Converged Security and Situation Management without Boundaries: Opinions from Orsus

| 0 Comments | 0 TrackBacks

Page:   1   2   3  Next  »

Situation management vendor identifies components of comprehensive, central view of security

Security Squared continues to research how enterprises can today achieve a truly comprehensive view of their security environment, both in real time and for trends and compliance analysis. It's becoming clear that data from all types of physical and logical events, inside and outside the enterprise, are readily available in overwhelming quantity. How does an enterprise find the real issues in the growing deluge?

That's the sweet spot SIEM and PSIM vendors--and situation management vendors, like Orsus, with its Situator solution, try to hit. As highlighted in Sharon J. Watson's recent conversation with Rafi Bhonker (pictured below), vice president, worldwide marketing and sales at Orsus, smart enterprises are thinking about their risks in the context of larger enterprise objectives--a trend that could be supported by more coherent correlation of "event" data, wherever its origin.

What follows are excerpts from our conversation, edited for clarity and length.

*****

Rafi Bhonker on how enterprise PSIM/situation management implementations evolve:

It's a process. Rarely would you find a customer that has a full understanding of exactly all the pain points that he has or all the issues he would like to have resolved.  What typically happens is that you start off with a few issues you would like to have resolved, and then you start to realize there is more you can address.
RBhonker.jpg
....One of our customers, a port, is in its next phase. It's an operational issue if there is a problem with one of its cranes--these huge devices they have out at ports that take the containers and move them off the vessels onto the ground. These are very expensive systems. If they are down, from an operational standpoint the port is losing money, so a situation for them is if there is a failure.

Now obviously they have people in an operational control room that deals with that. But as they were working with Situator--they have had it for a few years now--rather than have that control room deal with the situation, [they said] to make the process more efficient, let's connect to this external system that manages the cranes, let's get a failure situation into the [command and control] room where we have people sitting 24/7, let's get messages out to them early.

On differentiating PSIM and situation management:

When you think from a customer standpoint, what he really cares about is not the underlying technology of connecting physical security to information management systems. That's the enabler. What he is really concerned about is managing the situation.

Now, when you manage a situation, it may [have] its roots in doing some correlation between physical security and information management or it may not. It may be a situation that is purely in the physical security area. The classic example is always access control and video: someone forces a door and the video camera picks it up. It could purely be in the area of information management, where you have a situation where someone violates access and that violation, at the logical level, needs to be reported to the appropriate personnel. It has nothing to do yet with cameras or other physical systems. 

Or it could be a correlation between the two. For instance, you could have a blacklist of individuals who have left the organization, and once they show up at the door and try to enter, that automatically causes a situation....


Or for that matter it could be a situation that has nothing to do with either physical or information management systems. Someone calls in. It's a call. It's a medical emergency, something is happening in the organization or in the front lobby. Maybe it's a medical situation. That's a situation that has nothing to do with any system at all, but someone called in, reported it. Now you need to manage that. Therefore situation management in a sense is a superset is of the PSIM marketplace because it's not just connecting [physical and logical systems].

On how acceptance of situation management/PSIM has grown:

Three years ago companies were not thinking in these terms. Most of the thought was in the physical security systems, and the connection between them and logical systems was not well defined. You still have issues--I'm sure many companies still have the silos there between the IT department and the physical security department -- but in general when you target a Fortune 500 company...there is a lot more of a handshake between the departments.

I'll give you an example. I was [recently] talking to a Fortune 100 company in Texas. They came over and visited an installation we have in another Fortune 100 company. People who came in from the prospect company were the director of security, the person responsible for the control room, and in this very first meeting--a very initial meeting, they don't even have their requirements specified yet--they already had the IT manager. Not the CIO, but that person in the organization who is assigned to manage the IT projects for security. This type of connection did not exist three years ago.

I think that's very positive. It shows the trend in the marketplace in regards to how large companies are starting to perceive how things can be done.

Page:   1   2   3  Next  »

Situation management vendor identifies components of comprehensive, central view of security

Security Squared continues to research how enterprises can today achieve a truly comprehensive view of their security environment, both in real time and for trends and compliance analysis. It's becoming clear that data from all types of physical and logical events, inside and outside the enterprise, are readily available in overwhelming quantity. How does an enterprise find the real issues in the growing deluge?

That's the sweet spot SIEM and PSIM vendors--and situation management vendors, like Orsus, with its Situator solution, try to hit. As highlighted in Sharon J. Watson's recent conversation with Rafi Bhonker (pictured below), vice president, worldwide marketing and sales at Orsus, smart enterprises are thinking about their risks in the context of larger enterprise objectives--a trend that could be supported by more coherent correlation of "event" data, wherever its origin.

What follows are excerpts from our conversation, edited for clarity and length.

*****

Rafi Bhonker on how enterprise PSIM/situation management implementations evolve:

It's a process. Rarely would you find a customer that has a full understanding of exactly all the pain points that he has or all the issues he would like to have resolved.  What typically happens is that you start off with a few issues you would like to have resolved, and then you start to realize there is more you can address.
RBhonker.jpg
....One of our customers, a port, is in its next phase. It's an operational issue if there is a problem with one of its cranes--these huge devices they have out at ports that take the containers and move them off the vessels onto the ground. These are very expensive systems. If they are down, from an operational standpoint the port is losing money, so a situation for them is if there is a failure.

Now obviously they have people in an operational control room that deals with that. But as they were working with Situator--they have had it for a few years now--rather than have that control room deal with the situation, [they said] to make the process more efficient, let's connect to this external system that manages the cranes, let's get a failure situation into the [command and control] room where we have people sitting 24/7, let's get messages out to them early.

On differentiating PSIM and situation management:

When you think from a customer standpoint, what he really cares about is not the underlying technology of connecting physical security to information management systems. That's the enabler. What he is really concerned about is managing the situation.

