Archive

Archive for the ‘Security Management / Operations’ Category

Announcing the Next SecurityDreamer Event ASIS 2014

August 22, 2014 1 comment

Join us for another SecurityDreamer cocktail party at the beginning of the ASIS conference in Atlanta, September 28. Start here before you walk over to Canada Night. Open bar and food. Contact me for an invitation HERE

security_dreamer_high-res_4c

IMG_0220

IMG_0212

IMG_0236

Sponsored by Modulo

Modulo_INTLogo_New_NoAccent

 

SecurityDreamer Chicago

What a successful SecurityDreamer Chicago Event last week! Thirty men and women from a cross section of Chicago’s IT and physical security communities, end users and service providers, gathered for a fun evening of information sharing, new research, fine art, yummy wine and stimulating conversation.

The event was held at the exquisite David Weinberg Gallery in the art district of Chicago near downtown.  David Weinberg was on hand to talk about his art.  The photographs lining the walls of the the three room gallery were provocative and powerful. David said his art was inspired by his childhood and colored by his years owning a technology company that he sold some years ago.

We were able to afford a beautiful and unusual venue because of our visionary sponsors, BRS Labs and Inovonics.  I’ve mentioned BRS Labs in the past.  I have such appreciation as a technologist for innovative companies, and BRS Labs is one of them.  The company re-thinks video analytics and approaches the challenge in an entirely new way.  While the “video analytics 1.0″ vendors battle it out, BRS Labs quietly amazes it’s customers and confounds its competitors with a “2.0” solution.  Thank you to BRS Labs for sponsoring SecurityDreamer Chicago.

Rethinking solutions was the theme of the event. I shared some research Hunt Business Intelligence recently completed on trends in critical infrastructure technology adoptions by the largest companies in the world.  It turns out that non-security executives, like CEOs and CFOs, are steadily losing confidence in security executives.

Part of the reason for that loss of confidence is that security executives continue to think like security wonks and do a poor job running security like a regular business unit. A security professional should be able to analyze, measure and create value, and not merely avoid risks.

Inovonics helps its customers create value. Its line of wireless life safety technologies, led by its flagship RADIUS product, leverages existing network infrastructures to provide superior service.  Imagine integrating a wide variety of sensors, including people-location, around your facility built around a single architecture of standard wireless networking. It is life safety information management at its finest.  Thank you to Inovonics for sponsoring SecurityDreamer Chicago.

We are now planning SecurityDreamer New York, SecurityDreamer Houston and SecurityDreamer Orlando (at ASIS).  Drop me a note and tell me a bit about yourself if you want one of the limited invitations.

When Securing Your PC, You Don’t Always Get What You Pay For

February 16, 2011 2 comments

In honor of being at the RSA Conference in San Francisco this week, I figured I should at least post one IT security blog.  Here is an excerpt from the “ship’s log” of my mentor Captain Phil Rosch:

I think the Security industry needs to be more proactive in terms of policing itself. I’ve spent way too much time over the past 6 months fixing machines for friends who got sucked in.

Fixing Charlie’s virus ridden computer wasn’t too hard.  I found a detailed set of instructions on the Internet that fit his problem exactly so I just followed the yellow brick road.  It’s easy to see how an error screen like the one crafted for the AVG 2011 could suck someone in. http://deletemalware.blogspot.com/2011/01/how-to-remove-fake-avg-antivirus-2011.html

After I blew off the virus, I downloaded Spybot Search & Destroy and Microsoft Security Essentials (both free). The Microsoft scan caught 2 Trojans and the S&D cleaned up all the spyware. The last job in the “tune-up” was to run SpinRite 6 to clean up the physical hard drive.

I really feel sorry for seniors who get sucked in by viruses and crap like you see on TV.  Allen Harkleroad, a consumer advocate said “I am 100% skeptical of any advertisement that claims to be able to fix a computer online, and from the consumer complaints I have read online, in the case of DoubleMySpeed and MyCleanPC, it appears that my misgivings were completely warranted.” Allen built himself a new Windows 7 machine with nothing on it and ran all current maintenance.

Next he ran MycleanPC and it produced over 1,000 errors and took him to a page that demanded $89 for the product and wouldn’t let him lose the page.

Check out “DoubleMySpeed complaints” on Google, also MyCleanPC complaints and the CyberDefender Corporation complaints. It seems now CyberDefender is trying to hide who owns the domains they operate, however IP address/DNS lookups don’t lie. CyberDefender responded by sending a legal threat letter, claiming defamation, and demanding the removal of the original posts.

