Part 2: Security Operations, Centralized: A Perspective from Proximex

| 0 Comments | 0 TrackBacks
Larry Lien, vice president of product management for PSIM vendor Proximex, talks about the issues of sharing data across physical and logical security lines

Here at Security Squared, we're working on a feature story about truly centralizing security operations, for an enterprise view of risk that encompasses physical and logical systems, data and events. Late last week, Sharon J. Watson interviewed Larry Lien (pictured), LienCrop.jpgvice president of product management for Proximex on the topic.

Yesterday's portion of the interview looked at the building blocks of centralizing security operations. In today's segment, Lien talks about the interest in connecting logical systems to PSIM solutions (which integrate data from physical security systems) and the operational obstacles to doing so. He also discusses how security organizations are becoming more enterprise oriented.

What follows is an abridged transcription of our conversation, edited for clarity and length.

***********

Sharon J. Watson: How much interest do you see in connecting Surveillant [Proximex's PSIM solution] to LDAPs and Active Directory and other IT systems?

Larry Lien: It depends on the organization. I'll tell you the extreme, and then I'll tell you where most companies are.

The way we see some environments is...the physical security department is completely separate from the IT department. They run on separate networks--you can't even e-mail if you're on the security network, so they are physically isolated from each other. That's one extreme, and we do definitely have customers like that.

Then we find customers on the other extreme where everything is fully meshed onto the same IT network. The reality is there are customers that still physically separate things, but a lot of those are moving more toward an environment where the security department is one of IT's customers, so all of these security applications run on top of the IT infrastructure.

The reason I bring that up is that when you talk about how many customers really want to integrate some of the IT logical security aspects into physical security, it's not all of them today. There are several that are asking 'can you integrate with LDAP and Active Directory because we want some of that information?' The large majority are setting that as a requirement today but in reality, very few of them are actually using that integration.

SJW: So they want that functionality on the checklist but are not quite making it work today?

LL: Exactly. There are customers that certainly have that fully integrated network, but there are a lot of folks that have separate networks.  They just want to make sure 'when I get the chance to turn on that switch and I want to start sharing stuff with my IT department, I want to make sure your product is able to do that.'

SJW: It surprises me that so many enterprises are willing to let the separation continue. From talking to people who've explained some of the risks that can occur and how some of the bad guys behave and how they will attempt to actually get into your facility and do damage from behind your firewall, it's just interesting to me there doesn't seem to be a greater sense of urgency at the very least need to have them all in the same room even if they can't do all the technical ductwork to get all the systems integrated.

LL: There are two aspects to that. One of them is expertise in how do you start to bring things together, and the second is how do you build the right business case to do that.

I think coming from the IT part of the world, the expertise is definitely there. There are a lot of people really knowledgeable about how to bring those systems together and start sharing information and protect things. When you come into the physical security world, they have that idea of how to protect things but they're not sure of the technologies to use to do that.

Now, business cases....This is an area that's really up-and-coming. More and more we're seeing [security organizations] building strong business cases, not only about how to protect or improve security within their environment but about cost savings and how they can make their environments operate more efficiently and effectively.

So if you draw a parallel to...[online transactions] and the IT part of the world...with B2B transactions with financial services companies or consumer to business transactions like shopping on Amazon.com, it was really easy for them to say 'if my network is down right now I'm losing a hundred thousand dollars an hour.'

It's harder to make that parallel in the physical security part of the world, to say if I'm not able to catch that person he may do some damage but...being able to quantify that piece has always been a challenge for physical security.

SJW: I did hear you correctly, though, that there are some security organizations getting better at building stronger business cases?

LL: Yes, definitely. It's interesting: I don't know if it's the influence of a lot of the new generation of security folks that may have a little bit more of a background in what's important to the overall company versus the traditional 'I just want to protect my assets here.'  But they need to prove their organization--it's still a cost center, right?--how the well-being of their organization is cost justified within the overall company.  They're starting to get more and more people who are not only good at security but who are also very business-savvy as well.  

We're getting lots of people asking us what is the ROI, what is the total cost of ownership. They're starting to think a little farther out than just the traditional how do I protect my assets.

SJW: Can you characterize the types of companies that are better than others at those business cases?

LL: I'm seeing it across the board. It's sad to say, but it's really the people who have been attacked recently. Schools are a good example. A lot of them are really, really raising up their level of awareness of what needs to be done. A lot of corporate environments, because they're worried about corporate espionage, are definitely looking at that. The government is definitely looking at all these things too.

SJW: Bringing us back to a more technical discussion: PSIM solutions can enable an enterprise to use a single physical credential across disparate physical access control systems. And merging a person's physical and logical identities into a single identity contributes to greater security. So if the logical identities are a mess, for want of a better word, how much can you do with that PSIM solution to really overcome that?

