If you’ve ever been to the IT security mega trade show, RSA Conference, you probably noticed the same thing. There is always a dominant theme. One year it is compliance. Another identity theft. This year, loud and clear, it was threat management. Some vendors, like Skybox Security and Core Security, showed that their products helped you predict and prepare for threats. Some, like Intel/McAfee, Kaspersky were all about detecting threats quickly as they are being exploited. Others, for example BalaBit and LogRhythm, help you to understand threats in context as they occur.
Threats here. Threats there. Threats everywhere.
The threat management vendors were having a heyday, but they weren’t alone. All the other vendors joined the fun. Entrust, an identity management vendor recently acquired by Datacard, told us that threats make us so vulnerable because our identity management is lacking. Firewall vendors CheckPoint and Palo Alto Networks reminded us that they were the original threat fighters. And RSA’s Archer product team said that threats are best managed with top flight governance, risk and compliance (GRC) software.
I wondered how an average security director could walk the aisles of the show floor, listen to the vendor pitches, and have any clue what products to buy. Two vendors may use nearly the same expressions to describe their wares, but sell products that are fundamentally different.
I see it from the vendor’s point of view. They want to get in on the spending spree happening around threat management these days. I hope they realize that as soon as they start using generic threat management language – as they all seemed to do – they increase their number of competitors to include every other vendor using the same language.
I liked the pitch I heard from Rick Gamache, CTO of Red Sky Alliance. His words stood out from the crowd with a fresh approach. Red Sky Alliance is just that, an alliance. In two years it has rapidly grown to over thirty member companies, including major banks, huge Internet retailers, an oil & gas company, and a smattering of others. In an alliance of high trust, members share with one another threats they are experiencing. Then the dedicated researchers at Red Sky Alliance and its associate, Wapack Labs, provide a deep analysis of the threat – the most thorough analysis of advanced persistent threats (APTs) available outside of government agencies, accompanied by actionable recommendations for mitigating all related threats. The members use that analysis to defend against any other attacks coming from the same Chinese, Russian or other sources.
Good luck to CISOs in their quest to manage threats. My advice is to listen with a critical ear and get customer references from their peers.
Each year since 2005, SecurityDreamer blogger and industry analyst, Steve Hunt, conducts surveys of end user security executives, tracking trends related to the business of security. We cover physical security and IT security equally at SecurityDreamer, carving our unique niche in the industry. Here is a taste of our findings. Sorry, the complete findings are not available except to Steve Hunt’s consulting clients and participants in the research.
I find that narratives yield more insight and are more accurate than statistics. Therefore, the SecurityDreamer approach is to conduct dozens of personal interviews, by phone, email or in person. Each interview covers a subset of topics. Data gathered is generally qualitative and anecdotal, rather than quantitative.
Consultants, Use of
Identity & Access Management
Operational Best Practices
Physical Information Protection
Strategy & Planning
Technology Lifecycle Management
Approximately 50 companies participated in the survey, representing 11 industries.
Summary Findings from the SecurityDreamer Research
While operational security budgets saw little growth across all industries, spending for new projects increased steadily in Energy, Finance, High-Tech and Entertainment. New IT security and physical security projects most notably included
- Security operations centers
- Virtual command centers
- Security information management systems (SIEM, PSIM)
- Networked cameras and sensors at high-risk facilities
CSOs and CISOs complained that their greatest business challenge is metrics: Normal operational metrics, such as improved response time to security incidents, or numbers of malicious code detections are not compelling to business leaders. Security executives seek better ways to calculate ROI, justify purchases, and measure the success of deployments.
Most Surprising finding of 2012
Collecting Company Wisdom. Far more companies in more industries are documenting processes than we’ve seen in previous surveys. Continual Improvement (a la Baldrige, Kaizen, Six Sigma, etc) appears to be the primary motivation. Security executives realize that much of the know how of security operations resides in the heads of its local security managers. In a hope to benefit from the sharing of this business intelligence, companies are using a variety of techniques (surveys, performance reviews, online forms) to gather it.
Least Aware of This Threat
Physical threats to information rose to the top of the list of issues about which CISOs and CSOs know the least. Every security executive we interviewed had an understanding of physical threats to information (unauthorized visitors, dumpster diving, etc) but almost none had studied or measured the risks associated with physical threats to information, nor did they have in place thorough procedures to protect against it.
