Each year since 2005, SecurityDreamer blogger and industry analyst, Steve Hunt, conducts surveys of end user security executives, tracking trends related to the business of security. We cover physical security and IT security equally at SecurityDreamer, carving our unique niche in the industry. Here is a taste of our findings. Sorry, the complete findings are not available except to Steve Hunt’s consulting clients and participants in the research.
I find that narratives yield more insight and are more accurate than statistics. Therefore, the SecurityDreamer approach is to conduct dozens of personal interviews, by phone, email or in person. Each interview covers a subset of topics. Data gathered is generally qualitative and anecdotal, rather than quantitative.
Consultants, Use of
Identity & Access Management
Operational Best Practices
Physical Information Protection
Strategy & Planning
Technology Lifecycle Management
Approximately 50 companies participated in the survey, representing 11 industries.
Summary Findings from the SecurityDreamer Research
While operational security budgets saw little growth across all industries, spending for new projects increased steadily in Energy, Finance, High-Tech and Entertainment. New IT security and physical security projects most notably included
- Security operations centers
- Virtual command centers
- Security information management systems (SIEM, PSIM)
- Networked cameras and sensors at high-risk facilities
CSOs and CISOs complained that their greatest business challenge is metrics: Normal operational metrics, such as improved response time to security incidents, or numbers of malicious code detections are not compelling to business leaders. Security executives seek better ways to calculate ROI, justify purchases, and measure the success of deployments.
Most Surprising finding of 2012
Collecting Company Wisdom. Far more companies in more industries are documenting processes than we’ve seen in previous surveys. Continual Improvement (a la Baldrige, Kaizen, Six Sigma, etc) appears to be the primary motivation. Security executives realize that much of the know how of security operations resides in the heads of its local security managers. In a hope to benefit from the sharing of this business intelligence, companies are using a variety of techniques (surveys, performance reviews, online forms) to gather it.
Least Aware of This Threat
Physical threats to information rose to the top of the list of issues about which CISOs and CSOs know the least. Every security executive we interviewed had an understanding of physical threats to information (unauthorized visitors, dumpster diving, etc) but almost none had studied or measured the risks associated with physical threats to information, nor did they have in place thorough procedures to protect against it.
Least Prepared for This Threat
Two related concepts represent the threat for which nearly all security executives feel least prepared to address: Social engineering and physical penetration. Every security executive confessed that confidential company information was as risk of social engineer attacks (phony phone conversations, pre-texting, impersonation, spear-phishing, etc.). Physical penetrations were even more frightening to some executives who were certain that their confidential company information could be collected and conveyed out of the building (in the form of printed documents, photos, memory sticks, etc) by
- an unauthorized visitor tailgating into the building
- an attacker bypassing security controls at doors and fences
- rogue employees or contractors
- an internal attacker of any type
I feel like a proud Papa. NICE acquired Orsus, one of the hot new players in the PSIM (physical security information management) space. Why do I feel so happy? Because a major vendor in the security business demonstrates a savvy far beyond its competitors – the savvy that I've been talking about since I first introduced PSIM on this blog back in 2006. PSIM is simply the physical security version of the larger, more important business issue: IM – Information Management. By acquiring Orsus and creating a new strategy around its entire portfolio, Nice is the first major security vendor to become a full fledged Information Management vendor.
Nice is now a business solutions provider, while its competitors remain security solutions providers.
So what? The implications are huge. Now, discussions that begin with security, segue easily into discussions about business information – business intelligence. After all, the stuff of security (video streams, alarms, intrusion events, etc) are all simply data. When that data is organized, analyzed and correlated with other data, it becomes information – information, which may be used to inform business decisions.
The PSIM vendors (Orsus, Proximex, VidSys, CNL, Vialogy and others) have done a great job making this point and educating us on the business value of security data. Nice now can put this intelligence engine at the center of its portfolio and turn every security conversation into one that deeply concerns the senior executives. Nevertheless, the independent PSIM vendors I just mentioned will also benefit from the Nice move. They will become acquisition targets of Nice's fast-follower competitors, and they will enjoy the greater buzz and legitimacy Nice's investment causes around PSIM.
