two worlds no longer apart
TRANSCRIPT
43NOVEMBER/DECEMBER 2009
Two worlds no longer apartRichard Walters
Bristling with security, the modern enterprise should be impregnable. But, whether it’s the
physical theft of a document or an internet attack, security systems are failing. Why? Because
each component is working in isolation.
Physical and virtual security systems are now being integrated, providing IT systems
with physical evidence. The likes of data loss prevention and insider threat management
systems are now harnessing CCTV, physical access control, building management, intruder
detection and authentication systems to better protect the enterprise. But convergence is not
straightforward, which is why the likes of ASIS, ISACA and the ISSA have together formed the
Alliance for Enterprise Security Risk Management (AESRM).
AESRM seeks to accelerate the adoption of converged approaches to enterprise security risk
management, providing the industry with adaptive risk models, and promoting understanding.
Awareness of the complexities associated with merging physical and logical security is being
raised, but contentious issues remain.
Firstly, debate continues over whether network/gateway-based or endpoint-based security
solutions are best placed to deliver convergence. The former provide strong protection
against DoS and DDoS attacks, DNS attacks, port scanners, IP, ICMP and RIP based attacks.
While firewalls or IDS sensors can be adapted however, they give limited protection outside
the perimeter. Network-based solutions are blinded by encryption and are limited to specific
network protocols.
In contrast, the endpoint provides greater visibility of how users access, process, store and
transmit information and response is more immediate.
Secondly, concerns have been raised over the risks posed by integrating technologies onto
the same IP network. These are misplaced as this is simply not the way convergence is taking
place. Physical security systems architects deploy video surveillance systems on a separate
dedicated network and integration between physical security IP networks and the data LAN is
limited, with routing kept to a minimum.
The final most fundamental issue is the lack of standardisation. This is where the AESRM
could really make a difference. A number of other bodies are already leading the way: the
Open Network Video Interface Forum (ONVIF) and the American Public Transport Association
(APTA) are now grappling with the standardisation of protocols, APIs and other elements to
make integration less problematic, while vendor alliance the Physical Security Interoperability
Alliance (PSIA) are focusing on interactions/messaging between systems for selection,
control, and alerting.
Take video system integration, for example. An SI would need to look at the DVR (or NVR)
for the availability of an API and TCP interface. A small number provide both inbound and
outbound capabilities. More basic API’s support a ‘web cam mode’ enabling periodic image
upload (typically via FTP) while the more advanced support parameterised video streaming
and export, enabling footage to be linked to security incidents. In reality, the SI is limited by
the features supported by the vendor’s API, which is less than desirable.
The value convergence brings lies in the full visual audit trail of date and time stamped
events, provided by an integrated solution. Information from door entry and/or camera
systems provides indisputable evidence of hardware tampering or theft.
Integration with access control systems enables the enforcement of ‘low man count’
policies with the option to prevent access to sensitive data, applications or application
functions if occupancy drops below pre-determined levels.
Audit trails and the holistic security promised by security convergence are invaluable in
an age where organisations face increased threats from cybercrime, theft, fraud, extortion
and terrorism. But until the industry addresses standardisation we will have to work with
proprietary APIs which are vendor specific and vary in the features they support.
The value convergence brings lies in the full visual and audit trail of date and time stamped events, provided by an integrated solution
Richard Walters, Product Director, Overtis Systems
Colu
mn