Least Prepared for This Threat
Two related concepts represent the threat for which nearly all security executives feel least prepared to address: Social engineering and physical penetration. Every security executive confessed that confidential company information was as risk of social engineer attacks (phony phone conversations, pre-texting, impersonation, spear-phishing, etc.). Physical penetrations were even more frightening to some executives who were certain that their confidential company information could be collected and conveyed out of the building (in the form of printed documents, photos, memory sticks, etc) by
- an unauthorized visitor tailgating into the building
- an attacker bypassing security controls at doors and fences
- rogue employees or contractors
- an internal attacker of any type
I feel like a proud Papa. NICE acquired Orsus, one of the hot new players in the PSIM (physical security information management) space. Why do I feel so happy? Because a major vendor in the security business demonstrates a savvy far beyond its competitors – the savvy that I've been talking about since I first introduced PSIM on this blog back in 2006. PSIM is simply the physical security version of the larger, more important business issue: IM – Information Management. By acquiring Orsus and creating a new strategy around its entire portfolio, Nice is the first major security vendor to become a full fledged Information Management vendor.
Nice is now a business solutions provider, while its competitors remain security solutions providers.
So what? The implications are huge. Now, discussions that begin with security, segue easily into discussions about business information – business intelligence. After all, the stuff of security (video streams, alarms, intrusion events, etc) are all simply data. When that data is organized, analyzed and correlated with other data, it becomes information – information, which may be used to inform business decisions.
The PSIM vendors (Orsus, Proximex, VidSys, CNL, Vialogy and others) have done a great job making this point and educating us on the business value of security data. Nice now can put this intelligence engine at the center of its portfolio and turn every security conversation into one that deeply concerns the senior executives. Nevertheless, the independent PSIM vendors I just mentioned will also benefit from the Nice move. They will become acquisition targets of Nice's fast-follower competitors, and they will enjoy the greater buzz and legitimacy Nice's investment causes around PSIM.
The deep pockets and global reach of Nice are the differentiators, though. Nice can afford to bid on and support Information Management projects worldwide, while the smaller, independent PSIM software companies rely on a variety of partners to get implemented.
Nice is doing the right thing, but it won't be a cake walk. The company still has to execute on this transformation and train its sales channel and its customers that security is not the point. This will be tough, since so many people think of security and surveillance when they think of Nice.
I have faith in Nice, though. Any company visionary enough to build a portfolio of business intelligence solutions within the security milieu is clever enough to reinvent itself from a marketing view, too.
I performed an independent, no-money-changed-hands evaluation of three products advertising video surveillance management plus video analytics management. Here is a short video explaining my process and what I learned from my experience with Milestone XProtect, Aimetis Symphony, and Verint Nextiva.
All three products performed admirably, but there was one standout. A few vendors chickened out, er, I mean, decided it was not of interest to them to participate. :) So kudos to Milestone, Aimetis and Verint for being proud of their products – as they should be.
What We Loved: Complete, unified video and analytics management
Price: Starts at $13,600
Overall Score: 4.4 out of possible 5
Aimetis Symphony Enterprise Edition is a very satisfying
product, mainly because it does everything you hope it will, easily and
affordably. I mean, if you’ve gone
to the trouble to set up a surveillance environment using video analytics,
you’d probably want a single, easy-to-use system: to manage the video received
from many cameras; control pan tilt and zoom; select a variety of detections
using analytics; manage storage; set up alerts on certain activities and
detected behaviors; and create reports about those alerts. Simply put, you’d want a system that
For the full Review Summary:Download DreamerGear Aimetis Symphony
Related Product Reviews
What We Loved: Integration & Support for many different cameras
What We Didn't: Poor reporting and incident management tools
Overall Score: 3.5 out of possible 5
Milestone Systems is the video management company with the
fastest growing brand recognition.
I rarely hear an integrator or end user talk about surveillance video
management without Milestone being mentioned. The company’s XProtect Analytics
is enjoying the same buzz largely because of the effective marketing and press
exposure to the system. For me, it was Milestone that put the concept of video
management merged with analytics management on the map. So of course I had high expectations
when I evaluated the product.
For the full Review Summary: Download DreamerGear Milestone XProtect
Related Product Reviews
What We Loved: Powerful
and professional look and feel
What We Didn’t:
Too many separate products to get full functionality
In general, our entire experience using and testing Verint Nextiva
to manage both video and video analytics was positive. Nextiva has the power and capability to
handle video management and analytics deployments from moderate sizes to the
very largest. It is obvious that
Verint put a lot of thought into every aspect of the product architecture and
design with, among other benefits, a very usable graphical interface and
excellent product support.
For the full Review Summary: Download DreamerGear Verint Nextiva
Related Product Reviews