Mystique can be a great advantage in lots of professions. For example, movie stars seem more exotic and interesting the less we know about them. The attraction of traveling to distant countries and strange cultures is also boosted by the desire to see something obscure.
But I’m not sure mystique is a good thing when it comes to security systems, and that’s one of the problems I see with BRS Labs. They have generated market interest by their amazing claims, but there is very little known about their technology. That may be their biggest advantage – at least for creating marketing buzz – but it raises quite a few concerns when it comes to actually using their systems for security.
Let’s take their central claim that they can detect out of the ordinary behaviors without any rules being set up or configured. It automatically observes the area, learning what is typical. Then it alerts you when something happens that is abnormal.
It’s a truly fascinating marketing concept. Who wouldn’t want a system that you could just plug in and was smart enough to know when a potential threat was occurring – even warning you about things you would not have thought about before. At first it seems like the perfect answer to security.
However, the more I think about it, the more concerned I get. The problem is that we don’t know what it is going to detect or why, and we don’t know what it might miss that could be important. In other words, it is mysterious about how it works.
How do you know how effective the system will be unless you know what it is detecting and how it works? How do you know it is going to catch real threats that matter to you, if you don’t know its enigmatic methods of detection?
Being curious, I decided to do some research. I tracked down the first patents that BRS Labs filed to get a better idea of what was under the hood. And just like in the Wizard of Oz, once I pulled back the curtains and understood what they were doing, it lost a lot of its mystique.
The most important thing I learned: Their system isn’t smart enough to work without rules. Their system requires rules just like all analytics systems. The big difference is that they simply aren’t telling you what those rules are that the system is using. It can’t detect anything out of the ordinary, it can only detect the types of things they program it to look for. How can you ever judge how well the system is going to work unless they tell you what those rules are?
From what folks at BRS have said, their system watches where objects enter the field of view and where they go in the scene, including their direction of travel. I believe they also detect where objects stop and about how fast they move. They probably distinguish people from vehicles and seem to be able to filter out ordinary background movement. This is actually all stuff we do as well, as do many other analytics systems.
What is different, is that they monitor these specific activities over time, and if some pattern of actions happens that is different from previous activities, they consider that a potential threat. In other words, if a car parks in an area where the system hasn’t seen a parked car before, it generates an alert. It will do this whether you care about that or not. If you get the alarm and don’t care about it, then you can tell the system to stop sending alarms like that.
But here’s the problem: when you are telling it you don’t care about that kind of alarm, you can never be sure what you are saying you don’t care about. You might think you are telling the system that you don’t care about someone parking in that spot, but in fact it might have alarmed because it was a truck and it had never seen a truck in the scene before, or the truck might have taken a different path than usual. You are telling the system to stop sending those alarms, but you don’t even know what it is you are turning off – because you don’t know the rules it was using in the first place. So, you might be making the system worse.
You might think, then, that you should not tell it to stop sending alarms, but the system needs you to, because when the system starts up, it generates large quantities of alarms, because lots of things look abnormal at first. The false alarm rate would never be manageable if you didn’t teach it what was not important. This process takes weeks of training, from what I’ve heard.
If you were trying to protect a high risk facility, such as a nuclear power plant or a place were dangerous chemicals were stored, how secure would you feel if you never knew what your system was detecting and what it was ignoring? And how secure you would feel if you told the system something was unimportant, but you didn’t know exactly what you were turning off?
If I want to detect someone in an area that is off-limits at night, with a rules based system you define the detection you want, and you can easily measure if it is missing real threats or sending you false alarms. But how do you measure or judge the accuracy of a system when you have no idea what it is detecting or avoiding? I don’t think this is a place for mystique. I think this is a place where we need to know what the system is doing. Otherwise, how can we ever know if it was going to provide the kind of protection we need?
That’s the first big problem that concerns me about this idea. However, as I thought about it, another problem became clear as well. This is something that is important in security: How easily could someone defeat your system? In this case, it becomes clear that if you do something repeatedly, the system is going to start ignoring it, because it is no longer abnormal. So, if someone wants to defeat the system, they just need to do something over and over again, and they can be sure the system will stop alerting on that behavior.
