Month: June 2018

Risk-Based Security Gets in the Game

Posted on by admin

If you’re coaching a soccer team in the World Cup this summer, you’re going to want to adapt your defensive strategies for each opponent. To stop an aggressive, high-scoring offense, you’ll keep your defenders back and play cautiously. To beat a cagey, clever foe, you’ll apply some pressure to try to force turnovers.

Successful strategists in the security arena face the same kind of tactical issues. The stakes are much higher, of course, but security pros need to deal with their own group of “attackers” who are skillful, resourceful, and motivated to succeed. Soccer coaches can’t deploy a “one-size-fits-all” strategy, and neither can today’s security strategists.

In security, this strategy has a name. It’s called “Risk-Based Security,” RBS for short. If this sounds like a simple, common-sense approach to a serious, complicated issue, it is – sort of. At its core, RBS defines a commitment to flexibility and adaptability to deal with ever-changing threats. It also values the use of “tailored” systems that are designed to mitigate risk, evoke a sense of safety for users, and not present an undue burden on the user population.

The traditional, one-size-fits-all approach to security is cumbersome. It usually involves having security officers physically inspect every person entering a facility, relying heavily on the limited capability of metal detection. This approach provides a service, deflecting obvious traditional threats. But it is costly and slow, and often ineffective without additional capabilities to screen more aggressively.

Security systems that implement a risk-based approach to screening, for example, tend to be more accepted by the public than those that don’t provide any differentiation. A good example of this practice is the TSA PreCheck program. TSA PreCheck leverages a preliminary vetting process that separates “low-risk” passengers from those who are unknown or may require additional screening. By extending the process beyond the airport, TSA has significantly increased the throughput of its PreCheck screening lanes for passengers while mitigating risks and reducing staffing and equipment costs.

A risk-based approach recognizes that while there are no perfect security solutions, those that strategically balance security, access, usability, and cost can ultimately provide the best long- term protection against an evolving adversary.

An effective RBS strategy considers changes in the environment over time, and changes in the risk profile of different groups of people – employees, visitors, and dignitaries – over time. It also puts equal emphasis on technology solutions and more people-focused factors like organizational, managerial, and operational capabilities.

It relies primarily on a short list of components: gauging threats; understanding vulnerabilities; vetting users; identifying users and attaching risk assessments to them and their belongings; routing high-, low- and unknown-risk users through the appropriate security channels; and using equipment to screen personnel and belongings.

A successful risk-based security strategy is reliant on an enterprise approach that not only provides excellent technology to perform physical screening but also ensures that the personnel performing the screening are using the technology appropriately, that people presenting themselves for screening have already been assessed, and those vetted to a higher standard are provided a screening process that is not unduly burdensome.

There is no “silver bullet” or “cookie cutter” enterprise approach. What might work particularly well in office buildings and places of worship, where it is possible to learn more about the regular user, will be different than in public venues where most people presenting themselves may be unknown, and this may present a different threat.

As attackers have expanded their focus, major sporting and public events have become more of a target. The challenge commercial entities have in implementing a risk-based program is two-fold. First, a “known patron” program must be established along with a quick way to validate membership in that program at the entry to the screening system of a facility. Second, a program must tailor the screening process to account for the different risk levels of those entering the venue.

The potential benefits to implementing a risk-based screening program are significant. This approach can create a better experience for known, repeat customers. A risk-based screening program can also improve overall brand perception of a venue by implementing “smart” security solutions. These risk-based solutions help make entering a venue easier while maintaining a level of safety, allowing faster throughput, and thereby mitigating the risk of long queues. Overall security costs can potentially be decreased since people can be screened at a faster rate, requiring less security staff.

Further, while people want the safety that screening systems provide, they do not want to lose the culture, openness, and sense of welcome that make their venue, stadium, or house of worship special. Implementing a risk-based security program provides the best option and allows an organization to tailor a program that fits their culture, so they do not have to sacrifice what they represent for safety.