The deep pockets and global reach of Nice are the differentiators, though. Nice can afford to bid on and support Information Management projects worldwide, while the smaller, independent PSIM software companies rely on a variety of partners to get implemented.
Nice is doing the right thing, but it won't be a cake walk. The company still has to execute on this transformation and train its sales channel and its customers that security is not the point. This will be tough, since so many people think of security and surveillance when they think of Nice.
I have faith in Nice, though. Any company visionary enough to build a portfolio of business intelligence solutions within the security milieu is clever enough to reinvent itself from a marketing view, too.
I performed an independent, no-money-changed-hands evaluation of three products advertising video surveillance management plus video analytics management. Here is a short video explaining my process and what I learned from my experience with Milestone XProtect, Aimetis Symphony, and Verint Nextiva.
All three products performed admirably, but there was one standout. A few vendors chickened out, er, I mean, decided it was not of interest to them to participate. :) So kudos to Milestone, Aimetis and Verint for being proud of their products – as they should be.
What We Loved: Complete, unified video and analytics management
Price: Starts at $13,600
Overall Score: 4.4 out of possible 5
Aimetis Symphony Enterprise Edition is a very satisfying
product, mainly because it does everything you hope it will, easily and
affordably. I mean, if you’ve gone
to the trouble to set up a surveillance environment using video analytics,
you’d probably want a single, easy-to-use system: to manage the video received
from many cameras; control pan tilt and zoom; select a variety of detections
using analytics; manage storage; set up alerts on certain activities and
detected behaviors; and create reports about those alerts. Simply put, you’d want a system that
For the full Review Summary:Download DreamerGear Aimetis Symphony
Related Product Reviews
What We Loved: Integration & Support for many different cameras
What We Didn't: Poor reporting and incident management tools
Overall Score: 3.5 out of possible 5
Milestone Systems is the video management company with the
fastest growing brand recognition.
I rarely hear an integrator or end user talk about surveillance video
management without Milestone being mentioned. The company’s XProtect Analytics
is enjoying the same buzz largely because of the effective marketing and press
exposure to the system. For me, it was Milestone that put the concept of video
management merged with analytics management on the map. So of course I had high expectations
when I evaluated the product.
For the full Review Summary: Download DreamerGear Milestone XProtect
Related Product Reviews
What We Loved: Powerful What We Didn’t: Price: Starts Overview In general, our entire experience using and testing Verint Nextiva For the full Review Summary: Download DreamerGear Verint Nextiva Related Product Reviews
and professional look and feel
Too many separate products to get full functionality
to manage both video and video analytics was positive. Nextiva has the power and capability to
handle video management and analytics deployments from moderate sizes to the
very largest. It is obvious that
Verint put a lot of thought into every aspect of the product architecture and
design with, among other benefits, a very usable graphical interface and
excellent product support.
What We Loved: Powerful
What We Didn’t:
In general, our entire experience using and testing Verint Nextiva
For the full Review Summary: Download DreamerGear Verint Nextiva
Related Product Reviews
Freeform ramblings while hiking to the top of Multnomah Falls in Oregon.
Sorry my phone didn’t have better resolution. Each of the three days of the Expo Seguridad conference, this woman was painted in very tasteful, beautiful ways. Each time with a security theme. The third day was the best. She was painted as a Borg, with a video camera as an eye. The sponsoring vendor is Sermex, a Mexican security products distributor.
Most organizations are not familiar with the concept of PSIM and instead turn to integrators and manufacturers of alarm monitoring equipment, access control systems, and video management systems for PSIM-type solutions. However, I think PSIM represents a new class of software-based systems. Here's how I define physical security information management (PSIM).
PSIM – Software designed to aggregate, normalize, correlate, apply policy to and display diverse data as information to simplify and improve security incident response.
Steelbox was foreclosed on by its bank, and Netversant sought Chapter 11 protection. Netversant's demise must have been due to poor management decisions, because the concept was timely. Steelbox's main problem was that the product was too damn good. Customers who bought one or two would never need another box.
Anybody want to pitch in to help me buy the assets? Could be fun.