Subscribe to

Blogs

A social media advertiser?

 - 
Monday, March 2, 2009
First time I've ever seen security advertised on Facebook. No idea who these guys are, but their add popped up next to my home page (and I don't talk about my security work on Facebook). Good to see some creative marketing in the security industry.

TechSec, Day 2

 - 
Monday, March 2, 2009
Sorry for the delay on this, but with travel and some office things that needed attention I haven't been able to find the time to sit down and smash all of Day 2 into a neat little entry. Now, with snow piling up outside the home-office window, I think I've got an opening (barring small children throwing things at me). First up was the "Technology Lightning Round," my own personal brain-child, allowing some companies with cool technology who didn't quite make the cut for a full 45-minute presentation to each have 10-12 minutes to talk about what makes what they do unique and how it has the chance to change the industry. I pitched it to them as a chance to be an evangelist, to get people excited about their secret sauce, to use the time for an extended elevator pitch, to be a hype man. They took that advice to differing degrees. The guy who really got it was Randall Foster, CEO of Vumii, a company with technology that makes me go, "Wow." I wrote about him here, after ISC last year. Basically, the wow part is that Vumii makes a laser-based night-vision camera that can tell who's driving a car from about a mile away at night. It's pretty amazing (Foster says he's got some crazy stuff thanks to the fact that the laser can see through reflective windows, too, but I'll let him post those on Vumii's x-rated hidden site). But what Foster spoke about with his 10 minutes is the way that the laser vision can be incorporated, using IP technology, into an overall surveillance system. With a panoramic view of a situation, you can have cameras scanning different points of a 360-view, looking for problems. Then, when something suspicious is spotted, the laser can pinpoint exactly what's happening and communications can be sent out to the appropriate first responders. I think more than one person in the audience audibly oohed at a couple of the images Foster put up. What I liked best about the Lightning Round is that nobody presented their technology as the be-all/end-all solution. Rather, they all noted they were just pieces in an overall, holistic security system. They emphasized that they augmented what's already out in the field, and they all made a business-case argument for what their products can do. Andy Lynch, of aXonx, spoke about how his company's video smoke and fire detection can save huge amounts for warehouse owners and other locations where smoke detection is often not a priority because it takes so long for the smoke to get to the ceiling. In fact, many commercial buildings aren't coded for smoke detection, just sprinklers to put the fire out. Once the sprinklers come on, the damage is done, on a number of levels. He even pointed out that there was no smoke detection in the very ballroom we were sitting in. Everybody looked up. Why was that disconcerting? While codes still regulate video smoke and fire detection, they're not impenetrable, and for the security installer who's interested in getting into fire, but maybe doesn't want to learn all about panels, etc., this solution makes a ton of sense. It's just cameras and DVRs. Not too difficult of an installation and the potential ROI is huge for the customer you're maybe doing access control for already. You can see all kinds of videos here, though they use Windows Media Player, which I detest. Rob Hagens, CTO of Envysion, went over the business case for managed video, and you probably saw the write-up of that in the newswire. I'll reiterate that the SaSS model seems like a no-brainer if you can make the bandwidth and infrastructure work. Al Liebl, presenting Proximex's PSIM technology, didn't get people hyped the way I thought he would. His presentation made a lot of intellectual sense, and drew some nice correlations to the IT service world, in that PSIM software has the ability to draw together a number of different systems and keep track of all of the security operations in one console, much the way a network is monitored by HP Openview or LANDesk, but I just didn't get very jazzed about it. He didn't have any pictures of the software in action. I think a lot of people were left wondering, "what exactly is PSIM? How does it work? What does it look like? How is it different than software I've seen before? Or is it just the same stuff I've seen with a different acronym attached?" Anyway, one rule I've taken from the presentation is that you should always provide pictures and video, if you can. Show them, don't tell them (to paraphrase a Rush tune). Last up was Steve Rice, who came to talk about ISONAS' IP access control. He drew the short straw on a number of levels. First he was last of five (we went alphabetically), but second he's only been with ISONAS for a couple of weeks, replacing Jerry Burhans as VP of sales and marketing there, so, while he knew the technology and had the pitch down, I don't think he was entirely comfortable being grilled by Pat Egan about where the 30 percent in installation cost savings comes. Essentially, with IP there's no panel, and Rice feels it's now a one-man installation, so there are the savings right there, but Egan felt you'd still need two