“One-size-fits-all” security can work in specific, limited situations. But it’s no match for today’s attackers. Successful security strategists, like World Cup contending soccer coaches, make sure they’re prepared. They have their tools, their plans, and their training intact, and they’re ready to defend.

Learn more here about the value of balance, improved security and a better customer experience.

Six Ways to Prevent Soft Targets from Terrorist Attacks

Posted on by admin

We bet five years ago that soft-target attacks would become the favored tactic of terrorists, particularly if ISIS began to lose ground on the battlefield. Unfortunately, we were right.

Many stadium and arena operators no longer allow visitors to bring backpacks or other bags into their venues. Policies like these were instituted to ensure that the venue can balance the need for effective screening with the need to avoid miserably long security lines.

But there’s no getting around it: for anyone wanting to pack an extra sweater, a snack for the baby or raincoat just in case, this is a big deal–a serious degradation of the customer experience. Unfortunately, such are the compromises security professionals have had to make in this post-ISIS era. Soft-target attacks–everything from sophisticated assaults on iconic arenas to lethal “lone wolf” attacks on unsuspecting neighborhood nightclubs—are on the rise, forcing operators of public venues of all sizes to rethink their security strategies. All too often, venues have had to resort to the oldest, bluntest response: hire more security guards and request more police support and do more thorough physical searches.

We all know that’s not a sustainable response. Throwing labor at the problem is costly in the short-term and economically unsustainable in the long-term. It’s not sure to dissuade a determined terrorist, but may impact your brand. After all, your business is to provide a carefree, entertaining experience for your customer—not to turn a night out into what feels like a visit to a hardened military installation. And when customers complain, we all know who will bear the brunt of the pressure. You will.

Therefore, here are six ways that screening technology can protect soft targets from terrorist attacks:

1: Create an Enhanced Visitor Experience – Deliver security at the pace of life. Visitors are not asked to “pause and pose”. Because it uses high-speed millimeter imaging, the system can screen people at walking speed. Since we need to search for mass casualty weapons, there’s no need to empty one’s pockets and purses into “dog bowls”.

2: Don’t Treat All Threats Equal – Our industry responded impressively after 911, with powerful systems designed to find anything a highly trained terrorist could use to attempt a repeat of that infamous day. The unsophisticated lone wolves who carried out most of the more recent soft-target attacks needed powerful weapons and explosives to cause mass casualties. We’ll look for those—not screwdrivers, razor blades, or other everyday objects with minimal potential for terror.

3: Don’t Deploy Security That is All or Nothing. It’s Complicated.  – In the past, the main question for many organizations was whether to deploy screening technology. Like it or not, ISIS has changed that calculation. Now, almost any place where crowds gather can be a target. Look into technology that improves your defenses at all your facilities – whether it is adding another layer of protection to a sports stadium or introducing one to a previously unprotected nightclub or corporate office.

4: Know that Flow Matters – Living in a free society means accepting some risks. Security cannot come at the cost of freedom of movement, freedom from intrusive searches and freedom from inconvenience.

5: Understand that Customer Experience Matters – Minimizing the unpleasantness of screening is not a secondary consideration—not for your customers and visitors, and not for your boss. Our working assumption is that if our technology hurts your ability to retain and attract business, you won’t use it for long. You need to protect your customers and help your business.

6: Consider Future-Proofing Through Software – Powerful software platforms help you easily adjust as new threats emerge. This is crucial to keep you prepared for today’s sophisticated terrorist networks, who use social networks and other tools to quickly share instructions for building more lethal bombs or executing new types of attacks.

It’s time the security industry stepped up with solutions for the reality of today’s world. Our technology is specifically designed to expose the threats behind mass casualty attacks that have become all too common to help your front-line personnel take quick action without inconveniencing your customers.

To learn more, read the three questions security directors need to ask before the next soft target event here.

