Archive

Archive for the ‘Security Management / Operations’ Category

SecurityDreamer Chicago

What a successful SecurityDreamer Chicago Event last week! Thirty men and women from a cross section of Chicago’s IT and physical security communities, end users and service providers, gathered for a fun evening of information sharing, new research, fine art, yummy wine and stimulating conversation.

The event was held at the exquisite David Weinberg Gallery in the art district of Chicago near downtown.  David Weinberg was on hand to talk about his art.  The photographs lining the walls of the the three room gallery were provocative and powerful. David said his art was inspired by his childhood and colored by his years owning a technology company that he sold some years ago.

We were able to afford a beautiful and unusual venue because of our visionary sponsors, BRS Labs and Inovonics.  I’ve mentioned BRS Labs in the past.  I have such appreciation as a technologist for innovative companies, and BRS Labs is one of them.  The company re-thinks video analytics and approaches the challenge in an entirely new way.  While the “video analytics 1.0″ vendors battle it out, BRS Labs quietly amazes it’s customers and confounds its competitors with a “2.0” solution.  Thank you to BRS Labs for sponsoring SecurityDreamer Chicago.

Rethinking solutions was the theme of the event. I shared some research Hunt Business Intelligence recently completed on trends in critical infrastructure technology adoptions by the largest companies in the world.  It turns out that non-security executives, like CEOs and CFOs, are steadily losing confidence in security executives.

Part of the reason for that loss of confidence is that security executives continue to think like security wonks and do a poor job running security like a regular business unit. A security professional should be able to analyze, measure and create value, and not merely avoid risks.

Inovonics helps its customers create value. Its line of wireless life safety technologies, led by its flagship RADIUS product, leverages existing network infrastructures to provide superior service.  Imagine integrating a wide variety of sensors, including people-location, around your facility built around a single architecture of standard wireless networking. It is life safety information management at its finest.  Thank you to Inovonics for sponsoring SecurityDreamer Chicago.

We are now planning SecurityDreamer New York, SecurityDreamer Houston and SecurityDreamer Orlando (at ASIS).  Drop me a note and tell me a bit about yourself if you want one of the limited invitations.

When Securing Your PC, You Don’t Always Get What You Pay For

February 16, 2011 2 comments

In honor of being at the RSA Conference in San Francisco this week, I figured I should at least post one IT security blog.  Here is an excerpt from the “ship’s log” of my mentor Captain Phil Rosch:

I think the Security industry needs to be more proactive in terms of policing itself. I’ve spent way too much time over the past 6 months fixing machines for friends who got sucked in.

Fixing Charlie’s virus ridden computer wasn’t too hard.  I found a detailed set of instructions on the Internet that fit his problem exactly so I just followed the yellow brick road.  It’s easy to see how an error screen like the one crafted for the AVG 2011 could suck someone in. http://deletemalware.blogspot.com/2011/01/how-to-remove-fake-avg-antivirus-2011.html

After I blew off the virus, I downloaded Spybot Search & Destroy and Microsoft Security Essentials (both free). The Microsoft scan caught 2 Trojans and the S&D cleaned up all the spyware. The last job in the “tune-up” was to run SpinRite 6 to clean up the physical hard drive.

I really feel sorry for seniors who get sucked in by viruses and crap like you see on TV.  Allen Harkleroad, a consumer advocate said “I am 100% skeptical of any advertisement that claims to be able to fix a computer online, and from the consumer complaints I have read online, in the case of DoubleMySpeed and MyCleanPC, it appears that my misgivings were completely warranted.” Allen built himself a new Windows 7 machine with nothing on it and ran all current maintenance.

Next he ran MycleanPC and it produced over 1,000 errors and took him to a page that demanded $89 for the product and wouldn’t let him lose the page.

Check out “DoubleMySpeed complaints” on Google, also MyCleanPC complaints and the CyberDefender Corporation complaints. It seems now CyberDefender is trying to hide who owns the domains they operate, however IP address/DNS lookups don’t lie. CyberDefender responded by sending a legal threat letter, claiming defamation, and demanding the removal of the original posts.

 

Confused about PSIM? You can’t just blame me anymore

January 13, 2011 2 comments

Last month Martha Entwistle, editor of Security Systems News posted an interesting article commenting on the nature of PSIM (physical security information management) and a new report by IMS Research.  First I’ll comment on the content of the report, and then I’ll comment on the origin of the term PSIM (which she credits to me).

Thanks for writing this article, Martha.  As a security industry analyst for the last 15 years, I can say I’m not surprised.  I’ve seen reports like IMS’ before. You can’t blame them for confusing the issue, really.  Young researchers with no field security experience partially digest and regurgitate conversations with paying vendor marketing executives who have tremendous stake in the status quo.

The article here says “IMS’s Wong notes that products such as VMS and ACS software, which meet some, but not all, of the criteria above, are not considered to be PSIM for the purposes of the report.”

