hefty and critical events are missed as guards – being mere mortals – look away, blink or lose their edge. Video analytics offers an alternative to human-based guarding at a
fraction of the cost and continuously watches for intrusions – alerting
onsite/remote guards when a potential breach occurs. This webinar will explore
how video analytics is a cost-effective, easy-to-use technology across a range
of applications.  We hope you join me on December 17th , 1pm Eastern
Time.  Register.

The business value of IP-based security technologies. Or how to turn your IP camera into a business application

October 19, 2007 2 comments

In a further attempt to explain how PSIM (physical security information management) and IP-based security technologies in general, are more than simply software doing yesterday’s security job better.  They actually create value.  Take surveillance…

Surveillance cameras are technologies for capturing events and are deployed for many reasons: loss prevention, crime and vandalism deterrence, slip/fall evidence, traffic and crowd control, and dozens of other security & safety applications.

The captured video events are transmitted to monitors in command centers, or recorded on DVRs or storage arrays.  The images, when viewed or collected, are data that may be used for security event management.

Analog and network cameras, DVRs and networked storage aren’t the only security event data sources. Consider these:

  • Alarms and environmental sensors
  • Intrusion detection, physical and logical
  • Monitoring stations and command centers
  • Knowledge bases and external intelligence services
  • Trouble ticketing, dispatching systems, and problem management
  • Business continuity and emergency response software
  • Public address and notification systems

Even access control systems produce event data.

Resulting in a Deluge of Data.  So while security professionals have sought to solve security problems with the newest and best security technologies, they’ve ended up with this smoldering swamp of unused and sometimes unusable data.

Here’s the opportunity for you and for the industry.  If managed properly, if normalized and analyzed – that data becomes information.  With information, you can create value.

PSIM is the newest way of advancing the industry and your career but providing a platform for turning event data into business information, the same way corporations around the world have used any IT system to add value to the company.

This new breed of technology is represented by vendors like

  • Orsus
  • Proximex
  • Vidsys
  • Milestone
  • Cernium
  • ioimage

So go and make something of that data. Create Value!

Event management is security.  But Information management is business.

[PS: hopefully the reader can see why PSEM, physical security event management is a pointless moniker, while PSIM is the value-oriented expression we should standardize on.]

Primer on the four basic categories of security

October 17, 2007 6 comments

Here is a refresher on the four fundamental
categories of security – authentication, authorization, administration and
audit. Each poses a basic question.  And each must be addressed before the next becomes fully effective. 

Are you who you say you are? Authentication
is the set of tools and processes for identifying people and machines. ID
badges, key cards, passwords, biometrics all deliver information about whether
a person is who they claim to be.

I know who you are, but what may you do?
Authorization technologies limit and control behavior, but also aim to allow
appropriate activities. Locks, entry devices, card readers, antivirus software,
encryption, even fences and guards require or respond to information about
one’s privileges, then ensure that one can perform all the duties of his or her

Lots of you are doing lots of things. How do
I manage it? Administration is both a set of processes and a technological act,
often requiring software and computers or data repositories called directories.
Access control administrator software, provisioning software, the forms you
pass around to managers to get approvals, all allow organizations to add,
delete or modify information about people and their privileges.

What’s happening? Is the authentication and
authorization working correctly? The last of the four categories, audit, is
arguably the most important. Cameras, video recorders, monitoring stations,
alarms, IT-SIM and PSIM products, risk assessments and computer audit logs collect
and display the current state to whomever is concerned. The better systems, of
course, correlate and prioritize events to help people respond to the
interesting incidents.

Security employs technologies and processes
to ask those questions and respond to the information in the most efficient and
effectives ways.

You say tomayto, I say tomahto. PSIM has a definintion. Really!

October 2, 2007 3 comments

USBX has adopted the PSIM concept I wrote about last year
and is tracking it. In fact, USBX had a “get-to-know-PSIM”
breakfast on Tuesday morning at ASIS. John
Mack and Gavin Long were kind enough to invite me to kick it off with a few
words about the origin and scope of PSIM. The room was packed with a nice combination of end users, big
integrators, and PSIM vendors. I was pleased to see so many friends of mine
there, especially Chuck Teubner from VidSys, Ajay Jain from Quantum Secure, and
Omar Hussain from Imprivata.

Unfortunately, as the morning progressed I saw that I did
not do a very good job of defining the PSIM space, since Quantum Secure and
Imprivata both had to really stretch to include themselves in the
conversation. Don’t get me wrong, I have
very high regard for the solutions from both companies and believe strongly
that Imprivata and Quantum Secure advance the technological discussion in our
industry. But they ain’t PSIM vendors.

VidSys is. So are
Proximex and Orsus. DVTel is one. And I’d put Cisco in there, too. The defining characteristic of PSIM is a
technology whose primary purpose is to answer the questions “what’s happening?”
and “is it working?” Imprivata and
Quantum Secure are more in the authentication and authorization business,
setting and enforcing policies about identity and access to assets. See if you can list other PSIM technologies
for yourself.

Citrix flavored Kool-aid is addictive

September 26, 2007 Leave a comment

Last week I joined my fellow industry analysts at the Ritz Carlton in Key Biscayne for an analyst and customer event hosted by Citrix.  In the first two minutes of Citrix CEO Mark Templeton’s opening presentation he spoke of mobility.  Mobility is the key inhibitor, in my view, to mass adoption of Citrix solutions, or the adoption of any applications which require connectivity, so I was pleased he mentioned it right off the bat.
These sorts of meet-n-greets are common in the analyst biz, and this event was well done.  We each had-one-on-ones with Citrix executives, and informal gatherings with Citrix customers and staff.  However, in light of this week’s USA Today report that cities are slowing their adoption of municipal WiFi, and considering other municipal WiFi trends (see, it seems Citrix is betting on connectivity that may not be pervasive for years to come.

Exploring the Citrix security story was my reason for attending this year.  I wanted to see if Citrix could contribute to my optimal security architecture.  I’m always on the lookout for systems which can contribute to building the most efficient and effective security for organizations.  Citrix has some security benefits – secure presentation of remotely hosted applications and data, some immunity from desktop and Internet security threats, and a number of access management and data filtering options.  But while the company is still far from offering a coherent and useful security architecture (as opposed to its current offering of security features around an application delivery infrastructure), I see tremendous potential for it someday being included in well-considered and forward thinking security architectures.

One of the few obstacles inhibiting Citrix’s continuing success is rampant Kool-aidiholism.  Critique the accidental Citrix security capabilities or architecture and get a host of denials, vicious rebukes, and other defenses of the fierce alcoh, er, Kool-aidiholic.
CEO Templeton seems cautiously open-minded about enhancing the security message at Citrix.  And Chief Security Strategist Kurt Roemer is certainly willing to choreograph changes to the best of his ability.  But Roemer and Templeton, Wes Wasson, and few of the other enlightened execs will have a tough climb past the prickly and over-protective mid-level and senior folks I talked to.

AlgoSec makes the network admin’s life a lot easier

September 14, 2007 Leave a comment

When I was in Israel last week I enjoyed spending time with Avishai Wool, CTO of Algorithmic Security Inc.Algosec_logotype
AlgoSec is one of those special companies that focuses on creating a straightforward
useful technology and easing a pain felt by just about anyone with a firewall.  The product analyzes the configuration files of firewalls and helps to optimize the configuration and close pesky holes that inevitably occur in any dynamic workplace.

Categories: Audit, InfoSec, TechReviews

Get every new post delivered to your Inbox.