Security content kit for stadiums and arenas

Lessons Learned from Pulse Nightclub: Modern Threats Require Modern Security Technologies

Posted on by admin

Two years ago, Omar Mateen entered Pulse Nightclub in Orlando, Florida and started shooting. Today, we remember and honor the victims who lost their lives in this terrible act of violence. Here at Evolv, anniversaries such as this one serve as a constant reminder to why we are here and how critical it is to continue our mission to preserve everyone’s fundamental right to be safe in all the places people gather.

In reflecting on what has happened in the two years since Mateen entered Pulse Nightclub, it’s important to first understand the larger trend the physical security industry has been experiencing and how the incident in Orlando fits into that broader shift. We sat down with Evolv CEO and Co-founder, Mike Ellenbogen to discuss how the threat landscape has changed in the past two years and what the industry can learn from the shooting as we look to prevent
future attacks.

Q. Today marks the two-year anniversary of the active shooter incident at Pulse Nightclub. What have we learned?

A. Namely, there’s a need for active shooter security that did not exist 10-15 years ago here in the United States.

According to the FBI, since 2000 there have been 250 active shooter incidents in US with 2017 seeing 30 active shooter incidents – the highest in the past 18 years. The numbers don’t lie – and no matter how you break it down or what angle you look at it from, the fact of the matter is these incidents are not only becoming deadlier but also more frequent.

When Mateen opened fire on the evening of June 12, 2016, it went on record as being the deadliest single gunman mass shooting in United States history. That was until almost a year and a half later, when a gunman opened fire on a crowd of concertgoers at the Route 91 Harvest music festival in Las Vegas, leaving 58 people dead and 851 injured.

If we’ve learned anything in the past two years, it’s that the current security solutions and processes we have in place are not sufficient. Put simply, yesterday’s tools were not designed to address today’s threat landscape.

Q. Talk to me about the threat landscape that exists today.

A. Terrorist attacks and mass shootings have changed the threat landscape drastically. In the old-world paradigm, planes and government buildings were the target. However, in today’s new world paradigm, anything can be a target. We’ve increasingly noticed a shift in attacks that focus on public spaces – think concert venues, transportation hubs and open office campuses. The result is millions of people becoming vulnerable to attacks. The incident at Pulse Nightclub exemplifies this trend to a tee.

Q. What needs to change from a technology perspective to prevent incidents like the next Pulse Nightclub shooting from happening?

A. Despite the fact that attackers have expanded their focus beyond airplanes to include private facilities, public venues, and the transportation infrastructure, we often see the same legacy security technologies and procedures in place, or nothing at all since the old solutions just don’t work for so many locations. We are fighting modern day problems with legacy technologies and that needs to change. We need to fight modern day problems with modern technology and modern thinking.

The Millimeter Wave advanced imaging technology (AIT) systems we see at the airport and walk-through metal detectors serve their purpose in the environment they were built for; however, they were not designed to combat the threats we are encountering outside airports today. At a time when we should be focused on detecting explosives and firearms, old technology is still detecting pocket knives, car keys, and cell phones. We need to move our security response from reactive to proactive to enable an active shooter prevention system/process.

Today there are numerous technologies available at our fingertips that can do remarkable things – from AI to 3D printing. Harnessing these innovations, and applying them to the physical security space, will enable us to provide smarter physical threat detection. That means higher throughput technology, less disruption and expanding the security perimeter beyond the walls of a building.

Q. How can we go about leveraging technologies to combat this new world paradigm? What needs to change from an industry perspective?

A. We need to leverage technology that combines detection, identification and intelligence – not rely on one technology by itself. This functionality will enable night club owners, stadium operators and other professionals charged with keeping us safe to face these safety problems head on.

Machine learning – an advanced form of AI – is the underlying enabling technology to address today’s and tomorrow’s physical security needs in a way that’s reflective of how venues today operate. Machine learning helps the sensors in safety technology become smarter over time.

