Mystique can be a great advantage in lots of professions. For example, movie stars seem more exotic and interesting the less we know about them. The attraction of traveling to distant countries and strange cultures is also boosted by the desire to see something obscure.
But I’m not sure mystique is a good thing when it comes to security systems, and that’s one of the problems I see with BRS Labs. They have generated market interest by their amazing claims, but there is very little known about their technology. That may be their biggest advantage – at least for creating marketing buzz – but it raises quite a few concerns when it comes to actually using their systems for security.
Let’s take their central claim that they can detect out of the ordinary behaviors without any rules being set up or configured. It automatically observes the area, learning what is typical. Then it alerts you when something happens that is abnormal.
It’s a truly fascinating marketing concept. Who wouldn’t want a system that you could just plug in and was smart enough to know when a potential threat was occurring – even warning you about things you would not have thought about before. At first it seems like the perfect answer to security.
However, the more I think about it, the more concerned I get. The problem is that we don’t know what it is going to detect or why, and we don’t know what it might miss that could be important. In other words, it is mysterious about how it works.
How do you know how effective the system will be unless you know what it is detecting and how it works? How do you know it is going to catch real threats that matter to you, if you don’t know its enigmatic methods of detection?
Being curious, I decided to do some research. I tracked down the first patents that BRS Labs filed to get a better idea of what was under the hood. And just like in the Wizard of Oz, once I pulled back the curtains and understood what they were doing, it lost a lot of its mystique.
The most important thing I learned: Their system isn’t smart enough to work without rules. Their system requires rules just like all analytics systems. The big difference is that they simply aren’t telling you what those rules are that the system is using. It can’t detect anything out of the ordinary, it can only detect the types of things they program it to look for. How can you ever judge how well the system is going to work unless they tell you what those rules are?
From what folks at BRS have said, their system watches where objects enter the field of view and where they go in the scene, including their direction of travel. I believe they also detect where objects stop and about how fast they move. They probably distinguish people from vehicles and seem to be able to filter out ordinary background movement. This is actually all stuff we do as well, as do many other analytics systems.
What is different, is that they monitor these specific activities over time, and if some pattern of actions happens that is different from previous activities, they consider that a potential threat. In other words, if a car parks in an area where the system hasn’t seen a parked car before, it generates an alert. It will do this whether you care about that or not. If you get the alarm and don’t care about it, then you can tell the system to stop sending alarms like that.
But here’s the problem: when you are telling it you don’t care about that kind of alarm, you can never be sure what you are saying you don’t care about. You might think you are telling the system that you don’t care about someone parking in that spot, but in fact it might have alarmed because it was a truck and it had never seen a truck in the scene before, or the truck might have taken a different path than usual. You are telling the system to stop sending those alarms, but you don’t even know what it is you are turning off – because you don’t know the rules it was using in the first place. So, you might be making the system worse.
You might think, then, that you should not tell it to stop sending alarms, but the system needs you to, because when the system starts up, it generates large quantities of alarms, because lots of things look abnormal at first. The false alarm rate would never be manageable if you didn’t teach it what was not important. This process takes weeks of training, from what I’ve heard.
If you were trying to protect a high risk facility, such as a nuclear power plant or a place were dangerous chemicals were stored, how secure would you feel if you never knew what your system was detecting and what it was ignoring? And how secure you would feel if you told the system something was unimportant, but you didn’t know exactly what you were turning off?
If I want to detect someone in an area that is off-limits at night, with a rules based system you define the detection you want, and you can easily measure if it is missing real threats or sending you false alarms. But how do you measure or judge the accuracy of a system when you have no idea what it is detecting or avoiding? I don’t think this is a place for mystique. I think this is a place where we need to know what the system is doing. Otherwise, how can we ever know if it was going to provide the kind of protection we need?
That’s the first big problem that concerns me about this idea. However, as I thought about it, another problem became clear as well. This is something that is important in security: How easily could someone defeat your system? In this case, it becomes clear that if you do something repeatedly, the system is going to start ignoring it, because it is no longer abnormal. So, if someone wants to defeat the system, they just need to do something over and over again, and they can be sure the system will stop alerting on that behavior.