LL: It's not just logical identity, it's the concept of garbage in, garbage out. If the information is not right within your systems, there is only so much that a PSIM solution can do.  PSIM solutions can start to correlate information and piece it together so you can start to draw out some of those anomalies, but I don't think that's the main purpose of a PSIM solution.  The main purpose is to gather more information about something. So if you have five pieces of information, and one piece from your logical identity system is the wrong piece of information, well, with the other four pieces of information, you can probably still make a pretty good judgment about what you need to do.

You might find out that, oh man, my logical identity system really gave me the wrong information, I'm going to have to go back and talk to somebody about what's going on over there, so in that sense [PSIM] will help out... but PSIM was really meant to help extract more information about an incident so you can make a more intelligent decision about what needs to be done.

SJW: What should I be asking about that I'm not?

LL: I want to emphasize the separation I see today and where it's going. If you talk about technology, SIM [security information management] and PSIM are very, very similar in what you provide. You have a management middleware layer, then you have a rules or business logic engine, then you've got a centralized console. But the systems that are integrated into [SIM and PSIM solutions] are very, very different.

In the physical security part of the world, a lot of it has to do with unstructured data. I call it unstructured data because look at video: how do you structure video so that there's precise information coming from that? But I see SIM and PSIM starting to come together in the future.

At the end of the day, it's all about information that needs to be collected and correlated, and decisions that need to be made out of it. I think that convergence [of those two] is going to happen. There are lots of folks doing SIM, a few folks doing PSIM. It becomes almost more of an organizational thing again. SIM is often handled by the networking or IT organization versus PSIM, which is handled by the physical security organization.

If [those organizations] want to share information together now, it's going to be hard until they can break down those walls. The technical knowledge is definitely there, and we're starting to see more and more scenarios where people are starting to be more and more comfortable sharing that information. So what we're trying to do now is drive out those scenarios where that information can be better shared.

You're on the right trend here. I think it's interesting to start thinking about a lot of this information. I believe over the next couple of years, we're going to see a pretty big difference in this...because we're starting to get a lot more IT folks involved as influencers in physical security types of implementations and applications as well as PSIM. As they get more involved, they think, 'wow I've got a lot of information, how can I start to share it?' It's really refreshing to see a lot of new customers we're talking to picking up on that trend.

###

Be sure to catch Part 1 of our conversation with Larry Lien on the building blocks of  centralized, converged security operations.

Also find additional information on this topic and related issues here, in our recent conversation with David Fowler of VidSys.

Query: How quickly are you able to correlate data from various physical and logical endpoints within your enterprise to identify and deal with emerging security or emergency situations?

Larry Lien, vice president of product management for PSIM vendor Proximex, talks about the issues of sharing data across physical and logical security lines

Here at Security Squared, we're working on a feature story about truly centralizing security operations, for an enterprise view of risk that encompasses physical and logical systems, data and events. Late last week, Sharon J. Watson interviewed Larry Lien (pictured), LienCrop.jpgvice president of product management for Proximex on the topic.

Yesterday's portion of the interview looked at the building blocks of centralizing security operations. In today's segment, Lien talks about the interest in connecting logical systems to PSIM solutions (which integrate data from physical security systems) and the operational obstacles to doing so. He also discusses how security organizations are becoming more enterprise oriented.

What follows is an abridged transcription of our conversation, edited for clarity and length.

***********

Sharon J. Watson: How much interest do you see in connecting Surveillant [Proximex's PSIM solution] to LDAPs and Active Directory and other IT systems?

Larry Lien: It depends on the organization. I'll tell you the extreme, and then I'll tell you where most companies are.

The way we see some environments is...the physical security department is completely separate from the IT department. They run on separate networks--you can't even e-mail if you're on the security network, so they are physically isolated from each other. That's one extreme, and we do definitely have customers like that.

Then we find customers on the other extreme where everything is fully meshed onto the same IT network. The reality is there are customers that still physically separate things, but a lot of those are moving more toward an environment where the security department is one of IT's customers, so all of these security applications run on top of the IT infrastructure.

The reason I bring that up is that when you talk about how many customers really want to integrate some of the IT logical security aspects into physical security, it's not all of them today. There are several that are asking 'can you integrate with LDAP and Active Directory because we want some of that information?' The large majority are setting that as a requirement today but in reality, very few of them are actually using that integration.

SJW: So they want that functionality on the checklist but are not quite making it work today?

LL: Exactly. There are customers that certainly have that fully integrated network, but there are a lot of folks that have separate networks.  They just want to make sure 'when I get the chance to turn on that switch and I want to start sharing stuff with my IT department, I want to make sure your product is able to do that.'

SJW: It surprises me that so many enterprises are willing to let the separation continue. From talking to people who've explained some of the risks that can occur and how some of the bad guys behave and how they will attempt to actually get into your facility and do damage from behind your firewall, it's just interesting to me there doesn't seem to be a greater sense of urgency at the very least need to have them all in the same room even if they can't do all the technical ductwork to get all the systems integrated.