This enables us to screen more people, more quickly and makes facial recognition and anomaly detection increasingly more accurate. As a result, we can identify people of interest against a collection of millions of known threats. In the case of the Pulse Nightclub shooting, Mateen was known to authorities and his previous encounters with the law resulted in him being put on the terrorist watch list for a period of time. Had AI surveillance technologies been in place, there is a chance he could have been identified prior to entering the club. As the threat landscape continues to evolve, it is important society, and the industry, becomes more comfortable with the use of innovative identity data.

By combining the power of machine learning with smarter sensors and biometrics, we’re empowered to both identify and heighten security against adversaries in real-time. This proactive, technology-driven approach to security allows organizations to focus on what is most important, protecting people by providing security anywhere.

To learn more, read the three questions security directors need to ask before the next soft target event here.

Q&A with Juliette Kayyem, CEO of Zemcar and National Security and Crisis Management Expert

Posted on by admin

We had an opportunity to sit down with Juliette Kayyem, national security & crisis management expert.  Here’s what she had to say—smart connections and breaking down thick wall barrier are the key to 21st century security.

For centuries, security has been achieved mostly through building walls between people and places. Setting up barriers. That model no longer works, says Juliette Kayyem, former Assistant Secretary at the Department of Homeland Security and advisor to Evolv. In today’s interconnected world, we simply can’t build enough walls and barriers to guarantee safety. So what to do?

Q:  With the increase in horrific lone wolf attacks on soft targets—not just obvious targets like sports arenas and concert halls, but also nightclubs and restaurants—it feels like there’s no way to guarantee safety. It’s easy to lose hope, to accept this as the new normal. What’s the right response?

A: The most important thing is to secure the flow of people, goods and ideas. We simply can’t minimize the risk of violence to zero. Our goal has to be to make things safer. Our job is to minimize risk, and to remember what kind of society we want to live in.

Q:  So rather than focus on building barriers thick enough to guarantee safety, we should focus on building barriers that are as thin as possible to deliver the best balance of safety and flow. Is that right?

A: That’s right. In the past, we pretty much gave up on the idea of protecting soft targets. Look at how we protect airports. You can move the perimeter a mile back to make the airport safer, but wherever you stop you’re still surrounded by soft targets.

Q:  So a light layer of security on soft targets is better than no security at all.

A:  Of course. Look, there’s no easy fix, but companies have to understand that their obligation is to create a layered defense to protect their customers and employees and other visitors. There’s way too much of a focus on stop versus go in the security industry. That’s what I like about Evolv. Everyone else is selling stop and go. Evolv is about securing the flow. They’re focusing on flow, not making you decide between stop and go.

Q:  Do you think security professionals are really ready to accept this layered approach, or that some venues will be less secure than others? That’s not what their CEOs—or the public, for that matter—wants to hear.

A:  Of course, security professionals don’t like to talk about this publicly. But when you’re alone in a room with them, they almost always talk honestly about the need for layered defenses. Look, we all know there’s not one solution to all your problems. Think of the head of security for an NFL team. He’s got to balance safety with customer experience—because he already hears about it every time a friend of the owner complains about the fact that it took 14 minutes to get to through security. That’s not going away.

Q: What kinds of companies can benefit the most from Evolv’s approach?

A:  I think Evolv’s products are right for markets that have a lot of competitive pressure and are not highly regulated. Think about well-known restaurants. The time will come when it will be impossible for them, and other companies serving the public, not to have some security.

Q: So why were you an advisor to Evolv?

A: I have the luxury to choose whom I get involved with, but I loved these guys the first time I met them. They are a very committed group of people, and it’s important to me to work with people who want to bring people together—rather than push people apart.

Read more here about how CSO’s no longer need to choose between security and convenience.