guys to power the mag locks, etc., and he didn't really see the benefit of the PoE, etc. Some grumbled in the audience that Rice had never actually installed his own product. I think that's probably true, but you've got to give the guy a break. Still, it raises an interesting question: Has every high-level sales executive at the major security manufacturing companies actually installed their own products? I doubt it. Would it probably be of benefit in the sales process? Seems like it would. From the Lightning Round, attendees moved back to the exhibit hall, which, to be fair, was pretty deserted. For a variety of reasons, the show floor just wasn't what we'd hoped it would be (though the companies there were exactly the companies that should be there), and attendees saw most of what they needed to see on Day 1. It sounds a little like making excuses, but I'm serious when I say the exhibitors who understand that TechSec is more of a think tank than a show, and that we expect participation and attendance from our exhibitors, who have the chance to network and learn right along with the attendees, those guys have a great time at TechSec. Exhibitors who are just trying to maximize business card collection shouldn't bother coming. It just isn't that kind of show. What value do you take away from sitting with four or five integrators for 30 minutes each, each of whom does $25 million in business every year and is just exploring the use of IP technology in their installations? Seems like that's worth a lot. But I'm not sales guy. One of the more lightly attended sessions, possibly because it was up against a great case study of how megapixel cameras were used in the Montgomery County schools, dealt with using video as evidence. Miles Cowan, the CTO of Insight Video Net, which makes software that helps you manage your video assets, was joined by Jim Abbot, a 21-year veteran of testifying in more than 800 trials as a video expert for Dallas County (thanks for the hook-up cousin Kate!). For me, this was the most interesting session of the event. If you can't use the video as evidence, that strips it of some serious value. Abbot made a bold claim early: If the video isn't 4 CIF at 30 frames per second, he'd rather have analog tape. This drew any number of objections: that's impossible to store, it takes too much bandwidth to move that around, why isn't 15 frames plenty, etc. But Abbot held firm, saying too often the video he's asked to testify with is insufficient to prove the case beyond a reasonable doubt and he'd rather not go in there with it. Further, he didn't think very many systems integrators had any idea how to make sure the video would be admissible in court and essentially accused them of installing worthless systems that present unrealistic expectations for the customers who will eventually be seeking justice. I found that pretty interesting. There seems to be a major disconnect between the technology providers and the court system. Further further, you might not be able to make the business case for storing video of that quality, but how pissed is the CEO going to be when you can't bring someone to justice because the system he bought isn't providing good enough images? That's a bit of a conundrum, there. One of the more popular sessions of the day came after lunch (I had cheese torellinis three meals in a row-lunch/dinner/lunch-because that was the only vegetarian alternative they had. You'd think I'd look into vegetarian options ahead of time at my own conference). "Intelligent Video: The Partnership Way" was packed. But then the analytics sessions always are at TechSec. Everyone is either curious about whether they really work or looking forward to telling everyone who'll listen in the Q&A period about how they don't really work at all. One attendee's remark under his breath: "Why are almost all analytics installations ripped out after less than six months? Should I ask the panelists that?" Which is why, now, panelists always start with what analytics can't do. Alan Lipton (OV) and Doug Marmon (VideoIQ) did this last year, and Axis' Jumbi Edulbehram started similarly. They can't pick a face out of a crowd. They can't find an object amongst shoulder-to-shoulder people in a crowd. They don't work when there's no light. They can't tell if a person is about to rob someone else. They can, however, watch a fenceline, or tell you when someone's going the wrong direction, or tell the difference between bus and a car, and when made a piece of a bigger system can provide some good value. Especially (and this was the thrust of the panel) if done at the edge, placed on board IP cameras (he does work for Axis...). These points were echoed by IP expert at large Mark Kolar (Cisco, AgentVI) and OnSSI's Ted Marolf, and IBM's Steve Russo. Most of what they had to say was pretty common sense: Don't over-promise, test in the field, ask the end user what he wants, use multiple analytics from multiple vendors when possible, have an apple every day, exercise regularly, that type of thing. A question from the crowd: If you have analytics at the edge, aren't you looking yourself into one kind of camera and one kind of analytics for the long term? If you centralize, can't you switch out the cameras and the analytics much more easily? Jumbi, et al: Well, the cameras have processors on board now, so you can switch out the analytics from companies like AgentVI and Via:Sys, which are downloadable from the Internet, pretty