robots can be more cost-effective than live guards for expansive indoor areas. Drones can tackle surveillance outdoors in rugged terrain. There is a wide assortment of data-rich security technolo- gies that feed SOC operators the evidence they need to effectu- ally monitor and triage incidents, per their standard operating procedures.
EVERYTHING UNDER ONE CONTROL
It would be inefficient for a SOC to treat these technologies as stand-alone security systems, requiring operators to login to each one separately and respond to alerts individually. The key to a co- hesive SOC operation is open-source technology. When systems are interlocked together, security incidents are brought forward directly to be acted on, no matter which system detects them.
A SOC already may have the best technologies, but if systems do not communicate in a common language and if data and alerts are not presented on a “single pane of glass,” then their capability is diminished. A third-party SOC software can bring them together in a well-organized format, as can a VMS. The concept is that from one user interface, operators not only can view status information and alerts across all systems, they also can control them — for example, aiming a camera to a door that triggered an access control alarm or directing an audio message to the origin of a video breach.
If your SOC is not yet ready to implement an integrated sys- tem, it can move towards a cohesive approach by not getting locked into long-term contracts, especially with proprietary soft- ware. An open-source approach is critical, because of the speed that technology continues to develop.
RIGHT-SIZING YOUR SOC
As organizations continue to lean into the benefits that a SOC provides, they need to take stock of their resources to “right-size” their operation. SOCs should look at their staffing (and its skill level), financial support, existing equipment and technology, and other resources. Some organizations are abundantly staffed and funded, while others have just three or four people monitoring 1,500 locations, and still others have not invested in a SOC at all. Identifying where a SOC has better-than-average resources and where it lacks resources can help shape the operation.
Something that is important for one SOC may not be for an- other: an enterprise may benefit greatly from audio voice-downs, while to another thermal cameras or radar detection would be more useful. SOCs may want to think about feature/price op- tions. For example, after adding the licensing and fees, they may not be able to afford that innovative analytic that they wanted, but they may be able to afford a less-featured analytic that pro- vides a similar result.
DEPENDING ON PARTNERS
SOCs may lean on their integration, vendor and software part- ners by conveying their needs to them and requesting solutions. Sometimes the solution will be to outsource. Not every function needs to be performed in-house from the SOC, although most
“Modern technologies enable SOCs to effectively engage
staff and processes, allowing them to respond and deescalate situations faster than before. In many cases, they can prevent security incidents from occurring in the first place.”
security professionals may prefer it that way. Being fully staffed also can mean performing a supervisory role in-house, while con- tracting out labor for the security monitoring. Another option is to completely outsource monitoring to a third-party. What do each of those methods entail and what is the cost?
Some SOCs use a hybrid approach, turning over monitoring to a 24-hour monitoring center after business hours. Security integra- tors may offer this service or have a partner that specializes in it. A visit to the monitoring center can demonstrate what their ap- proach is to handling alerts and if their technology solutions meet the SOC’s requirements. It’s not necessary to use the same security integrator for monitoring as used for installation and service.
Integrators may assist SOCs that have limited funds or small staffs. In addition to monitoring, they can provide design, in- stallation, programming and start-up. They can provide analyt- ics and other technologies as a service. An integrator also can perform documentation of the system, showing connections for future service or if modifications are needed.
COMMUNICATING, MAINTAINING THE SOC’S VALUE
Keeping an enterprise’s executive team apprised of the purpose, activities and results of the SOC can go a long way in gaining support for the operation. Reports based on security data that show reductions in crime, as well as video clips of apprehensions — celebrating “wins” — will get executives excited about the op- eration and root their positive beliefs about the SOC’s value.
There is a great deal of upside to security operation centers, specifically today. The amount of data pouring in will overwhelm operators unless they find a way to channel it through the right user interface and layout. While no one can predict when something is going to happen, they certainly can develop a system that closes the gap between when it does happen and when they respond.
While working with a security integrator and other partners is es- sential, a SOC should have the prerequisite knowledge of the many technologies available today and understand
what an integrated solution can do for their en-
terprise. Then it’s up to them to take those build- ing blocks and build their own fortress.
James Stark is the segment development manager Retail at Axis Communications.
   48
SEPTEMBER/OCTOBER 2024 | SECURITY TODAY
SECURITY OPERATIONS CENTER