Hmm. I read these functional descriptions and think to myself that simply combining  any popular VMS and ACS and you’d have 80% of the functionality IMS declares to be PSIM.  So what does that mean? a solution has to have 100% of these technical requirements to be considered PSIM?  Does it mean that “real” PSIM is actually and merely the 20% delta of functionality between an access control/video solution and the remaining functions?

Curious.

Regarding the term PSIM. Yes, I was the first person to publish the term PSIM and launch the global discussion on physical security information management.  When Chuck Teubner, CEO of VidSys, was CEO of e-Security (around 2003-04), he and I sat in the e-Security offices and discussed a new idea I was working on in my research: Security Information Management (SIM) for the physical security world.  At that time, SIM was a popular concept in IT security management.  Sadly, after I left Forrester and could no longer control the Forrester-Gartner debate on the topic, the acronym degraded to the current, utterly ridiculous SIEM.  Anyway, I digress.

About the same time, Kobi Huberman of NICE and I drew a PSIM-like diagram on the back of a napkin in London.  He was the VP of corporate strategy for NICE. Shortly thereafter, Arcsight, a leading vendor in the IT SIM world, contacted me and we brainstormed about SIM for the physical security world.  Then NetIQ guys started talking about a similar concept.

When Chuck Teubner called me again in 2006 and suggested that we name the new concept, PSIM was born.  I published it on my blog then.  I can also say definitively that VidSys was the first company to clarify the PSIM vision and set the standard for PSIM definition and execution.

As a footnote, NICE later got into the PSIM game by acquiring PSIM vendor Orsus in 2009.  NetIQ guys started PSIM-vendor Proximex.  ArcSight, dabbled in PSIM but  has not yet come up with an effective strategy to penetrate the market.

Please watch securitydreamer.com for more to come on PSIM.

Is security just about making nothing happen?

In one of his first blog posts on the just-launched "Cyberia" site, famed industry analyst, Jonathan Penn, explores the Value of Security with the question "Is the value of security really "making nothing happen?" 

Making-nothing-happen

That's a question I've tackled before, too.  Welcome to the blogosphere, Jonathan.

Video: How I Evaluated Three Video Analytics Management Platforms

September 16, 2009 4 comments

I performed an independent, no-money-changed-hands evaluation of three products advertising video surveillance management plus video analytics management.  Here is a short video explaining my process and what I learned from my experience with Milestone XProtect, Aimetis Symphony, and Verint Nextiva.

All three products performed admirably, but there was one standout.  A few vendors chickened out, er, I mean, decided it was not of interest to them to participate.  :)  So kudos to Milestone, Aimetis and Verint for being proud of their products – as they should be.

DreamerGear Evaluation of Aimetis

DreamerGear Evaluation of Milestone

DreamerGear Evaluation of Verint

http://www.viddler.com/player/ed79f526/

DreamerGear Review of Aimetis’ Video Management plus Video Analytics

September 16, 2009 1 comment

Aimetis Symphony Enterprise Edition 6.2AimetisLogoPurple_72dpi

What We Loved: Complete, unified video and analytics management

What We Didn't:  Limited to Windows platforms4.5_Guards

Price:  Starts at $13,600

Overall Score:  4.4 out of possible 5

 

Overview

Aimetis Symphony Enterprise Edition is a very satisfying
product, mainly because it does everything you hope it will, easily and
affordably.  I mean, if you’ve gone
to the trouble to set up a surveillance environment using video analytics,
you’d probably want a single, easy-to-use system: to manage the video received
from many cameras; control pan tilt and zoom; select a variety of detections
using analytics; manage storage; set up alerts on certain activities and
detected behaviors; and create reports about those alerts.  Simply put, you’d want a system that
manages surveillance.

 

For the full Review Summary:Download DreamerGear Aimetis Symphony

 

Related Product Reviews

Milestone XProtect Corporate and XProtect Analytics

Verint Nextiva 6.0

Video: How I Evaluated Three Video Analytics Management Platforms

DreamerGear Review of Milestone’s Video Management plus Video Analytics

September 16, 2009 2 comments

Milestone XProtect Analytics and XProtect CorporateMilestone Logo with tag line

What We Loved:  Integration & Support for many different cameras

What We Didn't:  Poor reporting and incident management tools

Price:  Starts at $7990 plus purchase of 3rd party analytics3.5_Guards

Overall Score:  3.5 out of possible 5

 

Overview

Milestone Systems is the video management company with the
fastest growing brand recognition. 
I rarely hear an integrator or end user talk about surveillance video
management without Milestone being mentioned. The company’s XProtect Analytics
is enjoying the same buzz largely because of the effective marketing and press
exposure to the system. For me, it was Milestone that put the concept of video
management merged with analytics management on the map.  So of course I had high expectations
when I evaluated the product.