Now, when you manage a situation, it may [have] its roots in doing some correlation between physical security and information management or it may not. It may be a situation that is purely in the physical security area. The classic example is always access control and video: someone forces a door and the video camera picks it up. It could purely be in the area of information management, where you have a situation where someone violates access and that violation, at the logical level, needs to be reported to the appropriate personnel. It has nothing to do yet with cameras or other physical systems. 

Or it could be a correlation between the two. For instance, you could have a blacklist of individuals who have left the organization, and once they show up at the door and try to enter, that automatically causes a situation....


Or for that matter it could be a situation that has nothing to do with either physical or information management systems. Someone calls in. It's a call. It's a medical emergency, something is happening in the organization or in the front lobby. Maybe it's a medical situation. That's a situation that has nothing to do with any system at all, but someone called in, reported it. Now you need to manage that. Therefore situation management in a sense is a superset is of the PSIM marketplace because it's not just connecting [physical and logical systems].

On how acceptance of situation management/PSIM has grown:

Three years ago companies were not thinking in these terms. Most of the thought was in the physical security systems, and the connection between them and logical systems was not well defined. You still have issues--I'm sure many companies still have the silos there between the IT department and the physical security department -- but in general when you target a Fortune 500 company...there is a lot more of a handshake between the departments.

I'll give you an example. I was [recently] talking to a Fortune 100 company in Texas. They came over and visited an installation we have in another Fortune 100 company. People who came in from the prospect company were the director of security, the person responsible for the control room, and in this very first meeting--a very initial meeting, they don't even have their requirements specified yet--they already had the IT manager. Not the CIO, but that person in the organization who is assigned to manage the IT projects for security. This type of connection did not exist three years ago.

I think that's very positive. It shows the trend in the marketplace in regards to how large companies are starting to perceive how things can be done.

<!--nextpage-->

On control room consolidation as a driver:

Some of our customers have large worldwide operations where one of their main pain points, which is a pain point that has an easy ROI to define, is multiple control rooms. The moment you would like to consolidate them, that's a trigger.

Now bear in mind, it's not the issue of being able to get all these control rooms viewed from a single control room. So let's say you have five people in a control room that's remote. Now if you take all the CCTV cameras that are in that room and move them to a main control room, you really haven't done much. You still need the five people to come in and survey and monitor the control room.

The whole intent is, how do you deal with exceptions, how can you build some logic around this, so the same number of personnel you had before in the main control room who were managing just one site can now manage two or maybe five different sites because they are handling exceptions. Because you can focus their attention on real situations or real potential threats as opposed to everything that's happening.

On enterprise approaches to solving business/security issues:

When there is a good connection between logical and physical security, what they are doing well is trying to isolate themselves from the actual mechanics of the solution and they're coming in with [a defined] business problem.

For instance, [they might say], 'When a certain car that is potentially stolen enters the perimeter of our organization or facility, we would like to know.'

Now that's a problem because today, someone sitting at the perimeter gates doesn't have that information, doesn't know, so the car goes through. Now you could find out by stopping each car and radioing in the information and have someone check some federal database or state police database to find out that information. That obviously takes time and you can't do that for every car.

Or you could have LPR--license plate recognition technology, just like you have on toll roads--you just read the license plates as the traffic is flowing through and have that compared to a dynamic blacklist that's coming from an information system that is external to the organization itself to which access has been provided. If that car is detected a mile before it gets to the site, now it can be stopped at the site because now you know there's a potential threat there.

<!--nextpage-->

I don't think people are really thinking from a technology standpoint. I think the early adopters we are interacting with are starting to open up their thought processes, and rather than be limited to, oh well, I have this camera, they're starting to really think.

This is a major change because we are really taking physical security, traditional physical security, and moving it out of its silo. Because it was always...this room that was not part of the organization, you had to come into the lobby, go back and go down the stairs into some basement where you'd find this little control room that was isolated with a lot of ex-police and ex-military folks sitting there. And now it is becoming part of the corporate network and the corporate culture, and it's really looking at the corporate risks.

Technology is technology, it can do anything. The real question is how do you apply it to what you are trying to do.

On expanding security information and systems perspectives: 

As opposed to physical and logical, we try to look at the categories of technology that are coming together. We see five different categories.

One is the category of security and safety systems which is...the video, the access control, the perimeters. Safety would be the fire system, sensors for detecting all kinds of stuff and so on. There are an endless number of systems in that area.

The second category of systems we're trying to bring together is communication systems. Now most of the communication systems are not for alerting purposes, but for the outcomes. You have the situation, something was correlated together, you need to do things. These can be intercom systems or mass notification systems. One of our customers is now connecting to a mass notification system. This was not an issue initially, but as they thought of using the system more and more, they said let's figure out how to [connect] the mass notification system to Situator.

The third category is location systems. These could be radar, sonar location systems, RFID systems or GPS systems. There is starting to be a little overlap between location systems and cameras, for instance, because now you start having cameras providing actual locations. These are systems that give you coordinates of something that has happened.

The fourth category is data systems. They could be ERP systems and CRM systems and HR systems or external systems that provide information-- I mentioned the police database before of reports of stolen cars-- coming in from external authorities or agencies. So these are data systems. It could be building management systems, or a SCADA system, which is a classic system to connect to the operational side.

The last system is Internet feeds, getting weather, traffic, RSS messages and so on. There are lots of different Internet sites today that show geography, and you can decide that if there is a weather threat to one of my sites, I'd like to get a notification...not on SMS as an individual but right into the situation management system platform and have a whole response procedure.

It's building a broader system...not looking at it as physical and logical systems but more in terms of what does it do for the organization.







:

No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/85

Leave a comment