For example, you might want to be warned whenever a car enters a parking lot at night. Well, if a smart terrorist or criminal knew you had one of those mysterious behavioral detection systems, they would simply make a habit of driving into the parking lot and turning around and driving out. The first few times it would generate an alarm and anyone looking at the video would probably think a person just came in by mistake and left. But even if you wanted to keep an eye on such behaviors because it could potentially be a problem, you would not be able to, because the system would start ignoring it once it happened often enough.
Hopefully BRS has a way for the user to tell the system that although an alert was not important, that it still wants to keep seeing them – and not to start ignoring those kinds of things. But the problem is that you don’t know exactly why it generated the alarm, and so you don’t know what it is you are asking for more of, or saying you don’t want to see any more.
The BRS LabsĀ systems would be a lot more useful if they told everyone exactly what their rules are for detection. However, this would probably rob them of the great mystique their system has, which has certainly created a lot of good marketing for them.
Mystery is a great attractor. But when it comes to security, I think we need to know how a product works before designing it into a system. Spice is nice, but it doesn’t make a good main course.
February 7, 2010 at 12:05 am
So in summary, you’re personally not comfortable with their product because the company has selected not to share their IP secrets with the general public or competitors. Did it really require nearly 20 paragraphs (saying the same thing over and over) to convey such a simplistic point? Maybe BRS Labs should be more forthcoming with info, but in your case, less would’ve been so much more.
February 7, 2010 at 6:18 pm
GSteen: Unfortunately, what you wrote was not a good summary.
The problem is not with the sharing of intellectual property.
To keep it short: It has to do with controlling your security protection.
Rule based analytics, which they claim are inferior, let you set up exactly what you want to detect and when to alert you. Their system also has rules, but they don’t tell you what they are and only they can control them.
Its like having a car with no means of control except a “right” and “wrong” button. It might be great to show off how incredibly smart the car is – but as soon as you want to go someplace, most people are going to want their gas pedal, steering wheel and brakes back, so they can drive the car, instead of just going wherever it takes them.
That’s a real short summary. But understanding the reason this is such a problem is what needed the explanation.
Thanks.
Doug.
February 7, 2010 at 8:56 pm
I think GSteen, is right ’bout the write up. To extend it even Doug’s response is long and winding.
thanks,
kirthi
February 9, 2010 at 12:16 pm
I disagree with the two negative reviews. There was much more than one point to the review. Personally, I would think that if something is “abnormal” it probably would be less risky not more risky. Bad guys try to blend in not stand out. I never thought about bad guys gaming the system as Doug points out so that’s a good point too.
February 10, 2010 at 5:09 pm
Kirthi,
Anyone looking for short tweets should consider dropping this blog. I know quite a number of people are connecting to my blog through Twitter, so this might be the issue here. Short comments are best for Twitter.
My blog is about providing in-depth comments, showing why things work or don’t work in the world of video security, and I try to explain it as clearly as possible. I also try to talk about things I haven’t heard mentioned anywhere else before.
I always appreciate the feedback, however.
Thanks.
Doug.
February 10, 2010 at 5:12 pm
Tom,
Thanks for the comments.
Also, thanks for the point about how bad guys try to blend in. An “abnormal” detector is not going to do well catching them.
Great point.
Thanks.
Doug.
February 16, 2010 at 6:54 pm
Doug, thanks for the concise follow-up and I apologize if I came across as snippy. Without intending to sound pro-BRS Labs, it’s difficult to understand how anyone can provide an objective viewpoint on them when the information at present is so limited. I’d argue that currently it is too early to lean one way or the other, but will continue to follow your tweets when more data is eventually made available. – gs
February 19, 2010 at 8:14 pm
GS,
I agree that there is a real lack of information about their technology and this is probably a much bigger problem for potential customers than I was addressing.
Thanks.
Doug.