For example, you might want to be warned whenever a car enters a parking lot at night. Well, if a smart terrorist or criminal knew you had one of those mysterious behavioral detection systems, they would simply make a habit of driving into the parking lot and turning around and driving out. The first few times it would generate an alarm and anyone looking at the video would probably think a person just came in by mistake and left. But even if you wanted to keep an eye on such behaviors because it could potentially be a problem, you would not be able to, because the system would start ignoring it once it happened often enough.
Hopefully BRS has a way for the user to tell the system that although an alert was not important, that it still wants to keep seeing them – and not to start ignoring those kinds of things. But the problem is that you don’t know exactly why it generated the alarm, and so you don’t know what it is you are asking for more of, or saying you don’t want to see any more.
The BRS LabsĀ systems would be a lot more useful if they told everyone exactly what their rules are for detection. However, this would probably rob them of the great mystique their system has, which has certainly created a lot of good marketing for them.
Mystery is a great attractor. But when it comes to security, I think we need to know how a product works before designing it into a system. Spice is nice, but it doesn’t make a good main course.
February 7, 2010 at 12:05 am
So in summary, you’re personally not comfortable with their product because the company has selected not to share their IP secrets with the general public or competitors. Did it really require nearly 20 paragraphs (saying the same thing over and over) to convey such a simplistic point? Maybe BRS Labs should be more forthcoming with info, but in your case, less would’ve been so much more.
February 7, 2010 at 6:18 pm
GSteen: Unfortunately, what you wrote was not a good summary.
The problem is not with the sharing of intellectual property.
To keep it short: It has to do with controlling your security protection.
Rule based analytics, which they claim are inferior, let you set up exactly what you want to detect and when to alert you. Their system also has rules, but they don’t tell you what they are and only they can control them.
Its like having a car with no means of control except a “right” and “wrong” button. It might be great to show off how incredibly smart the car is – but as soon as you want to go someplace, most people are going to want their gas pedal, steering wheel and brakes back, so they can drive the car, instead of just going wherever it takes them.
That’s a real short summary. But understanding the reason this is such a problem is what needed the explanation.
Thanks.
Doug.
February 7, 2010 at 8:56 pm
I think GSteen, is right ’bout the write up. To extend it even Doug’s response is long and winding.
thanks,
kirthi
February 9, 2010 at 12:16 pm
I disagree with the two negative reviews. There was much more than one point to the review. Personally, I would think that if something is “abnormal” it probably would be less risky not more risky. Bad guys try to blend in not stand out. I never thought about bad guys gaming the system as Doug points out so that’s a good point too.
February 10, 2010 at 5:09 pm
Kirthi,
Anyone looking for short tweets should consider dropping this blog. I know quite a number of people are connecting to my blog through Twitter, so this might be the issue here. Short comments are best for Twitter.
My blog is about providing in-depth comments, showing why things work or don’t work in the world of video security, and I try to explain it as clearly as possible. I also try to talk about things I haven’t heard mentioned anywhere else before.
I always appreciate the feedback, however.
Thanks.
Doug.
February 10, 2010 at 5:12 pm
Tom,
Thanks for the comments.
Also, thanks for the point about how bad guys try to blend in. An “abnormal” detector is not going to do well catching them.
Great point.
Thanks.
Doug.
February 16, 2010 at 6:54 pm
Doug, thanks for the concise follow-up and I apologize if I came across as snippy. Without intending to sound pro-BRS Labs, it’s difficult to understand how anyone can provide an objective viewpoint on them when the information at present is so limited. I’d argue that currently it is too early to lean one way or the other, but will continue to follow your tweets when more data is eventually made available. – gs
February 19, 2010 at 8:14 pm
GS,
I agree that there is a real lack of information about their technology and this is probably a much bigger problem for potential customers than I was addressing.
Thanks.
Doug.