easily, whether they have new versions or new rules. And sending just metadata and alerts back is a lot easier on the bandwidth than sending all the video back and doing the analysis on the server at the end. He acknowledged, though, that there are times when analytics at the server make sense, such as when you're searching through archived video to find things that have already happened, rather than just trying to create alerts in real time. Remember, it's the partnership way. I don't think the general feeling that video analytics are basically worthless has left a lot of the industry yet. We need more success stories and specific incidents where analytics did something that no other sensor could have done in order to convince the skeptics. I mostly believe (kind of like a 6-year-old's opinion on Santa Claus), but I need to see analytics at work in more installations before I'm an evangelist (I've been using that word a lot lately - not sure why). Finally, TechSec closed with the panel a lot of people had been waiting for: The Future of Standards. Rob Zivney, VP of marketing at Hirsch, had kind of been promising a bit of a scrap to anyone who'd listen for the past two days and he mostly delivered. He led with an explanation of BACnet's progress with an IP access control standard, then posed this question to the rest of the panelists: Why is your standard the best and why is better than what BACnet's doing? For a while, no one took the bait. Jonas Andersson, chairman of ONVIF, and Rob Hile, chairman of the PSIA, both took pains to emphasize they're not "standards" organizations, but rather groups looking to create specifications that their members can adopt, and which will hopefully become recognized standards at some future date. Roger Roehr, a member of the Smart Card Alliance Board of Directors who serves as the chair of the Smart Card Alliance Physical Access Council, made it clear that the Smart Card Alliance just steals standards from other people and issues white papers about how to implement them. But Hunter Knight, one of the guys who started the OSIPS standards effort at SIA, was pretty clearly chafed by recent developments on the standards front. First, he didn't like the idea that SIA would be used as a "pass through" organization for standards created by PSIA or ONVIF. There is a clearly delineated standard for creating standards, he noted, as created by ANSI, and he needs to follow that in order for SIA standards to be recognized worldwide. He can't just take a document from another organization and send it up the flag pole. There needs to be a comment period, universal ability for participation (i.e., no pay to play), etc. Further, he accused PSIA and ONVIF of "balkanizing" the industry, "insuring that the standards effort in this industry will fail." Rather than teaming with SIA, as they could have, these two organizations, he said, tried to go it their own way. Both Hile and Andersson stressed, however, that their standards are not mutually exclusive, and Hile even said they might come together in version 2.0 of the device discovery standard. But the two groups do differ on how they think people should architect their products. While ONVIF has backed a web services model, PSIA has gone with RESTful architecture. (Follow those links for what exactly that means. They're not mutually exclusive at all. It's just that Andersson kept saying "web services" and Hile kept saying "REST." There's got to be something important there.) Why does all this matter? One PSIM manufacturer stood up and asked how a software maker was supposed to build in so many different standards and specifications without going bankrupt. Hile made the point that two years ago, there weren't any standards, so having a few was certainly better than not having any. Another attendee made the point that the lack of a clear standard was holding the industry back, much like people didn't dive into HD DVD players until there was a winner in the Blu-Ray/HD Video competition. Maybe there is a lack of interest in investing in IP security systems when there is some trepidation as to what the industry will eventually decide on in terms of how products talk to one another. What happens if you install a system now going with a PSIA-endorsed standard, but then that group collapses and everyone goes with OSIPS? Will it be much more difficult to add new sensors in the future? As usual, TechSec seemed to raise more questions than it answered. I consider that to be a good thing. This isn't a conference where dumb or unenlightened people go to hear smart and enlightened people tell them all the answers. This is a conference where one is made to think, is exposed to new ways of doing things, and from which one should come away with any number of new ideas for solutions to existing problems. I think, in large part, this show was the most successful yet. The speakers were consistently thought-provoking and there was real disagreement on the panels, especially those concerning storage and standards, about the "right" way of doing something. So little disagreement makes it to the light of day in this industry, where everyone is so polite and conservative in their arguing. But it's only through a good argument that many things get decided. Without someone to push back against your ideas, how are you ever to know whether they hold water? At TechSec, there was plenty of push back, and it was all for the better. See you next year.