 

Confused about PSIM? You can’t just blame me anymore

January 13, 2011 2 comments

Last month Martha Entwistle, editor of Security Systems News posted an interesting article commenting on the nature of PSIM (physical security information management) and a new report by IMS Research.  First I’ll comment on the content of the report, and then I’ll comment on the origin of the term PSIM (which she credits to me).

Thanks for writing this article, Martha.  As a security industry analyst for the last 15 years, I can say I’m not surprised.  I’ve seen reports like IMS’ before. You can’t blame them for confusing the issue, really.  Young researchers with no field security experience partially digest and regurgitate conversations with paying vendor marketing executives who have tremendous stake in the status quo.

The article here says “IMS’s Wong notes that products such as VMS and ACS software, which meet some, but not all, of the criteria above, are not considered to be PSIM for the purposes of the report.”

Hmm. I read these functional descriptions and think to myself that simply combining  any popular VMS and ACS and you’d have 80% of the functionality IMS declares to be PSIM.  So what does that mean? a solution has to have 100% of these technical requirements to be considered PSIM?  Does it mean that “real” PSIM is actually and merely the 20% delta of functionality between an access control/video solution and the remaining functions?

Curious.

Regarding the term PSIM. Yes, I was the first person to publish the term PSIM and launch the global discussion on physical security information management.  When Chuck Teubner, CEO of VidSys, was CEO of e-Security (around 2003-04), he and I sat in the e-Security offices and discussed a new idea I was working on in my research: Security Information Management (SIM) for the physical security world.  At that time, SIM was a popular concept in IT security management.  Sadly, after I left Forrester and could no longer control the Forrester-Gartner debate on the topic, the acronym degraded to the current, utterly ridiculous SIEM.  Anyway, I digress.

About the same time, Kobi Huberman of NICE and I drew a PSIM-like diagram on the back of a napkin in London.  He was the VP of corporate strategy for NICE. Shortly thereafter, Arcsight, a leading vendor in the IT SIM world, contacted me and we brainstormed about SIM for the physical security world.  Then NetIQ guys started talking about a similar concept.

When Chuck Teubner called me again in 2006 and suggested that we name the new concept, PSIM was born.  I published it on my blog then.  I can also say definitively that VidSys was the first company to clarify the PSIM vision and set the standard for PSIM definition and execution.

As a footnote, NICE later got into the PSIM game by acquiring PSIM vendor Orsus in 2009.  NetIQ guys started PSIM-vendor Proximex.  ArcSight, dabbled in PSIM but  has not yet come up with an effective strategy to penetrate the market.

Please watch securitydreamer.com for more to come on PSIM.

Is security just about making nothing happen?

In one of his first blog posts on the just-launched "Cyberia" site, famed industry analyst, Jonathan Penn, explores the Value of Security with the question "Is the value of security really "making nothing happen?" 

Making-nothing-happen

That's a question I've tackled before, too.  Welcome to the blogosphere, Jonathan.

Video: How I Evaluated Three Video Analytics Management Platforms

September 16, 2009 5 comments

I performed an independent, no-money-changed-hands evaluation of three products advertising video surveillance management plus video analytics management.  Here is a short video explaining my process and what I learned from my experience with Milestone XProtect, Aimetis Symphony, and Verint Nextiva.

All three products performed admirably, but there was one standout.  A few vendors chickened out, er, I mean, decided it was not of interest to them to participate.  :)  So kudos to Milestone, Aimetis and Verint for being proud of their products – as they should be.

DreamerGear Evaluation of Aimetis

DreamerGear Evaluation of Milestone

DreamerGear Evaluation of Verint

http://www.viddler.com/player/ed79f526/

DreamerGear Review of Aimetis’ Video Management plus Video Analytics

September 16, 2009 2 comments

Aimetis Symphony Enterprise Edition 6.2AimetisLogoPurple_72dpi

What We Loved: Complete, unified video and analytics management

What We Didn't:  Limited to Windows platforms4.5_Guards

Price:  Starts at $13,600

Overall Score:  4.4 out of possible 5

 

Overview

Aimetis Symphony Enterprise Edition is a very satisfying
product, mainly because it does everything you hope it will, easily and
affordably.  I mean, if you’ve gone
to the trouble to set up a surveillance environment using video analytics,
you’d probably want a single, easy-to-use system: to manage the video received
from many cameras; control pan tilt and zoom; select a variety of detections
using analytics; manage storage; set up alerts on certain activities and
detected behaviors; and create reports about those alerts.  Simply put, you’d want a system that
manages surveillance.

 

For the full Review Summary:Download DreamerGear Aimetis Symphony

 

Related Product Reviews

Milestone XProtect Corporate and XProtect Analytics

Verint Nextiva 6.0

Video: How I Evaluated Three Video Analytics Management Platforms

Follow

Get every new post delivered to your Inbox.