The Evolution of the Security Command Center

Change will never be this slow again.

This succinctly describes the modern Security Operations Center (SOC). Our customers tell us they are processing more alarms triggered by more cameras, doors, IOT devices, business risk systems, social media watch lists, BOLOs, travel advisories, network systems, and so the list goes on. And, that's just the alerts! In order to achieve situational awareness operators are also accessing many different business systems for building and contact information, mapping data, floorplans, guard dispatching tools, and so forth. In short, it’s more data from more sources and the tide is still rising.

Change-2000_2-1

In fact, SOCs are becoming almost a general purpose triage center for any type of event that impacts an organization. These operators may not be able to fix the problem but they do have the tools to assess, dispatch, and notify teams that can take action. Security executives see this change as an opportunity to put their SOC at the heart of the organization, protecting people, assets, and brands from threats.

Originally, PSIM (Physical Security Information Management) systems were developed to address these problems. The promise of these systems was that they could tie all of these disparate systems into a common operating picture. And, in some circumstances they did, especially in large single-use locations (think a seaport, airport, etc). Many of these installations involved custom integrations to very specific systems and once a project was complete, change was rare. Now, however, many modern organizations do not look like this: they are agile, dynamic, and in a state of constant change and growth across multiple locations and regions.

The challenge today is building a security operation that is flexible and versatile enough to embrace this change while maintaining the operational discipline and flexibility to improve security outcomes.

That means everyone is looking for a better solution. The next generation of these systems addresses this challenge by not cramming more and more information into a confusing and complex interface, but instead, are designed to simplify security response. The closer you get to achieving a “real-time” response, the better chance you have of a positive outcome. (You can read more about this in our White Paper “Response Time: The Key to Better Security Outcomes”, where we discuss the 7 essential steps that you can take now.)

When PSIM platforms were initially introduced into modern SOC environments, not surprisingly, they often failed. The fundamental design characteristics of these platforms were at odds with a networked organization that needed faster, consistent response. Providing more and more data (aka “Information Management”) to an operator does not help them respond faster: paradoxically, too much data can overwhelm them and, in turn, slow down response.

Now, by focussing instead on improving security response you can achieve a fundamentally different yet, more agile approach. At SureView we focussed our next-generation design on showing operators just the information relevant to the event. Sounds easy right? Of course, it's not. To tackle this problem, we looked at the interface through the lens of an operator on their first day on the job. They have no institutional knowledge, they don’t know where anything is located or who is responsible for what. So with this in mind, we made the decision to only show operators relevant data—floorplans, cameras, guards, assets—near to the originating alarm or event. This not only cuts out the “noise” but it makes it simpler for the operator to focus on what is important, not to mention easier for the operator to learn and get up-to-speed relatively quickly.

Response-Screen1_2-1

The SureView Response window - All the key information needed to quickly respond to an event

Media-Matrix-integrations_2-1

The SureView Media Matrix window - Providing immediate situational awareness to aid in quick response

Even so, we know that you can’t eliminate the tension in a crisis—responding with urgency is part-and-parcel of crisis management and it’s what operators are trained to do. But, what you can do is make things simpler, easier, clearer, for everyone. The design of SureView’s next-generation interface makes the operators’ jobs quicker, more efficient—streamlined. This reflects the way that organizations themselves are moving.

This type of thinking changes your product in other fundamental ways. The way we integrate evolves from large, sometimes custom, projects, to a standard approach that focuses only on common data that the operator requires to respond to an event. By developing a standards-based approach you greatly reduce the complexity of both the user experience and the infrastructure needed to maintain it. Regardless of the type of system, the format of the data, or how it’s transmitted SureView’s response interface remains the same. This consistency ensures that operators can respond immediately and more effectively—while Security Executives can scale the operation as it changes and build resilience into their IT and Operational plans. To learn more about developing your own durable plan for operational readiness, read our additional White Paper “Resilience: The Key to Building a Robust Command Center”.