Turn the music down

 - 
Saturday, February 28, 2009
Here's an argument for turning the music down a tad.

TechSec worth the trip

 - 
Friday, February 27, 2009
So I'm back from TechSec Solutions, and I have to say the action was pretty awesome. This was my first time at TechSec Solutions and I really enjoyed meeting all the presenters and exhibitors. TechSec presented a valuable opportunity for me to meet a portion of the people who comprise this industry upon which I report, as well as a chance for me to learn a little more about what makes security such an important and resilient industry. My trip to TechSec was not without its challenges. I traveled from Portland, Maine on Monday morning, February 23. My flight (which the airline assured me repeatedly was due to depart "on time") was supposed to leave at 6 a.m. Now, being a conscientious traveler, I wanted to be there two hours early, which meant I had to be there at 4 a.m. I live about an hour from Portland Jetport, which meant leaving my house at 3 a.m. Okay, that's pretty darn early, but when you factor in the blizzard we were having (complete with downed trees across the major roadways and area-wide blackouts) that actually meant getting up at 2 a.m. to ensure quality shoveling time with the 14 inches of heavy wet snow blocking my driveway. I arrived at the Jetport at 4 a.m. and was a little gratified and a little irritated when the x-ray machine operator at the security check point chuckled and said "Buddy, you're the first one through... hope your plane actually leaves." "You mean 'leaves on time,' right?" I asked. "Yeah, whatever you say, man," he said, shaking his head. My plane did leave, but not until around 8 a.m., after we'd sat at the gate for two hours, the tug trying and failing on the icy tarmac to taxi the plane out of the gate. It had been a long day already, and I wasn't even off the ground in Portland yet. Once in the air, things got a little better. I had some pretzels and a Diet Coke and took a little nap, waking up just in time to land in Newark, N.J. Ten minutes after my connection took off. The first thing I did was call NMC's Irving, Texas central station manager Stefan Rayner with whom I had a scheduled visit that afternoon. Obviously, I would be later than we had planned. He said not to worry and that he'd wait around until I could make it out there for a visit to NMC's cool new facility. I then got myself on a later flight and settled in for my layover, feeling kind of uncomfortable and sticky (I lost power while shoveling my way out of my house in Maine. I thought nothing of it while shoveling, and didn't realize the full implications of having an electric water pump until I'd finished shoveling and tried to take a shower--no such luck. Fortunately, Portland Jetport had power, and I had lots of time to kill since I'd gotten there two hours early. So I grabbed a shave and cleaned up a bit, much to the later delight, I'm sure, of Stefan and everyone setting up at TechSec.) I was rewarded in several ways on landing in Dallas. First of all, the snow I'd battled in the wee morning hours that morning was nothing more than a chilling memory in warm, sunny Dallas. Secondly, my visit to NMC's new monitoring center in nearby Irving was all I could have hoped for. My predecessor Leischen Stelter visited NMC last year, but it was before the center was fully staffed and operational. The facility is all glass and steel and concrete and chrome with stylish blue shaded lights hanging from the shadowed recesses of a high ceiling filled with ducts and piping. Stefan met me in a conference room off of the lobby, and when I asked to see the actual operator area, he walked to a wall of frosted, opaque glass and pushed a button. The glass wall immediately faded to clear, and I could see the banks of work stations on the other side, positioned below two large ceiling-mounted monitors dominating the room. I had a nice tour and talked at length with Stefan about NMC's Irving facility, the monitoring they do there, and what it was like to move from Aliso Viejo, California (where NMC's other monitoring center is) to Texas. Stefan was one of only three people to move from the original California center out to Texas to oversee the launch of the new facility. The third way in which I was rewarded upon my arrival in Texas was checking in at the Fairmont in downtown Dallas, where I finally took a shower, dressed in a clean suit, picked up my badge and began meeting and greeting attendees. The show went well. Everyone I spoke with enjoyed the networking and educational sessions. See ssnTVnews for highlights.