LL: There are two aspects to that. One of them is expertise in how do you start to bring things together, and the second is how do you build the right business case to do that.

I think coming from the IT part of the world, the expertise is definitely there. There are a lot of people really knowledgeable about how to bring those systems together and start sharing information and protect things. When you come into the physical security world, they have that idea of how to protect things but they're not sure of the technologies to use to do that.

Now, business cases....This is an area that's really up-and-coming. More and more we're seeing [security organizations] building strong business cases, not only about how to protect or improve security within their environment but about cost savings and how they can make their environments operate more efficiently and effectively.

So if you draw a parallel to...[online transactions] and the IT part of the world...with B2B transactions with financial services companies or consumer to business transactions like shopping on Amazon.com, it was really easy for them to say 'if my network is down right now I'm losing a hundred thousand dollars an hour.'

It's harder to make that parallel in the physical security part of the world, to say if I'm not able to catch that person he may do some damage but...being able to quantify that piece has always been a challenge for physical security.

SJW: I did hear you correctly, though, that there are some security organizations getting better at building stronger business cases?

LL: Yes, definitely. It's interesting: I don't know if it's the influence of a lot of the new generation of security folks that may have a little bit more of a background in what's important to the overall company versus the traditional 'I just want to protect my assets here.'  But they need to prove their organization--it's still a cost center, right?--how the well-being of their organization is cost justified within the overall company.  They're starting to get more and more people who are not only good at security but who are also very business-savvy as well.  

We're getting lots of people asking us what is the ROI, what is the total cost of ownership. They're starting to think a little farther out than just the traditional how do I protect my assets.

SJW: Can you characterize the types of companies that are better than others at those business cases?

LL: I'm seeing it across the board. It's sad to say, but it's really the people who have been attacked recently. Schools are a good example. A lot of them are really, really raising up their level of awareness of what needs to be done. A lot of corporate environments, because they're worried about corporate espionage, are definitely looking at that. The government is definitely looking at all these things too.

SJW: Bringing us back to a more technical discussion: PSIM solutions can enable an enterprise to use a single physical credential across disparate physical access control systems. And merging a person's physical and logical identities into a single identity contributes to greater security. So if the logical identities are a mess, for want of a better word, how much can you do with that PSIM solution to really overcome that?

LL: It's not just logical identity, it's the concept of garbage in, garbage out. If the information is not right within your systems, there is only so much that a PSIM solution can do.  PSIM solutions can start to correlate information and piece it together so you can start to draw out some of those anomalies, but I don't think that's the main purpose of a PSIM solution.  The main purpose is to gather more information about something. So if you have five pieces of information, and one piece from your logical identity system is the wrong piece of information, well, with the other four pieces of information, you can probably still make a pretty good judgment about what you need to do.

You might find out that, oh man, my logical identity system really gave me the wrong information, I'm going to have to go back and talk to somebody about what's going on over there, so in that sense [PSIM] will help out... but PSIM was really meant to help extract more information about an incident so you can make a more intelligent decision about what needs to be done.

SJW: What should I be asking about that I'm not?

LL: I want to emphasize the separation I see today and where it's going. If you talk about technology, SIM [security information management] and PSIM are very, very similar in what you provide. You have a management middleware layer, then you have a rules or business logic engine, then you've got a centralized console. But the systems that are integrated into [SIM and PSIM solutions] are very, very different.

In the physical security part of the world, a lot of it has to do with unstructured data. I call it unstructured data because look at video: how do you structure video so that there's precise information coming from that? But I see SIM and PSIM starting to come together in the future.

At the end of the day, it's all about information that needs to be collected and correlated, and decisions that need to be made out of it. I think that convergence [of those two] is going to happen. There are lots of folks doing SIM, a few folks doing PSIM. It becomes almost more of an organizational thing again. SIM is often handled by the networking or IT organization versus PSIM, which is handled by the physical security organization.

If [those organizations] want to share information together now, it's going to be hard until they can break down those walls. The technical knowledge is definitely there, and we're starting to see more and more scenarios where people are starting to be more and more comfortable sharing that information. So what we're trying to do now is drive out those scenarios where that information can be better shared.

You're on the right trend here. I think it's interesting to start thinking about a lot of this information. I believe over the next couple of years, we're going to see a pretty big difference in this...because we're starting to get a lot more IT folks involved as influencers in physical security types of implementations and applications as well as PSIM. As they get more involved, they think, 'wow I've got a lot of information, how can I start to share it?' It's really refreshing to see a lot of new customers we're talking to picking up on that trend.

###

Be sure to catch Part 1 of our conversation with Larry Lien on the building blocks of  centralized, converged security operations.

Also find additional information on this topic and related issues here, in our recent conversation with David Fowler of VidSys.

Query: How quickly are you able to correlate data from various physical and logical endpoints within your enterprise to identify and deal with emerging security or emergency situations?

No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/78

Leave a comment