Three Questions Security Directors Need to Ask Before the Next Soft-Target Event

Posted on by admin

It’s been more than a year since a suicide bomb was detonated in the foyer of the Manchester Arena. The blast killed twenty-two concert-goers and injured hundreds more. Since then, I have met with security directors from concert halls, stadiums, arenas, sports teams, and convention centers around the world. These security directors are typically asked three questions by their venue owners and managers:

1. How vulnerable are we to this type of attack?

2. What are other venues doing to prevent this type of attack?

3. How can we prevent this type of attack from happening in our venue?

The short answer is, there’s still more to be done.

A typical reaction after the Manchester event was for security directors to reach out to the security consulting industry to help them address these questions. This often included a new or refreshed threat assessment and vulnerability analysis that resulted in identification of security gaps. People, processes, and technology were then evaluated in various combinations to close those gaps.

An initial focus on upskilling people typically includes training to make guards and employees more vigilant and aware of the signs of trouble. This is a quick way to reinforce important skills. Venues will conduct formal internal training, either by bringing in an outside firm or working closely with law enforcement through various programs they offer. Having trained staff is an important part of the overall security plan.

Next, many of these venues step up contact with various sources of intelligence to help them understand and identify the threats to their area, their building, and, if applicable, the people performing at their site. These sources stream in from various federal, state, and local agencies or fusion centers, through a range of companies providing intelligence-as-a-service, and through the venue’s own network of individual contacts. For example, the Joint Terrorism Task Forces in more than 100 U.S. cities and similar international intelligence bodies are a critical component in this fight against terrorism.

The third key piece involves making changes to processes and technology. These may include fortifying the perimeter with bollards, adding “eyes on” such as CCTV cameras, or improving visitor screening operations. Process and technology changes, implemented effectively, can multiply the available forces, enabling significant improvements to both the effectiveness and efficiency of the overall security operation.

Decisions about which security technology should be deployed and what processes to wrap around them are highly dependent on the threats and vulnerabilities of a specific venue. There are some key considerations in this decision:

How vulnerable are we to this type of attack?
A key question is: what threats are we most concerned about? Based on physical layout, crowd concentration, and location, some venues are most concerned with person-borne threats and others are concerned with vehicles used as weapons. The threat of an individual bringing a firearm or explosive device to do harm to a crowd of people is high on most lists. Typically, threats are identified and prioritized within a logical framework including the probability of a given type of event, the impact on the venue and its visitors, and the vulnerability based on current security measures.

What are our operational realities?
One comment we consistently hear loud and clear is that a traditional airport or courthouse “mag and bag” checkpoint security process isn’t a viable solution. Security leaders do not want to create an environment where visitors or fans are required to remove all the items from their pockets and place them into a small white bowl, walk through a screening device, and then re-collect their items and go on their way. A manual search of every bag also significantly slows down the screening process and is intrusive to visitors.

What are the gaps in our security plan?
Firearms and explosive devices concealed on an individual are two concerns high on the list of most security directors. There are thousands of people converging on these venues in a short period of time, often just before the start of a show or beginning of a game. To effectively and efficiently screen each visitor for these types of threats is impractical, if not impossible, using traditional technologies – often a mix of walk through metal detectors, manual bag checks and guards trained to identify known trouble makers. For some venues, it’s canines for explosive detection. Evolv has combined all three of these capabilities into a single high-speed device.

Our formula is simple:

  • Find the threats we care most about: explosive devices and firearms
  • Make the visitor experience as unobtrusive as possible
  • Ensure throughput between 500 to 1,000 people per hour (per security lane)
  • Make it easy for guards or officers to use
  • Ensure it is flexible so that it can be used at multiple locations and in different operational configurations to screen different groups of people

Arenas, performance centers, and stadiums have begun deploying new security screening technologies such as the Evolv Edge, and even more are conducting pilots to understand how best to deploy them. However, too few have taken proactive steps to effectively protect their visitors and fans from today’s threats. Let’s focus on detecting the threats we know are out there.