Panasonic hearts Pelco, and vice versa

 - 
Friday, February 27, 2009
I'm working on a round-up of TechSec, day two, but in the meantime check out this announcement that came into my box this week: Panasonic and Pelco have entered into an "interoperability effort." Next up: cats on roller skates and a Bush/Castro family picnic. If you don't think the security market has changed significantly in the past five years, you're not paying attention. Whether it's the IP movement or just new business realities coming to bear, old rivals are making new bedfellows all over the place. Anyway, I don't have a web link, so here's a cut and paste of the release:
Panasonic and Pelco Enter Interoperability Effort. Secaucus, NJ (February 24, 2009) – Panasonic System Solutions Company and Pelco have aligned under the Panasonic Solution Developer Network (PSDN) in an effort to expand the interoperability of both companies’ video surveillance solutions to best serve the needs of customers. As a new PSDN member, Pelco plans to support Panasonic’s i-Pro network camera lineup under its enterprise-class IP-based video security system and management platforms. The joint effort reflects both companies’ commitment to interoperability and meeting the market demand for integrated security solutions at the enterprise level.
I mean, seriously, Pelco wants to make it possible for Panasonic cameras to more easily integrate with Pelco video management software? This seems like a really good sign for integrators and end users looking forward to an interoperable future.
Pelco currently supports Panasonic i-Pro network cameras with its Digital Sentry Digital Video Management System (DVMS). Expanded interoperability efforts will focus on Pelco’s Endura platform, supporting the i-Pro cameras. Panasonic and Pelco will work together to quickly accomplish the interoperability to meet existing customer demand. “Everything we do at Panasonic System Solutions Company is about empowering customers and serving their needs,” said J.M. Allain, President, Panasonic System Solutions Company. “We are committed to an ‘Open Infrastructure’ and are pleased to work with Pelco and other industry suppliers to meet the demands of end users on a common platform – the IT network.” “Delivering open and integrated systems is a cornerstone of Pelco’s product development focus,” said Dave deLisser, Director of Integration at Pelco. “We are excited about expanding our interoperability with Panasonic i-Pro cameras to our enterprise class video management systems.”
I actually believe those quotes to be true, but some of the old-school guys in the industry have got to be thinking this is bizarro-world.
Panasonic System Solutions created the PSDN program several years ago to develop partnerships that complement and extend its lineup of security and surveillance products to better meet both integrator and end user requirements. As part of its “Open Infrastructure” initiative, the PSDN program provides members, including Pelco, with development tools, technical information and assistance to integrate with Panasonic products. In September 2008, Panasonic announced the global expansion of its PSDN program, better enabling multinational integrators and end users with broader interoperability. Through PSDN, Panasonic is helping to provide resellers with expanded product solution offerings and end users with seamless security solutions.

ONVIF update

 - 
Wednesday, February 25, 2009
Here's the confirmation of the Cisco membership in Axis-Bosch-Sony-driven specification-developing body ONVIF, along with a few more member and position announcements:
ONVIF (Open Network Video Interface Forum) announces today that the forum has accepted 18 new members since the beginning of 2009. Cisco, Samsung and Siemens have joined the forum as full members and Anixter and Milestone as contributing members. ONVIF has now grown to a total of 40 member companies. A complete listing can be found at www.onvif.org . In line with its growing member base, ONVIF has extended the number of seats in each forum committee to a total of five seats from the previous three. The new positions have been filled through an invitation and election process that was finalized in mid February. As a result, Cisco and Panasonic are now members of both the Steering Committee and the Technical Committee. Samsung was voted into the Technical Services Committee and the Communication Committee, and the final seats in the Technical Services Committee and Communication Committee were taken by Anixter and Hikvision respectively.
Get all the details here.

Addendum

 - 
Wednesday, February 25, 2009
Well, this, I guess, could be an argument against security as a service. But only if you're doing managed access control through Google. (Which doesn't actually exist, to clarify.)

