“Noise” in a global security operations center (GSOC) refers to the numerous alarms coming in for operators to analyze and address. Amongst this “noise” are legitimate security alerts that need to be addressed immediately, crowded by completely false alarms triggered by faulty sensors, environmental factors (wind, rain, animals), and user error. When left unaddressed this noise problem can result in system overload, compromised security, high operator turnover, and complacency.
For this article, we chatted with HiveWatch Product Manager Rhiannon Brooks about the concept of noise in an operations center and how the HiveWatch® GSOC Operating System (OS) solves for it.
Alongside the entire product team, my role relates to understanding sources of noise, along with the outcomes that are most important to customers. It also encompasses providing tools in the product that address the noise so that GSOC teams can be confident and proactive in how they manage their devices and data.
The scenarios are endless, but here are a few common ones we’ve seen:
Essentially, anything that deters or puts at risk an operator’s ability to respond in real time to security threats.
"No two security programs are identical, so noise reduction approaches should be flexible and empower GSOC teams to drive their own noise reduction program."
HiveWatch approaches noise differently than many of the solutions currently offered on the market. We analyze not only the systems being used, but the individual customer’s data to determine the most accurate and productive path forward. This, combined with machine learning, allows HiveWatch to dramatically reduce false alarms and excess noise.
No two security programs are identical, so noise reduction approaches should be flexible and empower GSOC teams to drive their own noise reduction program. We talk about it like this: “one team’s noise is another team’s treasure,” which means that one team might need to gain all access control-related alarms, for example, while another team might want to focus solely on video analytics-driven alarms. The difference is in how each team uses the incoming data to optimize their programs.
Duplicate alarms are a large source of noise – that is, alarms that come in multiple times as new separate alerts. This is typically caused by faulty hardware that creates way more alarms in a timespan where it is not physically possible to have that many security incidents happen.
For example, think about a “door forced” alarm, where someone breaks in. But 30+ door forced alarms are created over 10 seconds. There is only one security incident for the GSOC to respond to, but they still have to close out 30+ alarms. That means 29 of them are duplicate false positives.
The HiveWatch® GSOC OS consolidates these alarms into a single signal, so operators can focus on responding to real incidents rather than clearing nuisance alarms.
GSOC operators are tasked with assessing incoming alarms from multiple sources throughout their shift. In the instance of multiple, duplicative alarms, some operators spend the majority of their time clearing, evaluating, and responding to false alarms, which can cause them to miss critical incidents or cause instances of burnout.
One of our customers actually assessed this, looking at the impact false alarms had on operators. Before implementing the platform, the organization determined that they would need six times the number of operators they currently had per day to respond to all of the alarms incoming as they scaled. The platform also helped GSOC operators become 57% more efficient, shifting from primarily reactive to a more proactive approach to physical security. This means the team now has more time to devote to strategic work that’s directly tied to business growth, cutting down on burnout and fatigue.
Looking for ways you can reduce noise in your operations center? Register for our upcoming webinar to learn more.
Or sign up for a one-on-one demo of the HiveWatch platform.