3. Interfaces
Kid in a candy store
Vendor API agreements – technical and
political hurdles. Beware ‘It can…’
Build once, maintain forever
Integration license fees
5. The Life Cycle Of Security
Operations
Time
ResourceLevel
Prediction SituationalAwareness
Reconstruction /
Investigation
Situation Management
6. Datafication (Big Data generation)
Alarm Correlation from Big Data
Big Data Collection
Proactive Action
based on Big Data Similarity
Alarm Unification from Big Data
Big Data Mining (Identifying Insights)
Proactive Action
based on Big Data
Abnormality
November 19th – 21st
@psoce I www.psoce.com
Hilton Long Beach & Executive Meeting Center
2013
Port Security Operations Conference & Expo
PSOCE – LA I Long Beach
7. Training
PSIM impacts processes, users change
behavior
3-6m to 2-3d. Do prior to rollout to gain
confidence
Attrition means retraining.
Management movement requires re-
justification (what and why)
Minor tweaks handled by local system admin
8. Maintenance
Feeding
Resources – user, consultant, SI and vendor
Roles – sys admin, high level config, low level
config, interfaces
11. Key Benefits
SO WHAT CAN NICE DO FOR YOU…?
Faster
Response
Better
Awareness
Efficient Use of
Resources
False Alert
Reduction
Consistency in
Handling
Learning and
Improving
12. The Life Cycle Of Security
Operations
Time
ResourceLevel
Prediction SituationalAwareness
Reconstruction /
Investigation
Situation Management
Better
Awareness
False Alert
Reduction
Efficient Use of
Resources
Faster
Response
Consistency
in Handling
Learning and
Improving
Learning and
Improving
13. Return On Investment
ROI
Shows value and creates interest
Helps the ‘CSO’ convince internally
Remove opposition and doubt
Be customer specific
Show potential savings based
on customer specific figures
Use our success stories
Tools at your disposal
Internal case study decks
ROI ppt
ROI excel
Better
Awareness
Faster
Response
False Alert
Reduction
Efficient Use
of Resources
Consistency in
Handling
Learning and
Improving
Hinweis der Redaktion
Initial Visioning
Scope – confined, not everything. Other departments need to know the big picture and give their buy-in, but not smother the initial project. Budget from one place, else competing priorities.
If you start small, and intend to grow big, you need the confidence that the organization shares that vision.
Tangible and measurable goals (saving headcount, alarm reaction time, incident closure time, reduce false alarms, reduce time to be and prove compliance, reduce complaints of other people not knowing, etc. If it meets them, then it is successful – no statements like ‘it isn’t used or it doesn’t do what we want it to.
Scope creep pre-installation, beware of touching too many other systems and departments because of added complexity. Also beware of moving from physical security to operations – complexity and especially priorities.
Expanding scope post-installation, people start realizing the potential impact once they see it live. It is important to capture these feedback ideas else you start getting ‘well it doesn’t do X’ which affects adoption.
Ensure any claims or promises from the vendor are backed up by their professional services group in writing.
Interfaces
Kid in a candy store – ‘we can pull everything together’. Decide what you want to achieve, and let that drive what you want to integrate.
Vendor integration agreements – technical and political challenges. Some APIs better than others, supported better, reverse engineering, 1-way or 2-way. Rate of change, also previous integration may be old enough that major rework has to be done to incorporate functionality that did not exist before, or was not implemented. May perceive integration as a threat, loosening choke hold on the customer. A VMS or PACS vendor may have a proprietary PSIM roadmap and may want to exclude any other.
Beware the vendor who claims they can integrate to X – demand a letter from X indicating that they will cooperate, and check potential license fees.
Rollout
Sudden change is rarely well received – yanks us out of our comfort zone. Need senior enforcement that this PSIM, the new system of record, is the new way, so people stop using backdoors or other workarounds.
Complex projects are invariably better rolled out in phases. Lessons learned can be fed in. If too many stakeholders then makes priorities complicated.
Smaller budget, and proof of meeting original goals establishes faith and can further justify investment.
We can also look at the effort the customer puts into handling each one of these stages,
this is an illustration of course but in reality every incident has certain characteristics that we can influence and improve,
in the following slides we will discuss how we can improve various aspects of incident handling
Training
Reduces training from 3-6 months to 2-3 days. Do this prior to roll out to gain end user confidence.
PSIM affects many people and the way they work, training and practice is more important from a behavioral modification point of view that learning how to use the system.
Attrition at the operator level demands continuous training classes. Movement in the management sometimes requires ‘re-justification’ as to why the system does what it does, and in the way it does it.
For system administration, frequent tasks should be handled by permanent staff to expedite. PSIM is at the hub of how people and systems interoperate – if it needs tweaking then it may look disproportionately bad if it takes too long.
Maintenance
Monster has to be fed – far from set and forget. It is the center of everything.
4 typical categories of resources that engage: end user, consultant, SI and vendor.
3 broad categories of maintenance work, system admin such as managing users and privileges, contact info and designing real-time reports. High Level System Configuration such as adding/replacing sensors, modifying maps, creating and modifying business rules and procedures, creating reports. Low Level System Configuration such as adding a new or updated subsystem. Interface development and revision.
Looking at our portfolio we can emphasize that we have products that capture and analyze information in the bottom 2 products
Our strength is on adding value to your security operations through smart content analytics sensor correlation that help you make sense of your security big data and increase efficiency and effectiveness.
Another talking point is that we help you manage your security needs in real-time and post event
Another element of our physical security portfolio is the newly added web insight solution – which compliments our offering with cyber insights (which are taken from open source web) which compliments the solution through the entire life cycle of the event, from prediction, to real time information flow through post event investigation
The bottom line is that we help you optimize security operations, reduce risk, and improve investigations
We can also emphasize that our products capture masses of data, and add value to your security operations through content analytics and correlations to help make sense of the overflow of information
Another talking point is that we help you manage all of that in real time as well as post event
Another element of our physical security portfolio is the newly added web insight
The bottom line is that we help you optimize security operations, reduce risk, and improve investigations
Here are the main benefits that NICE can provide
These areas apply to almost all customer sin all domains, the trick is to use your customers specific examples and their potential benefits
Now if we go back to the typical life cycle of an incident we can see the benefits we discussed cover and have an impact on all stages of the process, in the end of the day we reduce the overall effort and the overall time needed to handle incidents. It is important to take your customer’s specific situation, choose the right benefits that make sense for them and show how the improvement can be achieved
Discussing ROI has a specifically strong impact on the sales process, as you have seem throughout the presentation many of the benefits can be associated to measurable ROI (and if not measureable then certainly implied ROI), this always creates more interests, helps our customer gain internal support and budgets and creates a higher level discussion.
It doesn’t always have to be “mathematically” proven, its enough to establish the expectation of significant savings
Important to remember – be specific (this requires some preparation on the customer specific case).
We have quick a few cases you can learn from, they are described in details in our internal case studies, and in addition there are ROI tools you can use