TechSec, Day 1

 - 
Wednesday, February 25, 2009
Well, we had a great first day here in Dallas for TechSec Solutions, now in year 5, with some well-received presentations and some interesting technology on the show floor. Attendance is a bit down - I'm not sure how we could have avoided that in this climate - but spirits are surprisingly up. Those people who are here aren't exactly crowing of boom times, but most talk about the opportunity that a down economy presents for aggressive companies with technology that solves real problems. (Of course, I don't think any conference wants to open on a day when the Wall Street Journal leads with a story about how the market is 50 percent off its peak.) Anyway, remember that post where I wondered about whether IPv6 was a big deal or not? Well, our keynoter, Jack Johnson, former CSO for DHS, apparently feels IPv6 is a big deal. He used his presentation to argue that it presents quite a few difficulties for a security staff. Chief among them is the fact that, while security is built into IPv6, there are also inherent ways for malicious hackers to hide their efforts and the increase in addresses makes the 'Net far more difficult to police and scan. Further, it's possible hackers will be able to much more accurately target those they'd like to damage, and may even be able to actually keep tabs on, say, people they'd like to target for assassination, simply by tracking their IP-enabled mobile device using its unique global IP number. Kind of scary, really. This was followed up nicely with a presentation by the Open Security Exchange, including Laurie Aaron from Quantum Secure, Dan Moceri from Convergint, Chip LeBlanc from Imprivata, and Dan Dunkel, who consults as New Era Associates. Their message centered on convergence in real life, a bringing together of the IT and security departments, not just a new technology for moving around security data. Following on Jack's speech, which essentially emphasized that the physical security department will be increasingly important in protecting the end points of a company's network, their message was that data loss is an increasingly important threat organizations need to guard against, and a simple convergence technique - like marrying logical and physical identities so that when an employee is terminated their physical access and network access are eliminated at the same time - can prevent real damage to a corporation or government entity. I think their message was well received, even if some attendees have convergence-fatigue. Maybe the best-received panel of the day came from Fredrik Nilsson of Axis, Steve van Till of Brivo and Andres Armeda of Secure-i. They spoke of the new trend of managed access control and managed video as delivered by security installers and integrators. They asked a simple question: You use software as a service for so many vital operations in your life and business already - online banking through your browser, salesforce.com, investment management with your broker - why should security be any different? And why are security alarm companies, so great at creating RMR, not jumping on providing this service? A number of integrator attendees have told me they're looking to increase their RMR - one said frankly they only do about two percent of their revenue in RMR - but they're having trouble figuring out the mechanism. Managed access, particularly, since it's not bandwidth intensive, seems to offer that mechanism. Other problems, however, include changing a culture at an integrator that has been focused on landing the big $1 million job, and maybe doesn't know how to compensate for someone who lands a $599-a-month account. Also drawing a good crowd was the storage panel I moderated, pitting leading voices from DNF, EMC, Intransa, and Pivot3 against one another (okay, it just seemed like they were pitted against one another - really it was a simple panel discussion, but, boy, there was a bit of sniping going on). Dick O'Leary from EMC, being the big dog in the room, bore the brunt of backhanded compliments, but handled it with aplomb, at one point noting that he wasn't sure whether EMC knew about a certain technology, since they'd only spent $1.7 BILLION in R&D last year. Still, attendees told me they appreciated getting an understanding of how these storage manufacturers differentiate themselves, as it can be difficult to figure out what the difference really is. And then, well, everyone went to the main hall for the free drinks. You'll see more on the show in the Thursday newswire, and hopefully we'll have some video up from the show later today. SsnTVnews is going to be bumping with new interviews and full-length videos of the keynote and other sessions in short order. It'll be just like you were here (except no free drinks).

Cisco joins ONVIF?

 - 
Tuesday, February 24, 2009
The bar at the Fairmont is always a treasure trove of information during TechSec Solutions, and this year is no different. Most interesting thing overheard: Cisco, which supplied the basis for the PSIA's device-discovery specification, has joined ONVIF. I'm working on a link to confirm that, but I haven't found it yet. I'm thinking Wednesday's Standards panel is going to be a hum-dinger.

Pages