 

For the full Review Summary:  Download DreamerGear Milestone XProtect

 

Related Product Reviews

Aimetis Symphony Enterprise Edition 6.2

Verint Nextiva 6.0

Video: How I Evaluated Three Video Analytics Management Platforms

DreamerGear Review of Verint’s Video Management plus Video Analytics

September 16, 2009 2 comments

Verint Nextiva 6.0 Video and Analytics managementVerint logo

What We Loved:  Powerful
and professional look and feel

What We Didn’t: 
Too many separate products to get full functionality

Price:  Starts
at $24,900

Overall Score:  3.5
out of possible 5 
3.5_Guards


Overview

In general, our entire experience using and testing Verint Nextiva
to manage both video and video analytics was positive.  Nextiva has the power and capability to
handle video management and analytics deployments from moderate sizes to the
very largest.  It is obvious that
Verint put a lot of thought into every aspect of the product architecture and
design with, among other benefits, a very usable graphical interface and
excellent product support.

 

For the full Review Summary: Download DreamerGear Verint Nextiva 

 

Related Product Reviews

Aimetis Symphony Enterprise Edition 6.2


Milestone XProtect Corporate and XProtect Analytics

Video: How I Evaluated Three Video Analytics Management Platforms

 

 

Hiking the mountain to security enlightenment (video)

July 21, 2009 3 comments

Freeform ramblings while hiking to the top of Multnomah Falls in Oregon.

http://www.viddler.com/player/a1df3d12/

physical security directors need to learn to run a business, and vendors need to learn to sell

March 2, 2009 2 comments

Have you read some of the press releases and marketing campaigns coming from vendors (manufacturers) lately?  It’s like they live on another planet.  I sometimes think there is an alternate reality where some vendors, consultants and trade magazines live in perfect harmony piecing nonsensical words together, feeding them to each other and then having a community cud-chewing festival.

[Sorry, did I just piss everyone off?  Ed and Lorna, I don’t include you in that crew.  Not you either, Michael.]

What I read rarely relates to the conversations I have with CSOs, COOs and risk management executives.  I tell this to the vendors, and they whine and squirm and declare that they know their customer better than anybody.  Maybe so.  But that would simply mean their customers are not the CSO, COO or risk management executives I’m talking to.

Hmmm.

Maybe these vendors are content selling to facilities managers and the security directors who’ve been buying access control and DVRs for years.  That would make sense.  Those folks are competent security professionals who understand the technical and procedural requirements of access and surveillance.  So of course the vendors enjoy selling access and surveillance equipment and services to this crowd.

But then why do executives think things look askew? 

Two reasons:

  • Because neither the vendors nor the security directors have been successful describing the business value of specific security initiatives in terms of measured economic impact; and,
  • Because neither the vendors nor the security directors think of physical security departments as business units.  Therefore, they feel no need to use business language, set up common business processes, and report on metrics the way other business units do.

It could simply be a matter of not selling high enough.  The senior executives tell me that they see physical security as essentially screwed up.  “How did physical security get so messed up” was the exact quote of one of these execs last week, after he investigated the processes of risk management in his very large corporation. 

He expected to find a business unit with standard processes for setting goals and quantifying performance metrics.  Instead, he saw a 1970s police department with what he described as an archaic operation of “security for the sake of security.”  “How do the words ‘command and control’ fit into my business?” he exclaimed with frustration.

In short, physical security is not run like a business, from the business executive’s point of view.  It is run like a police department, or a military base.  Nothing wrong with that, intrinsically, of course.  Law enforcement and military operations are very effective for managing risk – if your organization is a city or university or war zone.  If we are talking about a business, however, security should be run differently.  It should be run like a business.

Vendors don’t get that, it seems.  So they don’t sell that message.  And they don’t create products that enable security directors to run a business.  Here are three things vendors should start doing right now to solve the real problems faced by the companies they sell to.

1. Describe solutions in terms of business service management.  Create sound, believable measurements of ROI, TCO and overall economic impact for each solution.  Be ready to map every major function of the product to specific business requirements.  Basically, you want to empower your traditional security director or facilities manager customer to carry the message of business value up the ladder.

2. Sell higher. If you can’t sell your product to a COO, then maybe you shouldn’t be selling it at all.  My point is that a product or service purchased in the organization should be valued and appreciated by the COO.  If it’s not, then either your message is wrong or your product is.  Investigate new business development methods to permit you to sell to senior executives.  You’ll make more money and solve bigger problems.

3. Stop the “me too” feature war.  Customers don’t really care what features your product has or what boxes the consultant can check off on the requirements list. Some features are more important than others.   Find out the relative weights of customer requirements and then you’ll be able to see how closely your product comes to actually solving the problem.  Otherwise, you are just showing that your product sucks less than the other guys.’  See my post, “Most product comparisons tell you jack

In this economy, no one can afford to pass by opportunities to provide the highest value to end user customers.  Slackers will die.

Follow

Get every new post delivered to your Inbox.