43NOVEMBER/DECEMBER 2009

Two worlds no longer apartRichard Walters

Bristling with security, the modern enterprise should be impregnable. But, whether it’s the

physical theft of a document or an internet attack, security systems are failing. Why? Because

each component is working in isolation.

Physical and virtual security systems are now being integrated, providing IT systems

with physical evidence. The likes of data loss prevention and insider threat management

systems are now harnessing CCTV, physical access control, building management, intruder

detection and authentication systems to better protect the enterprise. But convergence is not

straightforward, which is why the likes of ASIS, ISACA and the ISSA have together formed the

Alliance for Enterprise Security Risk Management (AESRM).

AESRM seeks to accelerate the adoption of converged approaches to enterprise security risk

management, providing the industry with adaptive risk models, and promoting understanding.

Awareness of the complexities associated with merging physical and logical security is being

raised, but contentious issues remain.

Firstly, debate continues over whether network/gateway-based or endpoint-based security

solutions are best placed to deliver convergence. The former provide strong protection

against DoS and DDoS attacks, DNS attacks, port scanners, IP, ICMP and RIP based attacks.

While firewalls or IDS sensors can be adapted however, they give limited protection outside

the perimeter. Network-based solutions are blinded by encryption and are limited to specific

network protocols.

In contrast, the endpoint provides greater visibility of how users access, process, store and

transmit information and response is more immediate.

Secondly, concerns have been raised over the risks posed by integrating technologies onto

the same IP network. These are misplaced as this is simply not the way convergence is taking

place. Physical security systems architects deploy video surveillance systems on a separate

dedicated network and integration between physical security IP networks and the data LAN is

limited, with routing kept to a minimum.

The final most fundamental issue is the lack of standardisation. This is where the AESRM

could really make a difference. A number of other bodies are already leading the way: the

Open Network Video Interface Forum (ONVIF) and the American Public Transport Association

(APTA) are now grappling with the standardisation of protocols, APIs and other elements to

make integration less problematic, while vendor alliance the Physical Security Interoperability

Alliance (PSIA) are focusing on interactions/messaging between systems for selection,

control, and alerting.

Take video system integration, for example. An SI would need to look at the DVR (or NVR)

for the availability of an API and TCP interface. A small number provide both inbound and

outbound capabilities. More basic API’s support a ‘web cam mode’ enabling periodic image

upload (typically via FTP) while the more advanced support parameterised video streaming

and export, enabling footage to be linked to security incidents. In reality, the SI is limited by

the features supported by the vendor’s API, which is less than desirable.

The value convergence brings lies in the full visual audit trail of date and time stamped

events, provided by an integrated solution. Information from door entry and/or camera

systems provides indisputable evidence of hardware tampering or theft.

Integration with access control systems enables the enforcement of ‘low man count’

policies with the option to prevent access to sensitive data, applications or application

functions if occupancy drops below pre-determined levels.

Audit trails and the holistic security promised by security convergence are invaluable in

an age where organisations face increased threats from cybercrime, theft, fraud, extortion

and terrorism. But until the industry addresses standardisation we will have to work with

proprietary APIs which are vendor specific and vary in the features they support.

The value convergence brings lies in the full visual and audit trail of date and time stamped events, provided by an integrated solution

Richard Walters, Product Director, Overtis Systems

Colu

mn