May 20, 2010 at 10:03 am
It sounds to me like none of you have actually talked to the folks at BRS Labs &/or seen a demo. They do have rules that can be applied and are definable by the user. Your concerns regarding bad guys trying to fit in and what if the system misses something you thought was important are valid, and challenges for the analytic industry engineers to overcome, but in the meantime – it’s unrealistic to think a human security agent is going to watch 100 cameras and know whats going on in each one of them all the time so….whether its rules based or a combination of behavior & rules based – analytic systems like BRS Labs serve a valuable role. I would recommend each of you call BRS Labs and request a demonstration and in depth conversation about their products. Everybody thought the idea of recording video at 30fps in high resolution and storing it for a year for a reasonable cost was a crock….10years ago! Don’t close your minds to what the future holds for our industry. BRS may not be the ultimate answer but for right now, they’re the only ones I’ve found who are doing it differently and that should be of interest to all security professionals. If any of you can direct me to other manufacturers doing video analytics in a similar way I would be very interested in the referral.
May 20, 2010 at 1:00 pm
Meghan,
Thank you for posting. I like seeing a wide range of responses.
I wanted to let you know that BRS Labs has been difficult to get information from. John Honovich, who reviews IP video products for the industry, has been trying to get a unit from them to test for over a year now, but they refuse to let him try it out. They might have very good reasons for refusing, but this makes it more difficult to find out real information. So, I appreciate what you have let us know.
But I also wanted to let you know that just a week ago I came from a university who was testing the BRS Labs system. They were testing their system side-by-side with our video analytics. So I got to see that they have added rules to their new software, as you said. They didn’t have it originally, but their system has it now.
That’s the right move for them.
I see that they also added the ability to let a user decide when they want to continue seeing an alarm, even if it becomes “normal”. So, they’ve addressed two of the concerns I’ve raised. And now their system is starting to act more like other rules based systems, which as I’ve said makes sense.
By the way, the university who was running their tests were extremely happy with our results. They couldn’t believe how much simpler our system was to set up and that it was working accurately within minutes, without any calibration or tuning.
The BRS Labs takes weeks or longer to learn the environment, while ours does it in a few minutes. Even after weeks, they seem to have far more false alarms than our system, according to the university. When I was there, the person in charge of testing showed me how a beam of sunlight was causing a false alarm for the BRS Labs system. Apparently it thought the beam of light was baggage left behind.
When you ask for other companies doing analytics in a similar way, can you explain what it is you are looking for?
Or, feel free to write to me privately, if you prefer.
Thanks again for posting and sharing your perspective and the information you have about BRS Labs. It is appreciated.
May 20, 2010 at 2:36 pm
Hmmm…I haven’t had any trouble getting information from them so far? We are still in the exploratory process and have not actually seen or been involved with a live install. I am aware that the set up process is longer than with traditional rules based analytics and as I understand it, the “set up” or learning process of their system is ongoing so false alarms can be expected periodically if patterns change like with seasons changing the angle of sun, more rain, snow etc. So initially they would see those things as an anomaly and throw an alarm until a pattern establishes so I can see where that might seem to result in a higher FAR than a rules based system. I think its such a different approach to analytics that the “sell” has to be different. FAR, as we’ve always known it, doesn’t necessarily apply to an intelligence based system and customer expectations need to be massaged to understand the differences in the technologies. The other thing to keep in mind is that the BRS solution is quite a bit more expensive than traditional rules based solutions so I wouldn’t use it in EVERY application for analytics. If all you need to know is did someone cross over that fence – BRS may not be the right system because rules based systems do that very well and currently, more cost effectively. I think a combination of the two types of analytics may be useful for most customers. I am familiar with John Honovich’s site and we are a Corp Member. His reports are great and give us good input when we’re researching a technology. Some of the issues he raises are concerns we’ll be addressing with our conference call next week. At this point, we have several gov’t customers who have an interest in analytics and the behavior based system BRS Labs has is of interest to them so any other “behavior” based systems are what I’m interested in looking at. I’m pretty familiar with the rules based technology already.