A day in the life of a security operator
Find out how operators can work more efficiently and focus on what's important.
Being a security operator isn’t easy. You’re responsible for safeguarding people, assets, and spaces in both uneventful and high-stress situations. Every day, countless issues large and small demand your attention, while at the same time, the list of things you have to keep track of continues to grow.
It’s true that each sector has its own concerns around the particulars of risk and what gets monitored. But there are some common challenges that nearly all of you face: dealing with false alarms, adhering to compliance regulations, and generating accurate reports.
False alarms are more than just a nuisance
According to SC Magazine, a recent North American survey found that 70% of security teams feel overwhelmed by the sheer volume of alerts they have to manage. Research from IFSEC Global suggests that 70-90% of alarms coming through a security operations center (SOC) are actually false or nuisance alarms.
False or nuisance alarms can be triggered by any number of events, including a recent example of growing vegetation swaying in the wind. Cameras are set to detect human activity by calculating how many pixels are moving in its field of view. When more than 40% are in motion, the system notifies the SOC.
It’s easy to see how a strong wind across long grass could cause almost half of the pixels to move dynamically in the frame. And, of course, the system notifies the SOC whenever this occurs.
Given the potential risk, you should investigate every single alarm. But, if you discover that the tall grass is the cause each time they go out to check, you’re less likely to prioritize this follow up.
According to the Cisco 2017 Security Capabilities Benchmark Study, about 56% of security alerts are actually being investigated. This means that 44% are not. And, since alarms that remain uninvestigated can leave organizations vulnerable, reducing the number of false and nuisance alarms is crucial for maintaining safety and security.
So many alarms, so little time
One of the dangers of receiving so many false or nuisance alarms is that you start to ignore them or turn off the sensor that’s sending them. This can have dangerous consequences. So, it’s important to ensure that you receive qualified alarms. Using a collaborative decision management system can help.
When a collaborative decision management system groups together detected events—a blacklisted plate in the parking lot, a perimeter breach at the fence, a forced door into the facility—it creates a qualified incident. It recognizes that a series of events has happened in close proximity, suggesting that something is, indeed, happening, and providing you with essential context linking separate events to form a larger picture.
Based on this, the system alerts the SOC and identifies the event as having a higher priority. Because the collaborative decision management system can also send the associated video feeds with the alarm, you do not need to search through hundreds or even thousands of other camera feeds to see the activity for yourself.
This improves safety and security by allowing you to prioritize your responses with confidence and deal with incidents that require immediate investigation in the appropriate timeframe.
Is it even possible to keep up with rules of compliance?
Another challenge that you might be facing comes from regulatory compliance. In our complex world, almost every vertical industry’s operational rules are driven by a governing body that dictates safety and security compliance regulations. These apply to everything from how an organization protects its data to how long that data must be stored.
Compliance for video redaction to protect privacy and for mandatory disaster recovery plans exist in a variety of sectors. And the rules around compliance are updated on a regular basis.
The number of compliance rules that apply to your job is enough to create significant knowledge gaps. Managing compliance by providing more training or producing more reference manuals isn’t sustainable. It’s no surprise that you can feel overwhelmed trying to stay up to date. You need support, and a collaborative decision management system can provide it.
Automation can save the day
The ever-increasing list of regulations includes rules about data retention and privacy protection. Keeping track of these regulations and ensuring compliance can be distracting. But failing to adhere to them can have serious consequences.
A collaborative decision management system can automatically maintain records for the requisite amount of time and redact parts of the records that aren’t meant to be retained to respect personal privacy.
This means that you no longer have to remember a variety of retention times for different types of data. And you also don’t have to worry about following regulations like the European Union’s General Protection Data Regulation (GDPR), the California Consumer Privacy Act, and the data privacy laws being proposed for 2020 across several U.S. jurisdictions, because your system does all of this for you.
No one wants to fight with reports
Finally, one of the on-going challenges you might be facing in your day-to-day activities is creating reports. Particularly if your organization works with law enforcement, the ability to produce human-readable reports in a timely manner is crucial.
All too often, you find yourself doing paperwork at the end of your shift. This means that you are relying on memory to document every detail surrounding any incidents that occurred in a day.
Then, to create the report, you have to go through a variety of source files and export data to EXCEL. This process can extend over days or weeks as other tasks get in the way. At the same time, crucial pieces of information, like the exact time you responded to a forced door alarm, can become vague.
A collaborative decision management system can be configured to automatically log every action you take during incident response and to timestamp and encrypt video. The system would then archive the resulting report for the pre-configured duration mandated by the above-mentioned compliance regulations.
Improving the day-to-day life of SOC operators
At Genetec, we believe that helping you perform your daily tasks more effectively and efficiently is crucial for maintaining safety and security everywhere. When a system can create qualified events, automate compliance, and generate accurate and timely reports, it helps you focus on what’s really important. Keeping us safe and secure should be your only task at hand.